ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.0h

Browse Source
This commit is contained in:
Steve Dower
2018-04-13 17:45:41 +00:00
parent f39d324ed3
commit 807cee26df
513 changed files with 11248 additions and 3603 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
doc/HOWTO/keys.txt
View File

@@ -27,12 +27,6 @@ With this variant, you will be prompted for a protecting password. If
you don't want your key to be protected by a password, remove the flag
'-des3' from the command line above.
NOTE: if you intend to use the key together with a server
certificate, it may be a good thing to avoid protecting it
with a password, since that would mean someone would have to
type in the password every time the server needs to access
the key.
The number 2048 is the size of the key, in bits. Today, 2048 or
higher is recommended for RSA keys, as fewer amount of bits is
consider insecure or to be insecure pretty soon.
@@ -62,11 +56,50 @@ With this variant, you will be prompted for a protecting password. If
you don't want your key to be protected by a password, remove the flag
'-des3' from the command line above.
NOTE: if you intend to use the key together with a server
certificate, it may be a good thing to avoid protecting it
with a password, since that would mean someone would have to
type in the password every time the server needs to access
the key.
--
Richard Levitte
4. To generate an EC key
An EC key can be used both for key agreement (ECDH) and signing (ECDSA).
Generating a key for ECC is similar to generating a DSA key. These are
two-step processes. First, you have to get the EC parameters from which
the key will be generated:
openssl ecparam -name prime256v1 -out prime256v1.pem
The prime256v1, or NIST P-256, which stands for 'X9.62/SECG curve over
a 256-bit prime field', is the name of an elliptic curve which generates the
parameters. You can use the following command to list all supported curves:
openssl ecparam -list_curves
When that is done, you can generate a key using the created parameters (several
keys can be produced from the same parameters):
openssl genpkey -des3 -paramfile prime256v1.pem -out private.key
With this variant, you will be prompted for a password to protect your key.
If you don't want your key to be protected by a password, remove the flag
'-des3' from the command line above.
You can also directly generate the key in one step:
openssl ecparam -genkey -name prime256v1 -out private.key
or
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256
5. NOTE
If you intend to use the key together with a server certificate,
it may be reasonable to avoid protecting it with a password, since
otherwise someone would have to type in the password every time the
server needs to access the key.
For X25519, it's treated as a distinct algorithm but not as one of
the curves listed with 'ecparam -list_curves' option. You can use
the following command to generate an X25519 key:
openssl genpkey -algorithm X25519 -out xkey.pem

1
doc/apps/asn1parse.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-asn1parse,
asn1parse - ASN.1 parsing tool
=head1 SYNOPSIS

7
doc/apps/ca.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ca,
ca - sample minimal CA application
=head1 SYNOPSIS
@@ -442,6 +443,10 @@ versions of OpenSSL. However, to make CA certificate roll-over easier,
it's recommended to use the value B<no>, especially if combined with
the B<-selfsign> command line option.
Note that it is valid in some circumstances for certificates to be created
without any subject. In the case where there are multiple certificates without
subjects this does not count as a duplicate.
=item B<serial>
a text file containing the next serial number to use in hex. Mandatory.
@@ -709,7 +714,7 @@ L<config(5)>, L<x509v3_config(5)>
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

1
doc/apps/ciphers.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ciphers,
ciphers - SSL cipher display and cipher list tool
=head1 SYNOPSIS

3
doc/apps/cms.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-cms,
cms - CMS utility
=head1 SYNOPSIS
@@ -185,7 +186,7 @@ output an error.
=item B<-EncryptedData_encrypt>
Encrypt content using supplied symmetric key and algorithm using a CMS
B<EncrytedData> type and output the content.
B<EncryptedData> type and output the content.
=item B<-sign_receipt>

1
doc/apps/crl.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-crl,
crl - CRL utility
=head1 SYNOPSIS

1
doc/apps/crl2pkcs7.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-crl2pkcs7,
crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates
=head1 SYNOPSIS

1
doc/apps/dgst.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-dgst,
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5, blake2b, blake2s - message digests
=head1 SYNOPSIS

1
doc/apps/dhparam.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-dhparam,
dhparam - DH parameter manipulation and generation
=head1 SYNOPSIS

1
doc/apps/dsa.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-dsa,
dsa - DSA key processing
=head1 SYNOPSIS

1
doc/apps/dsaparam.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-dsaparam,
dsaparam - DSA parameter manipulation and generation
=head1 SYNOPSIS

1
doc/apps/ec.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ec,
ec - EC key processing
=head1 SYNOPSIS

7
doc/apps/ecparam.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ecparam,
ecparam - EC parameter manipulation and generation
=head1 SYNOPSIS
@@ -90,8 +91,8 @@ currently implemented EC parameters names and exit.
=item B<-conv_form>
This specifies how the points on the elliptic curve are converted
into octet strings. Possible values are: B<compressed> (the default
value), B<uncompressed> and B<hybrid>. For more information regarding
into octet strings. Possible values are: B<compressed>, B<uncompressed> (the
default value) and B<hybrid>. For more information regarding
the point conversion forms please read the X9.62 standard.
B<Note> Due to patent issues the B<compressed> option is disabled
by default for binary curves and can be enabled by defining
@@ -175,7 +176,7 @@ L<ec(1)>, L<dsaparam(1)>
=head1 COPYRIGHT
Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

1
doc/apps/enc.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-enc,
enc - symmetric cipher routines
=head1 SYNOPSIS

13
doc/apps/engine.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-engine,
engine - load and query engines
=head1 SYNOPSIS
@@ -92,9 +93,19 @@ To list the capabilities of the I<rsax> engine:
[RSA]
(dynamic) Dynamic engine loading support
=head1 ENVIRONMENT
=over 4
=item B<OPENSSL_ENGINES>
The path to the engines directory.
=back
=head1 COPYRIGHT
Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

1
doc/apps/errstr.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-errstr,
errstr - lookup error codes
=head1 SYNOPSIS

1
doc/apps/gendsa.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-gendsa,
gendsa - generate a DSA private key from a set of parameters
=head1 SYNOPSIS

1
doc/apps/genpkey.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-genpkey,
genpkey - generate a private key
=head1 SYNOPSIS

1
doc/apps/genrsa.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-genrsa,
genrsa - generate an RSA private key
=head1 SYNOPSIS

1
doc/apps/list.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-list,
list - list algorithms and features
=head1 SYNOPSIS

1
doc/apps/nseq.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-nseq,
nseq - create or examine a Netscape certificate sequence
=head1 SYNOPSIS

1
doc/apps/ocsp.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ocsp,
ocsp - Online Certificate Status Protocol utility
=head1 SYNOPSIS

23
doc/apps/openssl.pod
View File

@@ -182,6 +182,10 @@ PKCS#12 Data Management.
PKCS#7 Data Management.
=item L<B<pkcs8>|pkcs8(1)>
PKCS#8 format private key conversion tool.
=item L<B<pkey>|pkey(1)>
Public and private key management.
@@ -198,6 +202,10 @@ Public key algorithm cryptographic operation utility.
Generate pseudo-random bytes.
=item L<B<rehash>|rehash(1)>
Create symbolic links to certificate and CRL files named by the hash values.
=item L<B<req>|req(1)>
PKCS#10 X.509 Certificate Signing Request (CSR) Management.
@@ -418,17 +426,20 @@ Read the password from standard input.
=head1 SEE ALSO
L<asn1parse(1)>, L<ca(1)>, L<config(5)>,
L<asn1parse(1)>, L<ca(1)>, L<ciphers(1)>, L<cms(1)>, L<config(5)>,
L<crl(1)>, L<crl2pkcs7(1)>, L<dgst(1)>,
L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>,
L<enc(1)>, L<engine(1)>, L<gendsa(1)>, L<genpkey(1)>,
L<genrsa(1)>, L<nseq(1)>, L<openssl(1)>,
L<ec(1)>, L<ecparam(1)>,
L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
L<passwd(1)>,
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
L<rand(1)>, L<req(1)>, L<rsa(1)>,
L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>,
L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
L<rsautl(1)>, L<s_client(1)>,
L<s_server(1)>, L<s_time(1)>,
L<smime(1)>, L<spkac(1)>,
L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
L<smime(1)>, L<speed(1)>, L<spkac(1)>,
L<ts(1)>,
L<verify(1)>, L<version(1)>, L<x509(1)>,
L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>

1
doc/apps/passwd.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-passwd,
passwd - compute password hashes
=head1 SYNOPSIS

1
doc/apps/pkcs12.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-pkcs12,
pkcs12 - PKCS#12 file utility
=head1 SYNOPSIS

1
doc/apps/pkcs7.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-pkcs7,
pkcs7 - PKCS#7 utility
=head1 SYNOPSIS

1
doc/apps/pkcs8.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-pkcs8,
pkcs8 - PKCS#8 format private key conversion tool
=head1 SYNOPSIS

1
doc/apps/pkey.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-pkey,
pkey - public or private key processing tool
=head1 SYNOPSIS

1
doc/apps/pkeyparam.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-pkeyparam,
pkeyparam - public key algorithm parameter processing tool
=head1 SYNOPSIS

1
doc/apps/pkeyutl.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-pkeyutl,
pkeyutl - public key algorithm utility
=head1 SYNOPSIS

1
doc/apps/rand.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-rand,
rand - generate pseudo-random bytes
=head1 SYNOPSIS

1
doc/apps/rehash.pod
View File

@@ -5,6 +5,7 @@ Original text by James Westby, contributed under the OpenSSL license.
=head1 NAME
openssl-c_rehash, openssl-rehash,
c_rehash, rehash - Create symbolic links to files named by the hash values
=head1 SYNOPSIS

1
doc/apps/req.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-req,
req - PKCS#10 certificate request and certificate generating utility
=head1 SYNOPSIS

1
doc/apps/rsa.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-rsa,
rsa - RSA key processing tool
=head1 SYNOPSIS

3
doc/apps/rsautl.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-rsautl,
rsautl - RSA utility
=head1 SYNOPSIS
@@ -115,7 +116,7 @@ Recover the signed data
Examine the raw signed data:
openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................

