ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update to OpenSSL 1.0.2.o

Browse Source
This commit is contained in:
Steve Dower
2018-04-13 17:29:45 +00:00
parent ccd3ab4aff
commit 4933cd8231
386 changed files with 5623 additions and 2984 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
doc/apps/asn1parse.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-asn1parse,
asn1parse - ASN.1 parsing tool
=head1 SYNOPSIS

5
doc/apps/ca.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-ca,
ca - sample minimal CA application
=head1 SYNOPSIS
@@ -423,6 +424,10 @@ versions of OpenSSL. However, to make CA certificate roll-over easier,
it's recommended to use the value B<no>, especially if combined with
the B<-selfsign> command line option.
Note that it is valid in some circumstances for certificates to be created
without any subject. In the case where there are multiple certificates without
subjects this does not count as a duplicate.
=item B<serial>
a text file containing the next serial number to use in hex. Mandatory.

4
doc/apps/ciphers.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ciphers,
ciphers - SSL cipher display and cipher list tool.
=head1 SYNOPSIS
@@ -179,7 +180,8 @@ When in doubt, include B<!aNULL> in your cipherlist.
=item B<kRSA>, B<RSA>
cipher suites using RSA key exchange.
cipher suites using RSA key exchange or authentication. B<RSA> is an alias for
B<kRSA>.
=item B<kDHr>, B<kDHd>, B<kDH>

1
doc/apps/cms.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-cms,
cms - CMS utility
=head1 SYNOPSIS

3
doc/apps/config.pod
View File

@@ -47,7 +47,8 @@ or B<${section::name}>. By using the form B<$ENV::name> environment
variables can be substituted. It is also possible to assign values to
environment variables by using the name B<ENV::name>, this will work
if the program looks up environment variables using the B<CONF> library
instead of calling B<getenv()> directly.
instead of calling B<getenv()> directly. The value string must not exceed 64k in
length after variable expansion. Otherwise an error will occur.
It is possible to escape certain characters by using any kind of quote
or the B<\> character. By making the last character of a line a B<\>

1
doc/apps/crl.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-crl,
crl - CRL utility
=head1 SYNOPSIS

1
doc/apps/crl2pkcs7.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-crl2pkcs7,
crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
=head1 SYNOPSIS

1
doc/apps/dgst.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-dgst,
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests
=head1 SYNOPSIS

1
doc/apps/dhparam.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-dhparam,
dhparam - DH parameter manipulation and generation
=head1 SYNOPSIS

1
doc/apps/dsa.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-dsa,
dsa - DSA key processing
=head1 SYNOPSIS

1
doc/apps/dsaparam.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-dsaparam,
dsaparam - DSA parameter manipulation and generation
=head1 SYNOPSIS

1
doc/apps/ec.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ec,
ec - EC key processing
=head1 SYNOPSIS

5
doc/apps/ecparam.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ecparam,
ecparam - EC parameter manipulation and generation
=head1 SYNOPSIS
@@ -85,8 +86,8 @@ currently implemented EC parameters names and exit.
=item B<-conv_form>
This specifies how the points on the elliptic curve are converted
into octet strings. Possible values are: B<compressed> (the default
value), B<uncompressed> and B<hybrid>. For more information regarding
into octet strings. Possible values are: B<compressed>, B<uncompressed> (the
default value) and B<hybrid>. For more information regarding
the point conversion forms please read the X9.62 standard.
B<Note> Due to patent issues the B<compressed> option is disabled
by default for binary curves and can be enabled by defining

1
doc/apps/enc.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-enc,
enc - symmetric cipher routines
=head1 SYNOPSIS

1
doc/apps/errstr.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-errstr,
errstr - lookup error codes
=head1 SYNOPSIS

1
doc/apps/gendsa.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-gendsa,
gendsa - generate a DSA private key from a set of parameters
=head1 SYNOPSIS

1
doc/apps/genpkey.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-genpkey,
genpkey - generate a private key
=head1 SYNOPSIS

35
doc/apps/genrsa.pod
View File

@@ -2,16 +2,21 @@
=head1 NAME
openssl-genrsa,
genrsa - generate an RSA private key
=head1 SYNOPSIS
B<openssl> B<genrsa>
[B<-help>]
[B<-out filename>]
[B<-passout arg>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-aria128>]
[B<-aria192>]
[B<-aria256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
@@ -32,17 +37,21 @@ The B<genrsa> command generates an RSA private key.
=over 4
=item B<-help>
Print out a usage message.
=item B<-out filename>
the output filename. If this argument is not specified then standard output is
used.
Output the key to the specified file. If this argument is not specified then
standard output is used.
=item B<-passout arg>
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
These options encrypt the private key with specified
cipher before outputting it. If none of these options is
@@ -56,8 +65,8 @@ the public exponent to use, either 65537 or 3. The default is 65537.
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
Multiple files can be specified separated by a OS-dependent character.
generator, or an EGD socket (see L<RAND_egd(3)>).
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
@@ -71,7 +80,7 @@ for all available algorithms.
=item B<numbits>
the size of the private key to generate in bits. This must be the last option
specified. The default is 512.
specified. The default is 2048.
=back
@@ -96,7 +105,15 @@ be much larger (typically 1024 bits).
=head1 SEE ALSO
L<gendsa(1)|gendsa(1)>
L<gendsa(1)>
=head1 COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

