Import OpenSSL 1.1.0l
This commit is contained in:
Steve Dower
@@ -223,7 +223,7 @@ the section of the configuration file containing certificate extensions
|
||||
to be added when a certificate is issued (defaults to B<x509_extensions>
|
||||
unless the B<-extfile> option is used). If no extension section is
|
||||
present then, a V1 certificate is created. If the extension section
|
||||
is present (even if it is empty), then a V3 certificate is created. See the:w
|
||||
is present (even if it is empty), then a V3 certificate is created. See the
|
||||
L<x509v3_config(5)> manual page for details of the
|
||||
extension section format.
|
||||
|
||||
|
||||
@@ -116,7 +116,7 @@ below.
|
||||
|
||||
=item B<rsa_keygen_bits:numbits>
|
||||
|
||||
The number of bits in the generated key. If not specified 1024 is used.
|
||||
The number of bits in the generated key. If not specified 2048 is used.
|
||||
|
||||
=item B<rsa_keygen_pubexp:value>
|
||||
|
||||
@@ -154,12 +154,12 @@ below.
|
||||
|
||||
=item B<dsa_paramgen_bits:numbits>
|
||||
|
||||
The number of bits in the generated prime. If not specified 1024 is used.
|
||||
The number of bits in the generated prime. If not specified 2048 is used.
|
||||
|
||||
=item B<dsa_paramgen_q_bits:numbits>
|
||||
|
||||
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
|
||||
specified 160 is used.
|
||||
specified 224 is used.
|
||||
|
||||
=item B<dsa_paramgen_md:digest>
|
||||
|
||||
@@ -178,7 +178,7 @@ or B<sha256> if it is 256.
|
||||
|
||||
=item B<dh_paramgen_prime_len:numbits>
|
||||
|
||||
The number of bits in the prime parameter B<p>. The default is 1024.
|
||||
The number of bits in the prime parameter B<p>. The default is 2048.
|
||||
|
||||
=item B<dh_paramgen_subprime_len:numbits>
|
||||
|
||||
@@ -289,7 +289,7 @@ OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -109,7 +109,12 @@ L<ERR_get_error(3)>.
|
||||
The RSA_padding_check_PKCS1_type_2() padding check leaks timing
|
||||
information which can potentially be used to mount a Bleichenbacher
|
||||
padding oracle attack. This is an inherent weakness in the PKCS #1
|
||||
v1.5 padding design. Prefer PKCS1_OAEP padding.
|
||||
v1.5 padding design. Prefer PKCS1_OAEP padding. Otherwise it can
|
||||
be recommended to pass zero-padded B<f>, so that B<fl> equals to
|
||||
B<rsa_len>, and if fixed by protocol, B<tlen> being set to the
|
||||
expected length. In such case leakage would be minimal, it would
|
||||
take attacker's ability to observe memory access pattern with byte
|
||||
granilarity as it occurs, post-factum timing analysis won't do.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
|
||||
@@ -112,14 +112,17 @@ thread has completed.
|
||||
|
||||
=item SSL_ERROR_SYSCALL
|
||||
|
||||
Some non-recoverable I/O error occurred.
|
||||
The OpenSSL error queue may contain more information on the error.
|
||||
For socket I/O on Unix systems, consult B<errno> for details.
|
||||
Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may
|
||||
contain more information on the error. For socket I/O on Unix systems, consult
|
||||
B<errno> for details. If this error occurs then no further I/O operations should
|
||||
be performed on the connection and SSL_shutdown() must not be called.
|
||||
|
||||
=item SSL_ERROR_SSL
|
||||
|
||||
A failure in the SSL library occurred, usually a protocol error. The
|
||||
OpenSSL error queue contains more information on the error.
|
||||
A non-recoverable, fatal error in the SSL library occurred, usually a protocol
|
||||
error. The OpenSSL error queue contains more information on the error. If this
|
||||
error occurs then no further I/O operations should be performed on the
|
||||
connection and SSL_shutdown() must not be called.
|
||||
|
||||
=back
|
||||
|
||||
@@ -133,7 +136,7 @@ SSL_ERROR_WANT_ASYNC was added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
|
||||
a currently open session is considered closed and good and will be kept in the
|
||||
session cache for further reuse.
|
||||
|
||||
Note that SSL_shutdown() must not be called if a previous fatal error has
|
||||
occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL
|
||||
or SSL_ERROR_SSL.
|
||||
|
||||
The shutdown procedure consists of 2 steps: the sending of the "close notify"
|
||||
shutdown alert and the reception of the peer's "close notify" shutdown
|
||||
alert. According to the TLS standard, it is acceptable for an application
|
||||
@@ -122,7 +126,7 @@ L<ssl(3)>, L<bio(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
Reference in New Issue
Block a user