3
doc/apps/s_client.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-s_client,
s_client - SSL/TLS client program
=head1 SYNOPSIS
@@ -346,12 +347,14 @@ Can be used to override the implicit B<-ign_eof> after B<-quiet>.
=item B<-psk_identity identity>
Use the PSK identity B<identity> when using a PSK cipher suite.
The default value is "Client_identity" (without the quotes).
=item B<-psk key>
Use the PSK key B<key> when using a PSK cipher suite. The key is
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
This option must be provided in order to use a PSK cipher.
=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>

6
doc/apps/s_server.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-s_server,
s_server - SSL/TLS server program
=head1 SYNOPSIS
@@ -323,6 +324,7 @@ Use the PSK identity hint B<hint> when using a PSK cipher suite.
Use the PSK key B<key> when using a PSK cipher suite. The key is
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
This option must be provided in order to use a PSK cipher.
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
@@ -574,10 +576,6 @@ a web browser the command:
can be used for example.
Most web browsers (in particular Netscape and MSIE) only support RSA cipher
suites, so they cannot connect to servers which don't use a certificate
carrying an RSA key or a version of OpenSSL with RSA disabled.
Although specifying an empty list of CAs when requesting a client certificate
is strictly speaking a protocol violation, some SSL clients interpret this to
mean any CA is acceptable. This is useful for debugging purposes.

1
doc/apps/s_time.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-s_time,
s_time - SSL/TLS performance timing program
=head1 SYNOPSIS

1
doc/apps/sess_id.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-sess_id,
sess_id - SSL/TLS session handling utility
=head1 SYNOPSIS

1
doc/apps/smime.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-smime,
smime - S/MIME utility
=head1 SYNOPSIS

1
doc/apps/speed.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-speed,
speed - test library performance
=head1 SYNOPSIS

1
doc/apps/spkac.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-spkac,
spkac - SPKAC printing and generating utility
=head1 SYNOPSIS

1
doc/apps/ts.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-ts,
ts - Time Stamping Authority tool (client/server)
=head1 SYNOPSIS

1
doc/apps/tsget.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-tsget,
tsget - Time Stamping HTTP/HTTPS client
=head1 SYNOPSIS

1
doc/apps/verify.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-verify,
verify - Utility to verify certificates
=head1 SYNOPSIS

1
doc/apps/version.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-version,
version - print OpenSSL version information
=head1 SYNOPSIS

21
doc/apps/x509.pod
View File

@@ -2,6 +2,7 @@
=head1 NAME
openssl-x509,
x509 - Certificate display and signing utility
=head1 SYNOPSIS
@@ -230,8 +231,11 @@ non-zero if yes it will expire or zero if not.
=item B<-fingerprint>
prints out the digest of the DER encoded version of the whole certificate
(see digest options).
Calculates and outputs the digest of the DER encoded version of the entire
certificate (see digest options).
This is commonly called a "fingerprint". Because of the nature of message
digests, the fingerprint of a certificate is unique to that certificate and
two certificates with the same fingerprint can be considered to be the same.
=item B<-C>
@@ -686,10 +690,6 @@ supporting UTF8:
openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
Display the certificate MD5 fingerprint:
openssl x509 -in cert.pem -noout -fingerprint
Display the certificate SHA1 fingerprint:
openssl x509 -sha1 -in cert.pem -noout -fingerprint
@@ -743,13 +743,6 @@ T61Strings use the ISO8859-1 character set. This is wrong but Netscape
and MSIE do this as do many certificates. So although this is incorrect
it is more likely to display the majority of certificates correctly.
The B<-fingerprint> option takes the digest of the DER encoded certificate.
This is commonly called a "fingerprint". Because of the nature of message
digests the fingerprint of a certificate is unique to that certificate and
two certificates with the same fingerprint can be considered to be the same.
The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
The B<-email> option searches the subject name and the subject alternative
name extension. Only unique email addresses will be printed out: it will
not print the same address more than once.
@@ -895,7 +888,7 @@ the old form must have their links rebuilt using B<c_rehash> or similar.
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

2
doc/apps/x509v3_config.pod
View File

@@ -352,7 +352,7 @@ Example:
noticeNumbers=1,2,3,4
The B<ia5org> option changes the type of the I<organization> field. In RFC2459
it can only be of type DisplayText. In RFC3280 IA5Strring is also permissible.
it can only be of type DisplayText. In RFC3280 IA5String is also permissible.
Some software (for example some versions of MSIE) may require ia5org.
=head2 Policy Constraints

6
doc/crypto/ASN1_STRING_length.pod
View File

@@ -71,8 +71,8 @@ utility functions should be used instead.
In general it cannot be assumed that the data returned by ASN1_STRING_data()
is null terminated or does not contain embedded nulls. The actual format
of the data will depend on the actual string type itself: for example
for and IA5String the data will be ASCII, for a BMPString two bytes per
character in big endian format, UTF8String will be in UTF8 format.
for an IA5String the data will be ASCII, for a BMPString two bytes per
character in big endian format, and for an UTF8String it will be in UTF8 format.
Similar care should be take to ensure the data is in the correct format
when calling ASN1_STRING_set().
@@ -83,7 +83,7 @@ L<ERR_get_error(3)>
=head1 COPYRIGHT
Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

10
doc/crypto/BIO_ctrl.pod
View File

@@ -5,17 +5,17 @@
BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close,
BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending,
BIO_get_info_callback, BIO_set_info_callback, bio_info_cb
BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb
- BIO control operations
=head1 SYNOPSIS
#include <openssl/bio.h>
typedef void (*bio_info_cb)(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3);
typedef int BIO_info_cb(BIO *b, int state, int res);
long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
long BIO_callback_ctrl(BIO *b, int cmd, bio_info_cb cb);
long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb);
char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
@@ -31,8 +31,8 @@ BIO_get_info_callback, BIO_set_info_callback, bio_info_cb
size_t BIO_ctrl_pending(BIO *b);
size_t BIO_ctrl_wpending(BIO *b);
int BIO_get_info_callback(BIO *b, bio_info_cb **cbp);
int BIO_set_info_callback(BIO *b, bio_info_cb *cb);
int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp);
int BIO_set_info_callback(BIO *b, BIO_info_cb *cb);
=head1 DESCRIPTION

2
doc/crypto/BIO_get_data.pod
View File

@@ -51,7 +51,7 @@ L<bio>, L<BIO_meth_new>
=head1 HISTORY
The functions described here were added in OpenSSL version 1.1.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

2
doc/crypto/BIO_get_ex_new_index.pod
View File

@@ -11,7 +11,7 @@ X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_
DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data,
DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data,
ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data,
ECDSA_get_ex_new_index, ECDSA_set_ex_data, ECDSA_get_ex_data,
EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data,
RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data
- application-specific data

8
doc/crypto/BIO_meth_new.pod
View File

@@ -8,7 +8,7 @@ BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts,
BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl,
BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy,
BIO_meth_set_destroy, BIO_meth_get_callback_ctrl,
BIO_meth_set_callback_ctrl - Routines to build up BIO methods
BIO_meth_set_callback_ctrl - Routines to build up BIO methods
=head1 SYNOPSIS
@@ -37,10 +37,10 @@ BIO_meth_set_callback_ctrl - Routines to build up BIO methods
int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *);
int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *));
long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))
(BIO *, int, bio_info_cb *);
(BIO *, int, BIO_info_cb *);
int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
long (*callback_ctrl) (BIO *, int,
bio_info_cb *));
BIO_info_cb *));
=head1 DESCRIPTION
@@ -117,7 +117,7 @@ L<bio>, L<BIO_find_type>, L<BIO_ctrl>, L<BIO_read>, L<BIO_new>
=head1 HISTORY
The functions described here were added in OpenSSL version 1.1.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