1
doc/apps/nseq.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-nseq,
nseq - create or examine a netscape certificate sequence
=head1 SYNOPSIS

1
doc/apps/ocsp.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ocsp,
ocsp - Online Certificate Status Protocol utility
=head1 SYNOPSIS

1
doc/apps/passwd.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-passwd,
passwd - compute password hashes
=head1 SYNOPSIS

1
doc/apps/pkcs12.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-pkcs12,
pkcs12 - PKCS#12 file utility
=head1 SYNOPSIS

1
doc/apps/pkcs7.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-pkcs7,
pkcs7 - PKCS#7 utility
=head1 SYNOPSIS

1
doc/apps/pkcs8.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-pkcs8,
pkcs8 - PKCS#8 format private key conversion tool
=head1 SYNOPSIS

1
doc/apps/pkey.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-pkey,
pkey - public or private key processing tool
=head1 SYNOPSIS

1
doc/apps/pkeyparam.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-pkeyparam,
pkeyparam - public key algorithm parameter processing tool
=head1 SYNOPSIS

1
doc/apps/pkeyutl.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-pkeyutl,
pkeyutl - public key algorithm utility
=head1 SYNOPSIS

1
doc/apps/rand.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-rand,
rand - generate pseudo-random bytes
=head1 SYNOPSIS

4
doc/apps/req.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-req,
req - PKCS#10 certificate request and certificate generating utility.
=head1 SYNOPSIS
@@ -237,6 +238,9 @@ a self signed root CA. The extensions added to the certificate
using the B<set_serial> option, a large random number will be used for
the serial number.
If existing request is specified with the B<-in> option, it is converted
to the self signed certificate otherwise new request is created.
=item B<-days n>
when the B<-x509> option is being used this specifies the number of

1
doc/apps/rsa.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-rsa,
rsa - RSA key processing tool
=head1 SYNOPSIS

3
doc/apps/rsautl.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-rsautl,
rsautl - RSA utility
=head1 SYNOPSIS
@@ -105,7 +106,7 @@ Recover the signed data
Examine the raw signed data:
openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................

20
doc/apps/s_client.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-s_client,
s_client - SSL/TLS client program
=head1 SYNOPSIS
@@ -42,6 +43,8 @@ B<openssl> B<s_client>
[B<-no_tls1_2>]
[B<-fallback_scsv>]
[B<-bugs>]
[B<-sigalgs sigalglist>]
[B<-curves curvelist>]
[B<-cipher cipherlist>]
[B<-serverpref>]
[B<-starttls protocol>]
@@ -195,12 +198,14 @@ Can be used to override the implicit B<-ign_eof> after B<-quiet>.
=item B<-psk_identity identity>
Use the PSK identity B<identity> when using a PSK cipher suite.
The default value is "Client_identity" (without the quotes).
=item B<-psk key>
Use the PSK key B<key> when using a PSK cipher suite. The key is
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
This option must be provided in order to use a PSK cipher.
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
@@ -217,6 +222,19 @@ Send TLS_FALLBACK_SCSV in the ClientHello.
there are several known bug in SSL and TLS implementations. Adding this
option enables various workarounds.
=item B<-sigalgs sigalglist>
Specifies the list of signature algorithms that are sent by the client.
The server selects one entry in the list based on its preferences.
For example strings, see L<SSL_CTX_set1_sigalgs(3)>
=item B<-curves curvelist>
Specifies the list of supported curves to be sent by the client. The curve is
is ultimately selected by the server. For a list of all curves, use:
$ openssl ecparam -list_curves
=item B<-cipher cipherlist>
this allows the cipher list sent by the client to be modified. Although
@@ -232,7 +250,7 @@ use the server's cipher preferences; only used for SSLV2.
send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only
supported keywords are "smtp", "pop3", "imap", and "ftp".
supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp".
=item B<-tlsextdebug>

20
doc/apps/s_server.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-s_server,
s_server - SSL/TLS server program
=head1 SYNOPSIS
@@ -35,6 +36,8 @@ B<openssl> B<s_server>
[B<-CAfile filename>]
[B<-no_alt_chains>]
[B<-nocert>]
[B<-client_sigalgs sigalglist>]
[B<-named_curve curve>]
[B<-cipher cipherlist>]
[B<-serverpref>]
[B<-quiet>]
@@ -217,6 +220,7 @@ Use the PSK identity hint B<hint> when using a PSK cipher suite.
Use the PSK key B<key> when using a PSK cipher suite. The key is
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
This option must be provided in order to use a PSK cipher.
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
@@ -234,6 +238,18 @@ option enables various workarounds.
this option enables a further workaround for some some early Netscape
SSL code (?).
=item B<-client_sigalgs sigalglist>
Signature algorithms to support for client certificate authentication
(colon-separated list)
=item B<-named_curve curve>
Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
For a list of all possible curves, use:
$ openssl ecparam -list_curves
=item B<-cipher cipherlist>
this allows the cipher list used by the server to be modified. When
@@ -389,10 +405,6 @@ a web browser the command:
can be used for example.
Most web browsers (in particular Netscape and MSIE) only support RSA cipher
suites, so they cannot connect to servers which don't use a certificate
carrying an RSA key or a version of OpenSSL with RSA disabled.
Although specifying an empty list of CAs when requesting a client certificate
is strictly speaking a protocol violation, some SSL clients interpret this to
mean any CA is acceptable. This is useful for debugging purposes.

1
doc/apps/s_time.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-s_time,
s_time - SSL/TLS performance timing program
=head1 SYNOPSIS

1
doc/apps/sess_id.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-sess_id,
sess_id - SSL/TLS session handling utility
=head1 SYNOPSIS

1
doc/apps/smime.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-smime,
smime - S/MIME utility
=head1 SYNOPSIS

1
doc/apps/speed.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-speed,
speed - test library performance
=head1 SYNOPSIS

1
doc/apps/spkac.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-spkac,
spkac - SPKAC printing and generating utility
=head1 SYNOPSIS

1
doc/apps/ts.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ts,
ts - Time Stamping Authority tool (client/server)
=head1 SYNOPSIS

1
doc/apps/tsget.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-tsget,
tsget - Time Stamping HTTP/HTTPS client
=head1 SYNOPSIS

5
doc/apps/verify.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-verify,
verify - Utility to verify certificates.
=head1 SYNOPSIS
@@ -14,7 +15,7 @@ B<openssl> B<verify>
[B<-ignore_critical>]
[B<-attime timestamp>]
[B<-check_ss_sig>]
[B<-crlfile file>]
[B<-CRLfile file>]
[B<-crl_download>]
[B<-crl_check>]
[B<-crl_check_all>]
@@ -68,7 +69,7 @@ current system time. B<timestamp> is the number of seconds since
Verify the signature on the self-signed root CA. This is disabled by default
because it doesn't add any security.
=item B<-crlfile file>
=item B<-CRLfile file>
File containing one or more CRL's (in PEM format) to load.

1
doc/apps/version.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-version,
version - print OpenSSL version information
=head1 SYNOPSIS

19
doc/apps/x509.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
openssl-x509,
x509 - Certificate display and signing utility
=head1 SYNOPSIS
@@ -224,8 +225,11 @@ non-zero if yes it will expire or zero if not.
=item B<-fingerprint>
prints out the digest of the DER encoded version of the whole certificate
(see digest options).
Calculates and outputs the digest of the DER encoded version of the entire
certificate (see digest options).
This is commonly called a "fingerprint". Because of the nature of message
digests, the fingerprint of a certificate is unique to that certificate and
two certificates with the same fingerprint can be considered to be the same.
=item B<-C>
@@ -673,10 +677,6 @@ supporting UTF8:
openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
Display the certificate MD5 fingerprint:
openssl x509 -in cert.pem -noout -fingerprint
Display the certificate SHA1 fingerprint:
openssl x509 -sha1 -in cert.pem -noout -fingerprint
@@ -730,13 +730,6 @@ T61Strings use the ISO8859-1 character set. This is wrong but Netscape
and MSIE do this as do many certificates. So although this is incorrect
it is more likely to display the majority of certificates correctly.
The B<-fingerprint> option takes the digest of the DER encoded certificate.
This is commonly called a "fingerprint". Because of the nature of message
digests the fingerprint of a certificate is unique to that certificate and
two certificates with the same fingerprint can be considered to be the same.
The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
The B<-email> option searches the subject name and the subject alternative
name extension. Only unique email addresses will be printed out: it will
not print the same address more than once.

4
doc/crypto/ASN1_STRING_length.pod
View File

@@ -66,8 +66,8 @@ utility functions should be used instead.
In general it cannot be assumed that the data returned by ASN1_STRING_data()
is null terminated or does not contain embedded nulls. The actual format
of the data will depend on the actual string type itself: for example
for and IA5String the data will be ASCII, for a BMPString two bytes per
character in big endian format, UTF8String will be in UTF8 format.
for an IA5String the data will be ASCII, for a BMPString two bytes per
character in big endian format, and for an UTF8String it will be in UTF8 format.
Similar care should be take to ensure the data is in the correct format
when calling ASN1_STRING_set().

4
doc/crypto/BIO_s_mem.pod
View File

@@ -50,14 +50,14 @@ zero then it will return B<v> when it is empty and it will set the read retry
flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
positive return value B<v> should be set to a negative value, typically -1.
BIO_get_mem_data() sets B<pp> to a pointer to the start of the memory BIOs data
BIO_get_mem_data() sets *B<pp> to a pointer to the start of the memory BIOs data
and returns the total amount of data available. It is implemented as a macro.
BIO_set_mem_buf() sets the internal BUF_MEM structure to B<bm> and sets the
close flag to B<c>, that is B<c> should be either BIO_CLOSE or BIO_NOCLOSE.
It is a macro.
BIO_get_mem_ptr() places the underlying BUF_MEM structure in B<pp>. It is
BIO_get_mem_ptr() places the underlying BUF_MEM structure in *B<pp>. It is
a macro.
BIO_new_mem_buf() creates a memory BIO using B<len> bytes of data at B<buf>,