2
doc/crypto/BIO_push.pod
View File

@@ -75,7 +75,7 @@ L<bio>
=head1 HISTORY
The BIO_set_next() function was added in OpenSSL version 1.1.0.
The BIO_set_next() function was added in OpenSSL 1.1.0.
=head1 COPYRIGHT

6
doc/crypto/BIO_s_mem.pod
View File

@@ -56,14 +56,14 @@ zero then it will return B<v> when it is empty and it will set the read retry
flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
positive return value B<v> should be set to a negative value, typically -1.
BIO_get_mem_data() sets B<pp> to a pointer to the start of the memory BIOs data
BIO_get_mem_data() sets *B<pp> to a pointer to the start of the memory BIOs data
and returns the total amount of data available. It is implemented as a macro.
BIO_set_mem_buf() sets the internal BUF_MEM structure to B<bm> and sets the
close flag to B<c>, that is B<c> should be either BIO_CLOSE or BIO_NOCLOSE.
It is a macro.
BIO_get_mem_ptr() places the underlying BUF_MEM structure in B<pp>. It is
BIO_get_mem_ptr() places the underlying BUF_MEM structure in *B<pp>. It is
a macro.
BIO_new_mem_buf() creates a memory BIO using B<len> bytes of data at B<buf>,
@@ -114,7 +114,7 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

6
doc/crypto/BIO_set_callback.pod
View File

@@ -20,8 +20,8 @@ BIO_callback_fn_ex, BIO_callback_fn
void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
void BIO_set_callback(BIO *b, BIO_callack_fn cb);
BIO_callack_fn BIO_get_callback(BIO *b);
void BIO_set_callback(BIO *b, BIO_callback_fn cb);
BIO_callback_fn BIO_get_callback(BIO *b);
void BIO_set_callback_arg(BIO *b, char *arg);
char *BIO_get_callback_arg(const BIO *b);
@@ -37,7 +37,7 @@ operation.
BIO_set_callback() and BIO_get_callback() set and retrieve the old format BIO
callback. New code should not use these functions, but they are retained for
backwards compatbility. Any callback set via BIO_set_callback_ex() will get
backwards compatibility. Any callback set via BIO_set_callback_ex() will get
called in preference to any set by BIO_set_callback().
BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be

2
doc/crypto/BIO_should_retry.pod
View File

@@ -118,7 +118,7 @@ L<bio>
=head1 HISTORY
The BIO_get_retry_reason() and BIO_set_retry_reason() functions were added in
OpenSSL version 1.1.0.
OpenSSL 1.1.0.
=head1 COPYRIGHT

4
doc/crypto/BN_bn2bin.pod
View File

@@ -87,8 +87,8 @@ BN_bn2binpad() returns the number of bytes written or -1 if the supplied
buffer is too small.
BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
on error. BN_hex2bn() and BN_dec2bn() return the the length of valid
representation in hexadecimal or decimal digits, and 0 on error, in which
on error. BN_hex2bn() and BN_dec2bn() return the number of characters
used in parsing, or 0 on error, in which
case no new B<BIGNUM> will be created.
BN_print_fp() and BN_print() return 1 on success, 0 on write errors.

3
doc/crypto/BN_new.pod
View File

@@ -36,7 +36,8 @@ If B<a> is NULL, nothing is done.
=head1 RETURN VALUES
BN_new() and BN_secure_new()
return a pointer to the B<BIGNUM>. If the allocation fails,
return a pointer to the B<BIGNUM> initialised to the value 0.
If the allocation fails,
they return B<NULL> and set an error code that can be obtained
by L<ERR_get_error(3)>.

23
doc/crypto/BN_zero.pod
View File

@@ -14,8 +14,8 @@ operations
const BIGNUM *BN_value_one(void);
int BN_set_word(BIGNUM *a, unsigned long w);
unsigned long BN_get_word(BIGNUM *a);
int BN_set_word(BIGNUM *a, BN_ULONG w);
BN_ULONG BN_get_word(BIGNUM *a);
Deprecated:
@@ -25,19 +25,21 @@ Deprecated:
=head1 DESCRIPTION
B<BN_ULONG> is a macro that will be an unsigned integral type optimied
for the most efficient implementation on the local platform.
BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
B<w> respectively. BN_zero() and BN_one() are macros.
BN_value_one() returns a B<BIGNUM> constant of value 1. This constant
is useful for use in comparisons and assignment.
BN_get_word() returns B<a>, if it can be represented as an unsigned
long.
BN_get_word() returns B<a>, if it can be represented as a B<BN_ULONG>.
=head1 RETURN VALUES
BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
be represented as an unsigned long.
BN_get_word() returns the value B<a>, or all-bits-set if B<a> cannot
be represented as a B<BN_ULONG>.
BN_one(), BN_set_word() and the deprecated version of BN_zero()
return 1 on success, 0 otherwise.
@@ -46,10 +48,11 @@ The preferred version of BN_zero() never fails and returns no value.
=head1 BUGS
Someone might change the constant.
If a B<BIGNUM> is equal to the value of all-bits-set, it will collide
with the error condition returned by BN_get_word() which uses that
as an error value.
If a B<BIGNUM> is equal to 0xffffffffL it can be represented as an
unsigned long but this value is also returned on error.
B<BN_ULONG> should probably be a typedef.
=head1 SEE ALSO
@@ -57,7 +60,7 @@ L<BN_bn2bin(3)>
=head1 COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

2
doc/crypto/BUF_MEM_new.pod
View File

@@ -2,7 +2,7 @@
=head1 NAME
BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow
BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow,
BUF_MEM_grow_clean, BUF_reverse
- simple character array structure

7
doc/crypto/CRYPTO_get_ex_new_index.pod
View File

@@ -17,8 +17,8 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
@@ -128,7 +128,8 @@ initially registered via CRYPTO_get_ex_new_index() and can be used if
the same callback handles different types of exdata.
dup_func() is called when a structure is being copied. This is only done
for B<SSL> and B<SSL_SESSION> objects. The B<to> and B<from> parameters
for B<SSL>, B<SSL_SESSION>, B<EC_KEY> objects and B<BIO> chains via
BIO_dup_chain(). The B<to> and B<from> parameters
are pointers to the destination and source B<CRYPTO_EX_DATA> structures,
respectively. The B<from_d> parameter needs to be cast to a B<void **pptr>
as the API has currently the wrong signature; that will be changed in a

6
doc/crypto/DEFINE_STACK_OF.pod
View File

@@ -94,12 +94,12 @@ B<NULL>.
sk_TYPE_value() returns element B<idx> in B<sk>, where B<idx> starts at
zero. If B<idx> is out of range then B<NULL> is returned.
sk_TYPE_new() allocates a new empty stack using comparison function B<compar>.
If B<compar> is B<NULL> then no comparison function is used.
sk_TYPE_new() allocates a new empty stack using comparison function B<compare>.
If B<compare> is B<NULL> then no comparison function is used.
sk_TYPE_new_null() allocates a new empty stack with no comparison function.
sk_TYPE_set_cmp_func() sets the comparison function of B<sk> to B<compar>.
sk_TYPE_set_cmp_func() sets the comparison function of B<sk> to B<compare>.
The previous comparison function is returned or B<NULL> if there was
no previous comparison function.

14
doc/crypto/DH_get0_pqg.pod
View File

@@ -48,13 +48,11 @@ been set yet, although if the private key has been set then the public key must
be. The values point to the internal representation of the public key and
private key values. This memory should not be freed directly.
The public and private key values can be set using DH_set0_key(). The public
key must be non-NULL the first time this function is called on a given DH
object. The private key may be NULL. On subsequent calls, either may be NULL,
which means the corresponding DH field is left untouched. As for DH_set0_pqg()
this function transfers the memory management of the key values to the DH
object, and therefore they should not be freed directly after this function has
been called.
The public and private key values can be set using DH_set0_key(). Either
parameter may be NULL, which means the corresponding DH field is left
untouched. As with DH_set0_pqg() this function transfers the memory management
of the key values to the DH object, and therefore they should not be freed
directly after this function has been called.
DH_set_flags() sets the flags in the B<flags> parameter on the DH object.
Multiple flags can be passed in one go (bitwise ORed together). Any flags that
@@ -98,7 +96,7 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_meth_new(3)>
=head1 HISTORY
The functions described here were added in OpenSSL version 1.1.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

2
doc/crypto/DH_meth_new.pod
View File

@@ -142,7 +142,7 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_get0_pqg(3)>
=head1 HISTORY
The functions described here were added in OpenSSL version 1.1.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

5
doc/crypto/DH_set_method.pod
View File

@@ -31,8 +31,11 @@ Initially, the default DH_METHOD is the OpenSSL internal implementation, as
returned by DH_OpenSSL().
DH_set_default_method() makes B<meth> the default method for all DH
structures created later. B<NB>: This is true only whilst no ENGINE has been set
structures created later.
B<NB>: This is true only whilst no ENGINE has been set
as a default for DH, so this function is no longer recommended.
This function is not thread-safe and should not be called at the same time
as other OpenSSL functions.
DH_get_default_method() returns a pointer to the current default DH_METHOD.
However, the meaningfulness of this result is dependent on whether the ENGINE

2
doc/crypto/DSA_get0_pqg.pod
View File

@@ -88,7 +88,7 @@ L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_meth_new(3)>
=head1 HISTORY
The functions described here were added in OpenSSL version 1.1.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

4
doc/crypto/DSA_meth_new.pod
View File

@@ -10,7 +10,7 @@ DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp,
DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp,
DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish,
DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen,
DSA_meth_set_keygen - Routines to build up DSA methods
DSA_meth_set_keygen - Routines to build up DSA methods
=head1 SYNOPSIS
@@ -179,7 +179,7 @@ L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_get0_pqg(3)>
=head1 HISTORY
The functions described here were added in OpenSSL version 1.1.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

5
doc/crypto/DSA_set_method.pod
View File

@@ -31,8 +31,11 @@ Initially, the default DSA_METHOD is the OpenSSL internal implementation,
as returned by DSA_OpenSSL().
DSA_set_default_method() makes B<meth> the default method for all DSA
structures created later. B<NB>: This is true only whilst no ENGINE has
structures created later.
B<NB>: This is true only whilst no ENGINE has
been set as a default for DSA, so this function is no longer recommended.
This function is not thread-safe and should not be called at the same time
as other OpenSSL functions.
DSA_get_default_method() returns a pointer to the current default
DSA_METHOD. However, the meaningfulness of this result is dependent on

4
doc/crypto/EC_POINT_new.pod
View File

@@ -164,7 +164,7 @@ EC_POINT_set_compressed_coordinates_GF2m() and EC_POINT_oct2point().
EC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT.
EC_POINT_point2oct() and EC_point2buf() return the length of the required
EC_POINT_point2oct() and EC_POINT_point2buf() return the length of the required
buffer or 0 on error.
EC_POINT_point2bn() returns the pointer to the BIGNUM supplied, or NULL on
@@ -186,7 +186,7 @@ L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
=head1 COPYRIGHT
Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

12
doc/crypto/ENGINE_add.pod
View File

@@ -589,6 +589,16 @@ might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
and ENGINE could therefore decide whether or not to support this "foo"-specific
extension).
=head1 ENVIRONMENT
=over 4
=item B<OPENSSL_ENGINES>
The path to the engines directory.
=back
=head1 SEE ALSO
L<OPENSSL_init_crypto(3)>, L<RSA_new_method(3)>, L<dsa(3)>, L<dh(3)>, L<rand(3)>
@@ -601,7 +611,7 @@ OPENSSL_init_crypto().
=head1 COPYRIGHT
Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

37
doc/crypto/EVP_CIPHER_meth_new.pod
View File

@@ -10,7 +10,7 @@ EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params,
EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init,
EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup,
EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params,
EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
=head1 SYNOPSIS
@@ -204,17 +204,32 @@ EVP_CIPHER_CTX_get_cipher_data().
This cleanup function is called by EVP_CIPHER_CTX_reset() and
EVP_CIPHER_CTX_free().
EVP_CIPHER_meth_set_set_asn1_params() sets the function for B<cipher>
to set the AlgorithmIdentifier "parameter" based on the passed cipher.
This function is called by EVP_CIPHER_param_to_asn1().
EVP_CIPHER_meth_set_get_asn1_params() sets the function for B<cipher>
that sets the cipher parameters based on an ASN.1 AlgorithmIdentifier
"parameter".
Both these functions are needed when there is a need for custom data
(more or other than the cipher IV).
They are called by EVP_CIPHER_param_to_asn1() and
EVP_CIPHER_asn1_to_param() respectively if defined.
EVP_CIPHER_meth_set_ctrl() sets the control function for B<cipher>.
EVP_CIPHER_meth_get_init(), EVP_CIPHER_meth_get_do_cipher(),
EVP_CIPHER_meth_get_cleanup(), EVP_CIPHER_meth_get_set_asn1_params(),
EVP_CIPHER_meth_get_get_asn1_params() and EVP_CIPHER_meth_get_ctrl()
are all used to retrieve the method data given with the
EVP_CIPHER_meth_set_*() functions above.
=head1 RETURN VALUES
EVP_CIPHER_meth_get_input_blocksize(), EVP_CIPHER_meth_get_result_size(),
EVP_CIPHER_meth_get_app_datasize(), EVP_CIPHER_meth_get_flags(),
EVP_CIPHER_meth_get_init(), EVP_CIPHER_meth_get_update(),
EVP_CIPHER_meth_get_final(), EVP_CIPHER_meth_get_copy(),
EVP_CIPHER_meth_get_cleanup() and EVP_CIPHER_meth_get_ctrl() are all used
to retrieve the method data given with the EVP_CIPHER_meth_set_*()
functions above.
EVP_CIPHER_meth_new() and EVP_CIPHER_meth_dup() return a pointer to a
newly created B<EVP_CIPHER>, or NULL on failure.
All EVP_CIPHER_meth_set_*() functions return 1.
All EVP_CIPHER_meth_get_*() functions return pointers to their
respective B<cipher> function.
=head1 SEE ALSO
@@ -223,12 +238,12 @@ L<EVP_EncryptInit>
=head1 HISTORY
The B<EVP_CIPHER> structure was openly available in OpenSSL before version
1.1.
The functions described here were added in OpenSSL version 1.1.
1.1.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

27
doc/crypto/EVP_EncryptInit.pod
View File

@@ -31,7 +31,7 @@ EVP_aes_256_cbc, EVP_aes_256_ecb, EVP_aes_256_cfb, EVP_aes_256_ofb,
EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm,
EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm,
EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1,
EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256
EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256,
EVP_chacha20, EVP_chacha20_poly1305 - EVP cipher routines
=head1 SYNOPSIS
@@ -45,38 +45,38 @@ EVP_chacha20, EVP_chacha20_poly1305 - EVP cipher routines
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
ENGINE *impl, const unsigned char *key, const unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int *outl, const unsigned char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
ENGINE *impl, const unsigned char *key, const unsigned char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int *outl, const unsigned char *in, int inl);
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int *outl, const unsigned char *in, int inl);
int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv);
const unsigned char *key, const unsigned char *iv);
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv);
const unsigned char *key, const unsigned char *iv);
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv, int enc);
const unsigned char *key, const unsigned char *iv, int enc);
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
@@ -448,9 +448,8 @@ either be 16 or the value previously set via EVP_CTRL_OCB_SET_TAGLEN.
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);
Sets the expected tag to B<taglen> bytes from B<tag>. This call is only legal
when decrypting data and must be made B<before> any data is processed (e.g.
before any EVP_DecryptUpdate() call). For OCB mode the taglen must
either be 16 or the value previously set via EVP_CTRL_AEAD_SET_TAG.
when decrypting data. For OCB mode the taglen must either be 16 or the value
previously set via EVP_CTRL_AEAD_SET_TAG.
In OCB mode calling this with B<tag> set to NULL sets the tag length. The tag
length can only be set before specifying an IV. If not called a default tag
@@ -652,7 +651,7 @@ EVP_CIPHER_CTX_reset().
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

19
doc/crypto/EVP_MD_meth_new.pod
View File

@@ -11,7 +11,7 @@ EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize,
EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize,
EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update,
EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup,
EVP_MD_meth_get_ctrl, EVP_MD_CTX_md_data
EVP_MD_meth_get_ctrl
- Routines to build up EVP_MD methods
=head1 SYNOPSIS
@@ -34,7 +34,6 @@ EVP_MD_meth_get_ctrl, EVP_MD_CTX_md_data
unsigned char *md));
int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
const EVP_MD_CTX *from));
void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
int p1, void *p2));
@@ -140,7 +139,6 @@ EVP_MD_CTX_free().
EVP_MD_meth_set_ctrl() sets the control function for B<md>.
EVP_MD_meth_get_input_blocksize(), EVP_MD_meth_get_result_size(),
EVP_MD_meth_get_app_datasize(), EVP_MD_meth_get_flags(),
EVP_MD_meth_get_init(), EVP_MD_meth_get_update(),
@@ -149,6 +147,17 @@ EVP_MD_meth_get_cleanup() and EVP_MD_meth_get_ctrl() are all used
to retrieve the method data given with the EVP_MD_meth_set_*()
functions above.
=head1 RETURN VALUES
EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly
created B<EVP_MD>, or NULL on failure.
All EVP_MD_meth_set_*() functions return 1.
EVP_MD_get_input_blocksize(), EVP_MD_meth_get_result_size(),
EVP_MD_meth_get_app_datasize() and EVP_MD_meth_get_flags() return the
indicated sizes or flags.
All other EVP_CIPHER_meth_get_*() functions return pointers to their
respective B<md> function.
=head1 SEE ALSO
L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>, L<EVP_VerifyInit(3)>
@@ -156,11 +165,11 @@ L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>, L<EVP_VerifyInit(3)>
=head1 HISTORY
The B<EVP_MD> structure was openly available in OpenSSL before version
1.1. The functions described here were added in OpenSSL version 1.1.
1.1.0. The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