5
doc/crypto/BN_bn2bin.pod
View File

@@ -70,8 +70,9 @@ BN_bn2bin() returns the length of the big-endian number placed at B<to>.
BN_bin2bn() returns the B<BIGNUM>, NULL on error.
BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
on error. BN_hex2bn() and BN_dec2bn() return the number's length in
hexadecimal or decimal digits, and 0 on error.
on error. BN_hex2bn() and BN_dec2bn() return the number of characters
used in parsing, or 0 on error, in which
case no new B<BIGNUM> will be created.
BN_print_fp() and BN_print() return 1 on success, 0 on write errors.

4
doc/crypto/BN_new.pod
View File

@@ -30,10 +30,12 @@ to the value 0.
BN_free() frees the components of the B<BIGNUM>, and if it was created
by BN_new(), also the structure itself. BN_clear_free() additionally
overwrites the data before the memory is returned to the system.
If B<a> is NULL, nothing is done.
=head1 RETURN VALUES
BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails,
BN_new() returns a pointer to the B<BIGNUM> initialised to the value 0.
If the allocation fails,
it returns B<NULL> and sets an error code that can be obtained
by L<ERR_get_error(3)|ERR_get_error(3)>.

21
doc/crypto/BN_zero.pod
View File

@@ -14,34 +14,37 @@ operations
const BIGNUM *BN_value_one(void);
int BN_set_word(BIGNUM *a, unsigned long w);
unsigned long BN_get_word(BIGNUM *a);
int BN_set_word(BIGNUM *a, BN_ULONG w);
BN_ULONG BN_get_word(BIGNUM *a);
=head1 DESCRIPTION
B<BN_ULONG> is a macro that will be an unsigned integral type optimied
for the most efficient implementation on the local platform.
BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
B<w> respectively. BN_zero() and BN_one() are macros.
BN_value_one() returns a B<BIGNUM> constant of value 1. This constant
is useful for use in comparisons and assignment.
BN_get_word() returns B<a>, if it can be represented as an unsigned
long.
BN_get_word() returns B<a>, if it can be represented as a B<BN_ULONG>.
=head1 RETURN VALUES
BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
be represented as an unsigned long.
BN_get_word() returns the value B<a>, or all-bits-set if B<a> cannot
be represented as a B<BN_ULONG>.
BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise.
BN_value_one() returns the constant.
=head1 BUGS
Someone might change the constant.
If a B<BIGNUM> is equal to the value of all-bits-set, it will collide
with the error condition returned by BN_get_word() which uses that
as an error value.
If a B<BIGNUM> is equal to 0xffffffffL it can be represented as an
unsigned long but this value is also returned on error.
B<BN_ULONG> should probably be a typedef.
=head1 SEE ALSO

32
doc/crypto/EVP_EncryptInit.pod
View File

@@ -19,14 +19,17 @@ EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
EVP_CIPHER_CTX_set_padding, EVP_enc_null, EVP_des_cbc, EVP_des_ecb,
EVP_des_cfb, EVP_des_ofb, EVP_des_ede_cbc, EVP_des_ede, EVP_des_ede_ofb,
EVP_des_ede_cfb, EVP_des_ede3_cbc, EVP_des_ede3, EVP_des_ede3_ofb,
EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_idea_cbc,
EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_idea_cbc, EVP_rc2_cbc,
EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5,
EVP_idea_cbc, EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_rc2_cbc,
EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc,
EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc,
EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, EVP_rc5_32_12_16_cbc,
EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ofb,
EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm,
EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
EVP_aes_192_ccm, EVP_aes_256_ccm,
EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1,
EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256
- EVP cipher routines
=head1 SYNOPSIS
@@ -35,38 +38,38 @@ EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
ENGINE *impl, const unsigned char *key, const unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int *outl, const unsigned char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
ENGINE *impl, const unsigned char *key, const unsigned char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int *outl, const unsigned char *in, int inl);
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int *outl, const unsigned char *in, int inl);
int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv);
const unsigned char *key, const unsigned char *iv);
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv);
const unsigned char *key, const unsigned char *iv);
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv, int enc);
const unsigned char *key, const unsigned char *iv, int enc);
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
@@ -392,10 +395,7 @@ processed (e.g. after an EVP_EncryptFinal() call).
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
Sets the expected tag to B<taglen> bytes from B<tag>. This call is only legal
when decrypting data and must be made B<before> any data is processed (e.g.
before any EVP_DecryptUpdate() call).
See L<EXAMPLES> below for an example of the use of GCM mode.
when decrypting data.
=head1 CCM Mode

376
doc/crypto/EVP_PKEY_meth_new.pod Normal file
View File

@@ -0,0 +1,376 @@
=pod
=head1 NAME
EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find,
EVP_PKEY_meth_add0, EVP_PKEY_METHOD,
EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup,
EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign,
EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx,
EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt,
EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl,
EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup,
EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign,
EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx,
EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt,
EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl
- manipulating EVP_PKEY_METHOD structure
=head1 SYNOPSIS
#include <openssl/evp.h>
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
int (*init) (EVP_PKEY_CTX *ctx));
void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
int (*copy) (EVP_PKEY_CTX *dst,
EVP_PKEY_CTX *src));
void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
void (*cleanup) (EVP_PKEY_CTX *ctx));
void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
int (*paramgen_init) (EVP_PKEY_CTX *ctx),
int (*paramgen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey));
void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
int (*keygen_init) (EVP_PKEY_CTX *ctx),
int (*keygen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey));
void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
int (*sign_init) (EVP_PKEY_CTX *ctx),
int (*sign) (EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs,
size_t tbslen));
void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
int (*verify_init) (EVP_PKEY_CTX *ctx),
int (*verify) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
size_t siglen,
const unsigned char *tbs,
size_t tbslen));
void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
int (*verify_recover_init) (EVP_PKEY_CTX
*ctx),
int (*verify_recover) (EVP_PKEY_CTX
*ctx,
unsigned char
*sig,
size_t *siglen,
const unsigned
char *tbs,
size_t tbslen));
void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
int (*signctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (*signctx) (EVP_PKEY_CTX *ctx,
unsigned char *sig,
size_t *siglen,
EVP_MD_CTX *mctx));
void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (*verifyctx) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
int siglen,
EVP_MD_CTX *mctx));
void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
int (*encrypt_init) (EVP_PKEY_CTX *ctx),
int (*encryptfn) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen));
void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
int (*decrypt_init) (EVP_PKEY_CTX *ctx),
int (*decrypt) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen));
void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
int (*derive_init) (EVP_PKEY_CTX *ctx),
int (*derive) (EVP_PKEY_CTX *ctx,
unsigned char *key,
size_t *keylen));
void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
void *p2),
int (*ctrl_str) (EVP_PKEY_CTX *ctx,
const char *type,
const char *value));
void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
int (**pinit) (EVP_PKEY_CTX *ctx));
void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
int (**pcopy) (EVP_PKEY_CTX *dst,
EVP_PKEY_CTX *src));
void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
void (**pcleanup) (EVP_PKEY_CTX *ctx));
void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
int (**pparamgen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey));
void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
int (**pkeygen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey));
void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
int (**psign_init) (EVP_PKEY_CTX *ctx),
int (**psign) (EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
int (**pverify_init) (EVP_PKEY_CTX *ctx),
int (**pverify) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
size_t siglen,
const unsigned char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
int (**pverify_recover_init) (EVP_PKEY_CTX
*ctx),
int (**pverify_recover) (EVP_PKEY_CTX
*ctx,
unsigned char
*sig,
size_t *siglen,
const unsigned
char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
int (**psignctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**psignctx) (EVP_PKEY_CTX *ctx,
unsigned char *sig,
size_t *siglen,
EVP_MD_CTX *mctx));
void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**pverifyctx) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
int siglen,
EVP_MD_CTX *mctx));
void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
int (**pencryptfn) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen));
void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
int (**pdecrypt) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen));
void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
int (**pderive_init) (EVP_PKEY_CTX *ctx),
int (**pderive) (EVP_PKEY_CTX *ctx,
unsigned char *key,
size_t *keylen));
void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
void *p2),
int (**pctrl_str) (EVP_PKEY_CTX *ctx,
const char *type,
const char *value));
=head1 DESCRIPTION
B<EVP_PKEY_METHOD> is a structure which holds a set of methods for a
specific public key cryptographic algorithm. Those methods are usually
used to perform different jobs, such as generating a key, signing or
verifying, encrypting or decrypting, etc.
There are two places where the B<EVP_PKEY_METHOD> objects are stored: one
is a built-in static array representing the standard methods for different
algorithms, and the other one is a stack of user-defined application-specific
methods, which can be manipulated by using L<EVP_PKEY_meth_add0(3)>.
The B<EVP_PKEY_METHOD> objects are usually referenced by B<EVP_PKEY_CTX>
objects.
=head2 Methods
The methods are the underlying implementations of a particular public key
algorithm present by the B<EVP_PKEY_CTX> object.
int (*init) (EVP_PKEY_CTX *ctx);