358
doc/crypto/EVP_PKEY_ASN1_METHOD.pod Normal file
View File

@@ -0,0 +1,358 @@
=pod
=head1 NAME
EVP_PKEY_ASN1_METHOD,
EVP_PKEY_asn1_new,
EVP_PKEY_asn1_copy,
EVP_PKEY_asn1_free,
EVP_PKEY_asn1_add0,
EVP_PKEY_asn1_add_alias,
EVP_PKEY_asn1_set_public,
EVP_PKEY_asn1_set_private,
EVP_PKEY_asn1_set_param,
EVP_PKEY_asn1_set_free,
EVP_PKEY_asn1_set_ctrl,
EVP_PKEY_asn1_set_item,
EVP_PKEY_asn1_set_security_bits,
EVP_PKEY_get0_asn1
- manipulating and registering EVP_PKEY_ASN1_METHOD structure
=head1 SYNOPSIS
#include <openssl/evp.h>
typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
const char *pem_str,
const char *info);
void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
const EVP_PKEY_ASN1_METHOD *src);
void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
int EVP_PKEY_asn1_add_alias(int to, int from);
void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
int (*pub_decode) (EVP_PKEY *pk,
X509_PUBKEY *pub),
int (*pub_encode) (X509_PUBKEY *pub,
const EVP_PKEY *pk),
int (*pub_cmp) (const EVP_PKEY *a,
const EVP_PKEY *b),
int (*pub_print) (BIO *out,
const EVP_PKEY *pkey,
int indent, ASN1_PCTX *pctx),
int (*pkey_size) (const EVP_PKEY *pk),
int (*pkey_bits) (const EVP_PKEY *pk));
void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
int (*priv_decode) (EVP_PKEY *pk,
const PKCS8_PRIV_KEY_INFO
*p8inf),
int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
const EVP_PKEY *pk),
int (*priv_print) (BIO *out,
const EVP_PKEY *pkey,
int indent,
ASN1_PCTX *pctx));
void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
int (*param_decode) (EVP_PKEY *pkey,
const unsigned char **pder,
int derlen),
int (*param_encode) (const EVP_PKEY *pkey,
unsigned char **pder),
int (*param_missing) (const EVP_PKEY *pk),
int (*param_copy) (EVP_PKEY *to,
const EVP_PKEY *from),
int (*param_cmp) (const EVP_PKEY *a,
const EVP_PKEY *b),
int (*param_print) (BIO *out,
const EVP_PKEY *pkey,
int indent,
ASN1_PCTX *pctx));
void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
void (*pkey_free) (EVP_PKEY *pkey));
void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
long arg1, void *arg2));
void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
int (*item_verify) (EVP_MD_CTX *ctx,
const ASN1_ITEM *it,
void *asn,
X509_ALGOR *a,
ASN1_BIT_STRING *sig,
EVP_PKEY *pkey),
int (*item_sign) (EVP_MD_CTX *ctx,
const ASN1_ITEM *it,
void *asn,
X509_ALGOR *alg1,
X509_ALGOR *alg2,
ASN1_BIT_STRING *sig));
void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_security_bits) (const EVP_PKEY
*pk));
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
=head1 DESCRIPTION
B<EVP_PKEY_ASN1_METHOD> is a structure which holds a set of ASN.1
conversion, printing and information methods for a specific public key
algorithm.
There are two places where the B<EVP_PKEY_ASN1_METHOD> objects are
stored: one is a built-in array representing the standard methods for
different algorithms, and the other one is a stack of user-defined
application-specific methods, which can be manipulated by using
L<EVP_PKEY_asn1_add0(3)>.
=head2 Methods
The methods are the underlying implementations of a particular public
key algorithm present by the B<EVP_PKEY> object.
int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx);
The pub_decode() and pub_encode() methods are called to decode /
encode B<X509_PUBKEY> ASN.1 parameters to / from B<pk>.
They MUST return 0 on error, 1 on success.
They're called by L<X509_PUBKEY_get0(3)> and L<X509_PUBKEY_set(3)>.
The pub_cmp() method is called when two public keys are to be
compared.
It MUST return 1 when the keys are equal, 0 otherwise.
It's called by L<EVP_PKEY_cmp(3)>.
The pub_print() method is called to print a public key in humanly
readable text to B<out>, indented B<indent> spaces.
It MUST return 0 on error, 1 on success.
It's called by L<EVP_PKEY_print_public(3)>.
int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx);
The priv_decode() and priv_encode() methods are called to decode /
encode B<PKCS8_PRIV_KEY_INFO> form private key to / from B<pk>.
They MUST return 0 on error, 1 on success.
They're called by L<EVP_PKCS82PKEY(3)> and L<EVP_PKEY2PKCS8(3)>.
The priv_print() method is called to print a private key in humanly
readable text to B<out>, indented B<indent> spaces.
It MUST return 0 on error, 1 on success.
It's called by L<EVP_PKEY_print_private(3)>.
int (*pkey_size) (const EVP_PKEY *pk);
int (*pkey_bits) (const EVP_PKEY *pk);
int (*pkey_security_bits) (const EVP_PKEY *pk);
The pkey_size() method returns the key size in bytes.
It's called by L<EVP_PKEY_size(3)>.
The pkey_bits() method returns the key size in bits.
It's called by L<EVP_PKEY_bits(3)>.
int (*param_decode) (EVP_PKEY *pkey,
const unsigned char **pder, int derlen);
int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
int (*param_missing) (const EVP_PKEY *pk);
int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx);
The param_decode() and param_encode() methods are called to decode /
encode DER formatted parameters to / from B<pk>.
They MUST return 0 on error, 1 on success.
They're called by L<PEM_read_bio_Parameters(3)> and the B<file:>
L<OSSL_STORE_LOADER(3)>.
The param_missing() method returns 0 if a key parameter is missing,
otherwise 1.
It's called by L<EVP_PKEY_missing_parameters(3)>.
The param_copy() method copies key parameters from B<from> to B<to>.
It MUST return 0 on error, 1 on success.
It's called by L<EVP_PKEY_copy_parameters(3)>.
The param_cmp() method compares the parameters of keys B<a> and B<b>.
It MUST return 1 when the keys are equal, 0 when not equal, or a
negative number on error.
It's called by L<EVP_PKEY_cmp_parameters(3)>.
The param_print() method prints the private key parameters in humanly
readable text to B<out>, indented B<indent> spaces.
It MUST return 0 on error, 1 on success.
It's called by L<EVP_PKEY_print_params(3)>.
int (*sig_print) (BIO *out,
const X509_ALGOR *sigalg, const ASN1_STRING *sig,
int indent, ASN1_PCTX *pctx);
The sig_print() method prints a signature in humanly readable text to
B<out>, indented B<indent> spaces.
B<sigalg> contains the exact signature algorithm.
If the signature in B<sig> doesn't correspond to what this method
expects, X509_signature_dump() must be used as a last resort.
It MUST return 0 on error, 1 on success.
It's called by L<X509_signature_print(3)>.
void (*pkey_free) (EVP_PKEY *pkey);
The pkey_free() method helps freeing the internals of B<pkey>.
It's called by L<EVP_PKEY_free(3)>, L<EVP_PKEY_set_type(3)>,
L<EVP_PKEY_set_type_str(3)>, and L<EVP_PKEY_assign(3)>.
int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
The pkey_ctrl() method adds extra algorithm specific control.
It's called by L<EVP_PKEY_get_default_digest_nid(3)>,
L<EVP_PKEY_set1_tls_encodedpoint(3)>,
L<EVP_PKEY_get1_tls_encodedpoint(3)>, L<PKCS7_SIGNER_INFO_set(3)>,
L<PKCS7_RECIP_INFO_set(3)>, ...
int (*old_priv_decode) (EVP_PKEY *pkey,
const unsigned char **pder, int derlen);
int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
The old_priv_decode() and old_priv_encode() methods decode / encode
they private key B<pkey> from / to a DER formatted array.
These are exclusively used to help decoding / encoding older (pre
PKCS#8) PEM formatted encrypted private keys.
old_priv_decode() MUST return 0 on error, 1 on success.
old_priv_encode() MUST the return same kind of values as
i2d_PrivateKey().
They're called by L<d2i_PrivateKey(3)> and L<i2d_PrivateKey(3)>.
int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig);
The item_sign() and item_verify() methods make it possible to have
algorithm specific signatures and verification of them.
item_sign() MUST return one of:
=over 4
=item <=0
error
=item Z<>1
item_sign() did everything, OpenSSL internals just needs to pass the
signature length back.
=item Z<>2
item_sign() did nothing, OpenSSL internal standard routines are
expected to continue with the default signature production.
=item Z<>3
item_sign() set the algorithm identifier B<algor1> and B<algor2>,
OpenSSL internals should just sign using those algorithms.
=back
item_verify() MUST return one of:
=over 4
=item <=0
error
=item Z<>1
item_sign() did everything, OpenSSL internals just needs to pass the
signature length back.
=item Z<>2
item_sign() did nothing, OpenSSL internal standard routines are
expected to continue with the default signature production.
=back
item_verify() and item_sign() are called by L<ASN1_item_verify(3)> and
L<ASN1_item_sign(3)>, and by extension, L<X509_verify(3)>,
L<X509_REQ_verify(3)>, L<X509_sign(3)>, L<X509_REQ_sign(3)>, ...
=head2 Functions
EVP_PKEY_asn1_new() creates and returns a new B<EVP_PKEY_ASN1_METHOD>
object, and associates the given B<id>, B<flags>, B<pem_str> and
B<info>.
B<id> is a NID, B<pem_str> is the PEM type string, B<info> is a
descriptive string.
The following B<flags> are supported:
ASN1_PKEY_SIGPARAM_NULL
If B<ASN1_PKEY_SIGPARAM_NULL> is set, then the signature algorithm
parameters are given the type B<V_ASN1_NULL> by default, otherwise
they will be given the type B<V_ASN1_UNDEF> (i.e. the parameter is
omitted).
See L<X509_ALGOR_set0(3)> for more information.
EVP_PKEY_asn1_copy() copies an B<EVP_PKEY_ASN1_METHOD> object from
B<src> to B<dst>.
This function is not thread safe, it's recommended to only use this
when initializing the application.
EVP_PKEY_asn1_free() frees an existing B<EVP_PKEY_ASN1_METHOD> pointed
by B<ameth>.
EVP_PKEY_asn1_add0() adds B<ameth> to the user defined stack of
methods unless another B<EVP_PKEY_ASN1_METHOD> with the same NID is
already there.
This function is not thread safe, it's recommended to only use this
when initializing the application.
EVP_PKEY_asn1_add_alias() creates an alias with the NID B<to> for the
B<EVP_PKEY_ASN1_METHOD> with NID B<from> unless another
B<EVP_PKEY_ASN1_METHOD> with the same NID is already added.
This function is not thread safe, it's recommended to only use this
when initializing the application.
EVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(),
EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(),
EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), and
EVP_PKEY_asn1_set_security_bits() set the diverse methods of the given
B<EVP_PKEY_ASN1_METHOD> object.
EVP_PKEY_get0_asn1() finds the B<EVP_PKEY_ASN1_METHOD> associated
with the key B<pkey>.
=head1 RETURN VALUES
EVP_PKEY_asn1_new() returns NULL on error, or a pointer to an
B<EVP_PKEY_ASN1_METHOD> object otherwise.
EVP_PKEY_asn1_add0() and EVP_PKEY_asn1_add_alias() return 0 on error,
or 1 on success.
EVP_PKEY_get0_asn1() returns NULL on error, or a pointer to a constant
B<EVP_PKEY_ASN1_METHOD> object otherwise.
=head1 COPYRIGHT
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