int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
void (*cleanup) (EVP_PKEY_CTX *ctx);
The init() method is called to initialize algorithm-specific data when a new
B<EVP_PKEY_CTX> is created. As opposed to init(), the cleanup() method is called
when an B<EVP_PKEY_CTX> is freed. The copy() method is called when an B<EVP_PKEY_CTX>
is being duplicated. Refer to L<EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_CTX_new_id(3)>,
L<EVP_PKEY_CTX_free(3)> and L<EVP_PKEY_CTX_dup(3)>.
int (*paramgen_init) (EVP_PKEY_CTX *ctx);
int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
The paramgen_init() and paramgen() methods deal with key parameter generation.
They are called by L<EVP_PKEY_paramgen_init(3)> and L<EVP_PKEY_paramgen(3)> to
handle the parameter generation process.
int (*keygen_init) (EVP_PKEY_CTX *ctx);
int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
The keygen_init() and keygen() methods are used to generate the actual key for
the specified algorithm. They are called by L<EVP_PKEY_keygen_init(3)> and
L<EVP_PKEY_keygen(3)>.
int (*sign_init) (EVP_PKEY_CTX *ctx);
int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen);
The sign_init() and sign() methods are used to generate the signature of a
piece of data using a private key. They are called by L<EVP_PKEY_sign_init(3)>
and L<EVP_PKEY_sign(3)>.
int (*verify_init) (EVP_PKEY_CTX *ctx);
int (*verify) (EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen);
The verify_init() and verify() methods are used to verify whether a signature is
valid. They are called by L<EVP_PKEY_verify_init(3)> and L<EVP_PKEY_verify(3)>.
int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
int (*verify_recover) (EVP_PKEY_CTX *ctx,
unsigned char *rout, size_t *routlen,
const unsigned char *sig, size_t siglen);
The verify_recover_init() and verify_recover() methods are used to verify a
signature and then recover the digest from the signature (for instance, a
signature that was generated by RSA signing algorithm). They are called by
L<EVP_PKEY_verify_recover_init(3)> and L<EVP_PKEY_verify_recover(3)>.
int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
EVP_MD_CTX *mctx);
The signctx_init() and signctx() methods are used to sign a digest present by
a B<EVP_MD_CTX> object. They are called by the EVP_DigestSign functions. See
L<EVP_DigestSignInit(3)> for detail.
int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
EVP_MD_CTX *mctx);
The verifyctx_init() and verifyctx() methods are used to verify a signature
against the data in a B<EVP_MD_CTX> object. They are called by the various
EVP_DigestVerify functions. See L<EVP_DigestVerifyInit(3)> for detail.
int (*encrypt_init) (EVP_PKEY_CTX *ctx);
int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen);
The encrypt_init() and encrypt() methods are used to encrypt a piece of data.
They are called by L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)>.
int (*decrypt_init) (EVP_PKEY_CTX *ctx);
int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen);
The decrypt_init() and decrypt() methods are used to decrypt a piece of data.
They are called by L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>.
int (*derive_init) (EVP_PKEY_CTX *ctx);
int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
The derive_init() and derive() methods are used to derive the shared secret
from a public key algorithm (for instance, the DH algorithm). They are called by
L<EVP_PKEY_derive_init(3)> and L<EVP_PKEY_derive(3)>.
int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
The ctrl() and ctrl_str() methods are used to adjust algorithm-specific
settings. See L<EVP_PKEY_CTX_ctrl(3)> and related functions for detail.
int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen);
int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen);
The digestsign() and digestverify() methods are used to generate or verify
a signature in a one-shot mode. They could be called by L<EVP_DigetSign(3)>
and L<EVP_DigestVerify(3)>.
=head2 Functions
EVP_PKEY_meth_new() creates and returns a new B<EVP_PKEY_METHOD> object,
and associates the given B<id> and B<flags>. The following flags are
supported:
EVP_PKEY_FLAG_AUTOARGLEN
EVP_PKEY_FLAG_SIGCTX_CUSTOM
If an B<EVP_PKEY_METHOD> is set with the B<EVP_PKEY_FLAG_AUTOARGLEN> flag, the
maximum size of the output buffer will be automatically calculated or checked
in corresponding EVP methods by the EVP framework. Thus the implementations of
these methods don't need to care about handling the case of returning output
buffer size by themselves. For details on the output buffer size, refer to
L<EVP_PKEY_sign(3)>.
The B<EVP_PKEY_FLAG_SIGCTX_CUSTOM> is used to indicate the signctx() method
of an B<EVP_PKEY_METHOD> is always called by the EVP framework while doing a
digest signing operation by calling L<EVP_DigestSignFinal(3)>.
EVP_PKEY_meth_free() frees an existing B<EVP_PKEY_METHOD> pointed by
B<pmeth>.
EVP_PKEY_meth_copy() copies an B<EVP_PKEY_METHOD> object from B<src>
to B<dst>.
EVP_PKEY_meth_find() finds an B<EVP_PKEY_METHOD> object with the B<id>.
This function first searches through the user-defined method objects and
then the built-in objects.
EVP_PKEY_meth_add0() adds B<pmeth> to the user defined stack of methods.
The EVP_PKEY_meth_set functions set the corresponding fields of
B<EVP_PKEY_METHOD> structure with the arguments passed.
The EVP_PKEY_meth_get functions get the corresponding fields of
B<EVP_PKEY_METHOD> structure to the arguments provided.
=head1 RETURN VALUES
EVP_PKEY_meth_new() returns a pointer to a new B<EVP_PKEY_METHOD>
object or returns NULL on error.
EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values.
EVP_PKEY_meth_find() returns a pointer to the found B<EVP_PKEY_METHOD>
object or returns NULL if not found.
EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0
if an error occurred.
All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return
values. For the 'get' functions, function pointers are returned by
arguments.
=head1 COPYRIGHT
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

7
doc/crypto/RSA_padding_add_PKCS1_type_1.pod
View File

@@ -104,6 +104,13 @@ The RSA_padding_check_xxx() functions return the length of the
recovered data, -1 on error. Error codes can be obtained by calling
L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 WARNING
The RSA_padding_check_PKCS1_type_2() padding check leaks timing
information which can potentially be used to mount a Bleichenbacher
padding oracle attack. This is an inherent weakness in the PKCS #1
v1.5 padding design. Prefer PKCS1_OAEP padding.
=head1 SEE ALSO
L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,

4
doc/crypto/RSA_private_encrypt.pod
View File

@@ -8,10 +8,10 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations
#include <openssl/rsa.h>
int RSA_private_encrypt(int flen, unsigned char *from,
int RSA_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_public_decrypt(int flen, unsigned char *from,
int RSA_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
=head1 DESCRIPTION

11
doc/crypto/RSA_public_encrypt.pod
View File

@@ -8,10 +8,10 @@ RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
#include <openssl/rsa.h>
int RSA_public_encrypt(int flen, unsigned char *from,
int RSA_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_private_decrypt(int flen, unsigned char *from,
int RSA_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
=head1 DESCRIPTION
@@ -67,6 +67,13 @@ recovered plaintext.
On error, -1 is returned; the error codes can be
obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 WARNING
Decryption failures in the RSA_PKCS1_PADDING mode leak information
which can potentially be used to mount a Bleichenbacher padding oracle
attack. This is an inherent weakness in the PKCS #1 v1.5 padding
design. Prefer RSA_PKCS1_OAEP_PADDING.
=head1 CONFORMING TO
SSL, PKCS #1 v2.0

2
doc/crypto/X509_STORE_CTX_new.pod
View File

@@ -41,7 +41,7 @@ is no longer valid.
X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only
good for one call to X509_verify_cert(); if you want to verify a second
certificate with the same B<ctx> then you must call X509_XTORE_CTX_cleanup()
certificate with the same B<ctx> then you must call X509_STORE_CTX_cleanup()
and then X509_STORE_CTX_init() again before the second call to
X509_verify_cert(). The trusted certificate store is set to B<store>, the end
entity certificate to be verified is set to B<x509> and a set of additional

24
doc/crypto/X509_VERIFY_PARAM_set_flags.pod
View File

@@ -203,6 +203,27 @@ chain found is not trusted, then OpenSSL will continue to check to see if an
alternative chain can be found that is trusted. With this flag set the behaviour
will match that of OpenSSL versions prior to 1.0.2b.
The B<X509_V_FLAG_TRUSTED_FIRST> flag causes chain construction to look for
issuers in the trust store before looking at the untrusted certificates
provided as part of the the peer chain.
Though it is not on by default in OpenSSL 1.0.2, applications should generally
set this flag.
Local issuer certificates are often more likely to satisfy local security
requirements and lead to a locally trusted root.
This is especially important When some certificates in the trust store have
explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>).
The B<X509_V_FLAG_PARTIAL_CHAIN> flag causes intermediate certificates in the
trust store to be treated as trust-anchors, in the same way as the self-signed
root CA certificates.
This makes it possible to trust certificates issued by an intermediate CA
without having to trust its ancestor root CA.
With OpenSSL 1.0.2, chain construction continues as long as there are
additional trusted issuers in the trust store, and the last trusted issuer
becomes the trust-anchor.
Thus, even when an intermediate certificate is found in the trust store, the
verified chain passed to callbacks may still be anchored by a root CA.
=head1 NOTES
The above functions should be used to manipulate verification parameters
@@ -235,7 +256,8 @@ connections associated with an B<SSL_CTX> structure B<ctx>:
L<X509_verify_cert(3)|X509_verify_cert(3)>,
L<X509_check_host(3)|X509_check_host(3)>,
L<X509_check_email(3)|X509_check_email(3)>,
L<X509_check_ip(3)|X509_check_ip(3)>
L<X509_check_ip(3)|X509_check_ip(3)>,
L<x509(1)|x509(1)>
=head1 HISTORY

54
doc/crypto/X509_check_private_key.pod Normal file
View File

@@ -0,0 +1,54 @@
=pod
=head1 NAME
X509_check_private_key, X509_REQ_check_private_key - check the consistency
of a private key with the public key in an X509 certificate or certificate
request
=head1 SYNOPSIS
#include <openssl/x509.h>
int X509_check_private_key(X509 *x, EVP_PKEY *k);
int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k);
=head1 DESCRIPTION
X509_check_private_key() function checks the consistency of private
key B<k> with the public key in B<x>.
X509_REQ_check_private_key() is equivalent to X509_check_private_key()
except that B<x> represents a certificate request of structure B<X509_REQ>.
=head1 RETURN VALUE
X509_check_private_key() and X509_REQ_check_private_key() return 1 if
the keys match each other, and 0 if not.
If the key is invalid or an error occurred, the reason code can be
obtained using L<ERR_get_error(3)>.
=head1 BUGS
The B<check_private_key> functions don't check if B<k> itself is indeed
a private key or not. It merely compares the public materials (e.g. exponent
and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key)
of a key pair. So if you pass a public key to these functions in B<k>, it will
return success.
=head1 SEE ALSO
L<ERR_get_error(3)>
=head1 COPYRIGHT
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

2
doc/crypto/des.pod
View File

@@ -123,7 +123,7 @@ architecture dependent I<DES_key_schedule> via the
DES_set_key_checked() or DES_set_key_unchecked() function.
DES_set_key_checked() will check that the key passed is of odd parity
and is not a week or semi-weak key. If the parity is wrong, then -1
and is not a weak or semi-weak key. If the parity is wrong, then -1
is returned. If the key is a weak key, then -2 is returned. If an
error is returned, the key schedule is not generated.