80
doc/crypto/EVP_PKEY_asn1_get_count.pod Normal file
View File

@@ -0,0 +1,80 @@
=pod
=head1 NAME
EVP_PKEY_asn1_find,
EVP_PKEY_asn1_find_str,
EVP_PKEY_asn1_get_count,
EVP_PKEY_asn1_get0,
EVP_PKEY_asn1_get0_info
- enumerate public key ASN.1 methods
=head1 SYNOPSIS
#include <openssl/evp.h>
int EVP_PKEY_asn1_get_count(void);
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
const char *str, int len);
int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
int *ppkey_flags, const char **pinfo,
const char **ppem_str,
const EVP_PKEY_ASN1_METHOD *ameth);
=head1 DESCRIPTION
EVP_PKEY_asn1_count() returns a count of the number of public key
ASN.1 methods available: it includes standard methods and any methods
added by the application.
EVP_PKEY_asn1_get0() returns the public key ASN.1 method B<idx>.
The value of B<idx> must be between zero and EVP_PKEY_asn1_get_count()
- 1.
EVP_PKEY_asn1_find() looks up the B<EVP_PKEY_ASN1_METHOD> with NID
B<type>.
If B<pe> isn't B<NULL>, then it will look up an engine implementing a
B<EVP_PKEY_ASN1_METHOD> for the NID B<type> and return that instead,
and also set B<*pe> to point at the engine that implements it.
EVP_PKEY_asn1_find_str() looks up the B<EVP_PKEY_ASN1_METHOD> with PEM
type string B<str>.
Just like EVP_PKEY_asn1_find(), if B<pe> isn't B<NULL>, then it will
look up an engine implementing a B<EVP_PKEY_ASN1_METHOD> for the NID
B<type> and return that instead, and also set B<*pe> to point at the
engine that implements it.
EVP_PKEY_asn1_get0_info() returns the public key ID, base public key
ID (both NIDs), any flags, the method description and PEM type string
associated with the public key ASN.1 method B<*ameth>.
EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and
EVP_PKEY_asn1_find_str() are not thread safe, but as long as all
B<EVP_PKEY_ASN1_METHOD> objects are added before the application gets
threaded, using them is safe. See L<EVP_PKEY_asn1_add0(3)>.
=head1 RETURN VALUES
EVP_PKEY_asn1_count() returns the number of available public key methods.
EVP_PKEY_asn1_get0() return a public key method or B<NULL> if B<idx> is
out of range.
EVP_PKEY_asn1_get0_info() returns 0 on failure, 1 on success.
=head1 SEE ALSO
L<EVP_PKEY_asn1_new(3)>, L<EVP_PKEY_asn1_add0(3)>
=head1 COPYRIGHT
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

2
doc/crypto/EVP_PKEY_keygen.pod
View File

@@ -18,7 +18,7 @@ EVP_PKEY_gen_cb
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
typedef int (*EVP_PKEY_gen_cb)(EVP_PKEY_CTX *ctx);
typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);

19
doc/crypto/EVP_PKEY_set1_RSA.pod
View File

@@ -5,10 +5,9 @@
EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
EVP_PKEY_get0_hmac,
EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id
- EVP_PKEY assignment functions
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id,
EVP_PKEY_base_id, EVP_PKEY_set1_engine - EVP_PKEY assignment functions
=head1 SYNOPSIS
@@ -39,6 +38,8 @@ EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id
int EVP_PKEY_base_id(const EVP_PKEY *pkey);
int EVP_PKEY_type(int type);
int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
=head1 DESCRIPTION
EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
@@ -72,6 +73,11 @@ often seen in practice.
EVP_PKEY_type() returns the underlying type of the NID B<type>. For example
EVP_PKEY_type(EVP_PKEY_RSA2) will return B<EVP_PKEY_RSA>.
EVP_PKEY_set1_engine() sets the ENGINE handling B<pkey> to B<engine>. It
must be called after the key algorithm and components are set up.
If B<engine> does not include an B<EVP_PKEY_METHOD> for B<pkey> an
error occurs.
=head1 NOTES
In accordance with the OpenSSL naming convention the key obtained
@@ -89,6 +95,9 @@ Previous versions of this document suggested using EVP_PKEY_type(pkey->type)
to determine the type of a key. Since B<EVP_PKEY> is now opaque this
is no longer possible: the equivalent is EVP_PKEY_base_id(pkey).
EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM
key as part of its routine to load a private key.
=head1 RETURN VALUES
EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
@@ -104,6 +113,8 @@ and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key
type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.
=head1 SEE ALSO
L<EVP_PKEY_new(3)>

7
doc/crypto/EVP_SignInit.pod
View File

@@ -59,11 +59,6 @@ The B<EVP> interface to digital signatures should almost always be used in
preference to the low level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.
Due to the link between message digests and public key algorithms the correct
digest algorithm must be used with the correct public key type. A list of
algorithms and associated public key algorithms appears in
L<EVP_DigestInit(3)>.
When signing with DSA private keys the random number generator must be seeded
or the operation will fail. The random number generator does not need to be
seeded for RSA signatures.
@@ -100,7 +95,7 @@ L<SHA1(3)>, L<dgst(1)>
=head1 COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

7
doc/crypto/EVP_VerifyInit.pod
View File

@@ -51,11 +51,6 @@ The B<EVP> interface to digital signatures should almost always be used in
preference to the low level interfaces. This is because the code then becomes
transparent to the algorithm used and much more flexible.
Due to the link between message digests and public key algorithms the correct
digest algorithm must be used with the correct public key type. A list of
algorithms and associated public key algorithms appears in
L<EVP_DigestInit(3)>.
The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
later to digest and verify additional data.
@@ -89,7 +84,7 @@ L<SHA1(3)>, L<dgst(1)>
=head1 COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

15
doc/crypto/OCSP_resp_find_status.pod
View File

@@ -3,6 +3,7 @@
=head1 NAME
OCSP_resp_get0_certs,
OCSP_resp_get0_signer,
OCSP_resp_get0_id,
OCSP_resp_get0_produced_at,
OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find,
@@ -32,6 +33,9 @@ OCSP_single_get0_status, OCSP_check_validity
const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
STACK_OF(X509) *extra_certs);
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
const ASN1_OCTET_STRING **pid,
const X509_NAME **pname);
@@ -72,7 +76,13 @@ single response B<bs>.
OCSP_resp_get0_certs() returns any certificates included in B<bs>.
OCSP_resp_get0_id() gets the responder id of <bs>. If the responder ID is
OCSP_resp_get0_signer() attempts to retrieve the certificate that directly
signed B<bs>. The OCSP protocol does not require that this certificate
is included in the B<certs> field of the response, so additional certificates
can be supplied in B<extra_certs> if the certificates that may have
signed the response are known via some out-of-band mechanism.
OCSP_resp_get0_id() gets the responder id of B<bs>. If the responder ID is
a name then <*pname> is set to the name and B<*pid> is set to NULL. If the
responder ID is by key ID then B<*pid> is set to the key ID and B<*pname>
is set to NULL.
@@ -99,6 +109,9 @@ B<id> was not found.
OCSP_single_get0_status() returns the status of B<single> or -1 if an error
occurred.
OCSP_resp_get0_signer() returns 1 if the signing certificate was located,
or 0 on error.
=head1 NOTES
Applications will typically call OCSP_resp_find_status() using the certificate

2
doc/crypto/OCSP_response_status.pod
View File

@@ -86,7 +86,7 @@ L<OCSP_RESPID_free(3)>
=head1 HISTORY
The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match()
functions were added in OpenSSL version 1.1.0a.
functions were added in OpenSSL 1.1.0a.
=head1 COPYRIGHT

7
doc/crypto/OPENSSL_VERSION_NUMBER.pod
View File

@@ -47,6 +47,11 @@ number was therefore 0x0090581f.
OpenSSL_version_num() returns the version number.
The macro OPENSSL_VERSION_AT_LEAST(major,minor) can be used at compile
time test if the current version is at least as new as the version provided.
The arguments major, minor and fix correspond to the version information
as given above.
OpenSSL_version() returns different strings depending on B<t>:
=over 4
@@ -96,7 +101,7 @@ L<crypto(3)>
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

14
doc/crypto/OPENSSL_secure_malloc.pod
View File

@@ -5,8 +5,9 @@
CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized,
CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc,
OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free,
CRYPTO_secure_free, OPENSSL_secure_actual_size, OPENSSL_secure_allocated,
CRYPTO_secure_used - secure heap storage
OPENSSL_secure_clear_free, CRYPTO_secure_free, CRYPTO_secure_clear_free,
OPENSSL_secure_actual_size, OPENSSL_secure_allocated, CRYPTO_secure_used
- secure heap storage
=head1 SYNOPSIS
@@ -27,6 +28,9 @@ CRYPTO_secure_used - secure heap storage
void OPENSSL_secure_free(void* ptr);
void CRYPTO_secure_free(void *ptr, const char *, int);
void OPENSSL_secure_clear_free(void* ptr, size_t num);
void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int);
size_t OPENSSL_secure_actual_size(const void *ptr);
int OPENSSL_secure_allocated(const void *ptr);
@@ -104,13 +108,17 @@ CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 i
CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.
OPENSSL_secure_free() returns no values.
OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.
=head1 SEE ALSO
L<OPENSSL_malloc(3)>,
L<BN_new(3)>
=head1 HISTORY
OPENSSL_secure_clear_free() was added in OpenSSL 1.1.0g.
=head1 COPYRIGHT
Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

2
doc/crypto/PEM_read_bio_PrivateKey.pod
View File

@@ -30,7 +30,7 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
#include <openssl/pem.h>
typedef int (*pem_password_cb)(char *buf, int size, int rwflag, void *u);
typedef int pem_password_cb(char *buf, int size, int rwflag, void *u);
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u);

2
doc/crypto/PKCS7_sign.pod
View File

@@ -46,7 +46,7 @@ required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
occurs. This option should be used if the supplied data is in binary format
otherwise the translation will corrupt it.
The signedData structure includes several PKCS#7 autenticatedAttributes
The signedData structure includes several PKCS#7 authenticatedAttributes
including the signing time, the PKCS#7 content type and the supported list of
ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just

2
doc/crypto/PKCS7_sign_add_signer.pod
View File

@@ -55,7 +55,7 @@ B<signcert> parameter though. This can reduce the size of the signature if the
signers certificate can be obtained by other means: for example a previously
signed message.
The signedData structure includes several PKCS#7 autenticatedAttributes
The signedData structure includes several PKCS#7 authenticatedAttributes
including the signing time, the PKCS#7 content type and the supported list of
ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just

2
doc/crypto/RAND_load_file.pod
View File

@@ -55,7 +55,7 @@ RAND_load_file() in a later session.
=head1 RETURN VALUES
RAND_load_file() returns the number of bytes read.
RAND_load_file() returns the number of bytes read or -1 on error.
RAND_write_file() returns the number of bytes written, and -1 if the
bytes written were generated without appropriate seed.

6
doc/crypto/RSA_get0_key.pod
View File

@@ -58,6 +58,10 @@ set with RSA_get0_factors() and RSA_set0_factors(), and the B<dmp1>,
B<dmq1> and B<iqmp> parameters can be obtained and set with
RSA_get0_crt_params() and RSA_set0_crt_params().
For RSA_get0_key(), RSA_get0_factors(), and RSA_get0_crt_params(),
NULL value BIGNUM ** output parameters are permitted. The functions
ignore NULL parameters but return values for other, non-NULL, parameters.
RSA_set_flags() sets the flags in the B<flags> parameter on the RSA
object. Multiple flags can be passed in one go (bitwise ORed together).
Any flags that are already set are left set. RSA_test_flags() tests to
@@ -94,7 +98,7 @@ L<rsa(3)>, L<RSA_new(3)>, L<RSA_size(3)>
=head1 HISTORY
The functions described here were added in OpenSSL version 1.1.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

2
doc/crypto/RSA_meth_new.pod
View File

@@ -221,7 +221,7 @@ L<RSA_set_method(3)>, L<RSA_size(3)>, L<RSA_get0_key(3)>
=head1 HISTORY
The functions described here were added in OpenSSL version 1.1.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

7
doc/crypto/RSA_padding_add_PKCS1_type_1.pod
View File

@@ -104,6 +104,13 @@ The RSA_padding_check_xxx() functions return the length of the
recovered data, -1 on error. Error codes can be obtained by calling
L<ERR_get_error(3)>.
=head1 WARNING
The RSA_padding_check_PKCS1_type_2() padding check leaks timing
information which can potentially be used to mount a Bleichenbacher
padding oracle attack. This is an inherent weakness in the PKCS #1
v1.5 padding design. Prefer PKCS1_OAEP padding.
=head1 SEE ALSO
L<RSA_public_encrypt(3)>,

7
doc/crypto/RSA_public_encrypt.pod
View File

@@ -67,6 +67,13 @@ recovered plaintext.
On error, -1 is returned; the error codes can be
obtained by L<ERR_get_error(3)>.
=head1 WARNING
Decryption failures in the RSA_PKCS1_PADDING mode leak information
which can potentially be used to mount a Bleichenbacher padding oracle
attack. This is an inherent weakness in the PKCS #1 v1.5 padding
design. Prefer RSA_PKCS1_OAEP_PADDING.
=head1 CONFORMING TO
SSL, PKCS #1 v2.0