3
doc/crypto/hmac.pod
View File

@@ -38,7 +38,8 @@ B<key_len> bytes long.
It places the result in B<md> (which must have space for the output of
the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
If B<md> is NULL, the digest is placed in a static array. The size of
the output is placed in B<md_len>, unless it is B<NULL>.
the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL
value for B<md> to use the static array is not thread safe.
B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.

8
doc/crypto/threads.pod
View File

@@ -63,9 +63,13 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
=head1 DESCRIPTION
OpenSSL can safely be used in multi-threaded applications provided
that at least two callback functions are set, locking_function and
OpenSSL can generally be used safely in multi-threaded applications provided
that at least two callback functions are set, the locking_function and
threadid_func.
Note that OpenSSL is not completely thread-safe, and unfortunately not all
global resources have the necessary locks.
Further, the thread-safety does not extend to things like multiple threads
using the same B<SSL> object at the same time.
locking_function(int mode, int n, const char *file, int line) is
needed to perform locking on shared data structures.

62
doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod Normal file
View File

@@ -0,0 +1,62 @@
=pod
=head1 NAME
SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg,
SSL_get_servername_type, SSL_get_servername - handle server name indication
(SNI)
=head1 SYNOPSIS
#include <openssl/ssl.h>
long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,
int (*cb)(SSL *, int *, void *));
long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
const char *SSL_get_servername(const SSL *s, const int type);
int SSL_get_servername_type(const SSL *s);
=head1 DESCRIPTION
SSL_CTX_set_tlsext_servername_callback() sets the application callback B<cb>
used by a server to perform any actions or configuration required based on
the servername extension received in the incoming connection. When B<cb>
is NULL, SNI is not used. The B<arg> value is a pointer which is passed to
the application callback.
SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be
passed into the callback for this B<SSL_CTX>.
SSL_get_servername() returns a servername extension value of the specified
type if provided in the Client Hello or NULL.
SSL_get_servername_type() returns the servername type or -1 if no servername
is present. Currently the only supported type (defined in RFC3546) is
B<TLSEXT_NAMETYPE_host_name>.
=head1 NOTES
The ALPN and SNI callbacks are both executed during Client Hello processing.
The servername callback is executed first, followed by the ALPN callback.
=head1 RETURN VALUES
SSL_CTX_set_tlsext_servername_callback() and
SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success.
=head1 SEE ALSO
L<ssl(7)>, L<SSL_CTX_set_alpn_select_cb(3)>,
L<SSL_get0_alpn_selected(3)>
=head1 COPYRIGHT
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

61
doc/ssl/SSL_export_keying_material.pod Normal file
View File

@@ -0,0 +1,61 @@
=pod
=head1 NAME
SSL_export_keying_material - obtain keying material for application use
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *context,
size_t contextlen, int use_context);
=head1 DESCRIPTION
During the creation of a TLS or DTLS connection shared keying material is
established between the two endpoints. The function SSL_export_keying_material()
enables an application to use some of this keying material for its own purposes
in accordance with RFC5705.
An application may need to securely establish the context within which this
keying material will be used. For example this may include identifiers for the
application session, application algorithms or parameters, or the lifetime of
the context. The context value is left to the application but must be the same
on both sides of the communication.
For a given SSL connection B<s>, B<olen> bytes of data will be written to
B<out>. The application specific context should be supplied in the location
pointed to by B<context> and should be B<contextlen> bytes long. Provision of
a context is optional. If the context should be omitted entirely then
B<use_context> should be set to 0. Otherwise it should be any other value. If
B<use_context> is 0 then the values of B<context> and B<contextlen> are ignored.
Note that a zero length context is treated differently to no context at all, and
will result in different keying material being returned.
An application specific label should be provided in the location pointed to by
B<label> and should be B<llen> bytes long. Typically this will be a value from
the IANA Exporter Label Registry
(L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>).
Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard
to be used without registration.
Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
above. Attempting to use it in SSLv3 will result in an error.
=head1 RETURN VALUES
SSL_export_keying_material() returns 0 or -1 on failure or 1 on success.
=head1 COPYRIGHT
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

2
doc/ssl/SSL_set_connect_state.pod
View File

@@ -25,7 +25,7 @@ it was either assigned a dedicated client method, a dedicated server
method, or a generic method, that can be used for both client and
server connections. (The method might have been changed with
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
SSL_set_ssl_method().)
SSL_set_ssl_method(3).)
When beginning a new handshake, the SSL engine must know whether it must
call the connect (client) or accept (server) routines. Even though it may