14
doc/crypto/RSA_set_method.pod
View File

@@ -3,7 +3,7 @@
=head1 NAME
RSA_set_default_method, RSA_get_default_method, RSA_set_method,
RSA_get_method, RSA_PKCS1_OpenSSL, RSA_null_method, RSA_flags,
RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags,
RSA_new_method - select RSA method
=head1 SYNOPSIS
@@ -20,8 +20,6 @@ RSA_new_method - select RSA method
RSA_METHOD *RSA_PKCS1_OpenSSL(void);
RSA_METHOD *RSA_null_method(void);
int RSA_flags(const RSA *rsa);
RSA *RSA_new_method(ENGINE *engine);
@@ -38,8 +36,11 @@ Initially, the default RSA_METHOD is the OpenSSL internal implementation,
as returned by RSA_PKCS1_OpenSSL().
RSA_set_default_method() makes B<meth> the default method for all RSA
structures created later. B<NB>: This is true only whilst no ENGINE has
structures created later.
B<NB>: This is true only whilst no ENGINE has
been set as a default for RSA, so this function is no longer recommended.
This function is not thread-safe and should not be called at the same time
as other OpenSSL functions.
RSA_get_default_method() returns a pointer to the current default
RSA_METHOD. However, the meaningfulness of this result is dependent on
@@ -168,6 +169,11 @@ not currently exist).
L<RSA_new(3)>
=head1 HISTORY
The RSA_null_method(), which was a partial attempt to avoid patent issues,
was replaced to always return NULL in OpenSSL 1.1.0f.
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

2
doc/crypto/SCT_new.pod
View File

@@ -11,7 +11,7 @@ SCT_get_signature_nid, SCT_set_signature_nid,
SCT_get0_signature, SCT_set0_signature, SCT_set1_signature,
SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions,
SCT_get_source, SCT_set_source
- A Certificate Transparency Signed Certificate Timestamp
- A Certificate Transparency Signed Certificate Timestamp
=head1 SYNOPSIS

111
doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod Normal file
View File

@@ -0,0 +1,111 @@
=pod
=head1 NAME
SSL_CTX_set_tlsext_use_srtp,
SSL_set_tlsext_use_srtp,
SSL_get_srtp_profiles,
SSL_get_selected_srtp_profile
- Configure and query SRTP support
=head1 SYNOPSIS
#include <openssl/srtp.h>
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
=head1 DESCRIPTION
SRTP is the Secure Real-Time Transport Protocol. OpenSSL implements support for
the "use_srtp" DTLS extension defined in RFC5764. This provides a mechanism for
establishing SRTP keying material, algorithms and parameters using DTLS. This
capability may be used as part of an implementation that conforms to RFC5763.
OpenSSL does not implement SRTP itself or RFC5763. Note that OpenSSL does not
support the use of SRTP Master Key Identifiers (MKIs). Also note that this
extension is only supported in DTLS. Any SRTP configuration will be ignored if a
TLS connection is attempted.
An OpenSSL client wishing to send the "use_srtp" extension should call
SSL_CTX_set_tlsext_use_srtp() to set its use for all SSL objects subsequently
created from an SSL_CTX. Alternatively a client may call
SSL_set_tlsext_use_srtp() to set its use for an individual SSL object. The
B<profiles> parameters should point to a NUL-terminated, colon delimited list of
SRTP protection profile names.
The currently supported protection profile names are:
=over 4
=item SRTP_AES128_CM_SHA1_80
This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764.
=item SRTP_AES128_CM_SHA1_32
This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764.
=item SRTP_AEAD_AES_128_GCM
This corresponds to the profile of the same name defined in RFC7714.
=item SRTP_AEAD_AES_256_GCM
This corresponds to the profile of the same name defined in RFC7714.
=back
Supplying an unrecognised protection profile name will result in an error.
An OpenSSL server wishing to support the "use_srtp" extension should also call
SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() to indicate the
protection profiles that it is willing to negotiate.
The currently configured list of protection profiles for either a client or a
server can be obtained by calling SSL_get_srtp_profiles(). This returns a stack
of SRTP_PROTECTION_PROFILE objects. The memory pointed to in the return value of
this function should not be freed by the caller.
After a handshake has been completed the negotiated SRTP protection profile (if
any) can be obtained (on the client or the server) by calling
SSL_get_selected_srtp_profile(). This function will return NULL if no SRTP
protection profile was negotiated. The memory returned from this function should
not be freed by the caller.
If an SRTP protection profile has been sucessfully negotiated then the SRTP
keying material (on both the client and server) should be obtained via a call to
L<SSL_export_keying_material(3)>. This call should provide a label value of
"EXTRACTOR-dtls_srtp" and a NULL context value (use_context is 0). The total
length of keying material obtained should be equal to two times the sum of the
master key length and the salt length as defined for the protection profile in
use. This provides the client write master key, the server write master key, the
client write master salt and the server write master salt in that order.
=head1 RETURN VALUES
SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success
or 1 on error.
SSL_get_srtp_profiles() returns a stack of SRTP_PROTECTION_PROFILE objects on
success or NULL on error or if no protection profiles have been configured.
SSL_get_selected_srtp_profile() returns a pointer to an SRTP_PROTECTION_PROFILE
object if one has been negotiated or NULL otherwise.
=head1 SEE ALSO
L<SSL_export_keying_material(3)>
=head1 COPYRIGHT
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

6
doc/crypto/UI_STRING.pod
View File

@@ -99,9 +99,9 @@ UI_get0_output_string() returns the UI string output string.
UI_get0_action_string() returns the UI string action description
string for B<UIT_BOOLEAN> type UI strings, NULL for any other type.
UI_get0_result_string() returns the UI string action description
string for B<UIT_PROMPT> and B<UIT_VERIFY> type UI strings, NULL for
any other type.
UI_get0_result_string() returns the UI string result buffer for
B<UIT_PROMPT> and B<UIT_VERIFY> type UI strings, NULL for any other
type.
UI_get0_test_string() returns the UI string action description
string for B<UIT_VERIFY> type UI strings, NULL for any other type.

2
doc/crypto/X509_STORE_get0_param.pod
View File

@@ -43,7 +43,7 @@ L<X509_STORE_new(3)>
=head1 HISTORY
B<X509_STORE_get0_param> and B<X509_STORE_get0_objects> were added in
OpenSSL version 1.1.0.
OpenSSL 1.1.0.
=head1 COPYRIGHT

2
doc/crypto/X509_STORE_set_verify_cb_func.pod
View File

@@ -30,7 +30,7 @@ X509_STORE_get_verify_cb,
X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb,
X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn,
X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn,
X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn
X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn,
X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn,
X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn
- set verification callback

30
doc/crypto/X509_VERIFY_PARAM_set_flags.pod
View File

@@ -248,10 +248,14 @@ check the signature anyway. A side effect of not checking the root CA
signature is that disabled or unsupported message digests on the root CA
are not treated as fatal errors.
If B<X509_V_FLAG_TRUSTED_FIRST> is set, when constructing the certificate chain,
L<X509_verify_cert(3)> will search the trust store for issuer certificates before
searching the provided untrusted certificates.
As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.
When B<X509_V_FLAG_TRUSTED_FIRST> is set, construction of the certificate chain
in L<X509_verify_cert(3)> will search the trust store for issuer certificates
before searching the provided untrusted certificates.
Local issuer certificates are often more likely to satisfy local security
requirements and lead to a locally trusted root.
This is especially important when some certificates in the trust store have
explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>).
As of OpenSSL 1.1.0 this option is on by default.
The B<X509_V_FLAG_NO_ALT_CHAINS> flag suppresses checking for alternative
chains.
@@ -263,6 +267,19 @@ found that is trusted.
As of OpenSSL 1.1.0, with B<X509_V_FLAG_TRUSTED_FIRST> always set, this option
has no effect.
The B<X509_V_FLAG_PARTIAL_CHAIN> flag causes intermediate certificates in the
trust store to be treated as trust-anchors, in the same way as the self-signed
root CA certificates.
This makes it possible to trust certificates issued by an intermediate CA
without having to trust its ancestor root CA.
With OpenSSL 1.1.0 and later and <X509_V_FLAG_PARTIAL_CHAIN> set, chain
construction stops as soon as the first certificate from the trust store is
added to the chain, whether that certificate is a self-signed "root"
certificate or a not self-signed intermediate certificate.
Thus, when an intermediate certificate is found in the trust store, the
verified chain passed to callbacks may be shorter than it otherwise would
be without the B<X509_V_FLAG_PARTIAL_CHAIN> flag.
The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period
of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()
is used to specify a verification time, the check is not suppressed.
@@ -321,7 +338,8 @@ connections associated with an B<SSL_CTX> structure B<ctx>:
L<X509_verify_cert(3)>,
L<X509_check_host(3)>,
L<X509_check_email(3)>,
L<X509_check_ip(3)>
L<X509_check_ip(3)>,
L<x509(1)>
=head1 HISTORY
@@ -331,7 +349,7 @@ OpenSSL 1.1.0, and has no effect.
=head1 COPYRIGHT
Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

2
doc/crypto/X509_digest.pod
View File

@@ -5,7 +5,7 @@
X509_digest, X509_CRL_digest,
X509_pubkey_digest,
X509_NAME_digest,
X509_REQ_digest
X509_REQ_digest,
PKCS7_ISSUER_AND_SERIAL_digest
- get digest of various objects

Some files were not shown because too many files have changed in this diff Show More