From dc07fbdc797a1e89e7dc5f1a59b9ad070d8f60f4 Mon Sep 17 00:00:00 2001 From: jkim Date: Tue, 26 Feb 2019 19:36:57 +0000 Subject: [PATCH] Merge OpenSSL 1.0.2r. --- crypto/openssl/CHANGES | 27 +++ crypto/openssl/Makefile | 4 +- crypto/openssl/Makefile.org | 2 +- crypto/openssl/NEWS | 4 + crypto/openssl/README | 2 +- crypto/openssl/crypto/asn1/ameth_lib.c | 27 +-- crypto/openssl/crypto/bio/bss_file.c | 11 +- crypto/openssl/crypto/bn/bn_ctx.c | 4 +- crypto/openssl/crypto/bn/bn_lib.c | 3 + crypto/openssl/crypto/bn/bntest.c | 101 +++++++++ crypto/openssl/crypto/constant_time_locl.h | 6 + crypto/openssl/crypto/ec/ec_ameth.c | 2 +- crypto/openssl/crypto/err/Makefile | 2 +- crypto/openssl/crypto/err/err.c | 38 ++++ crypto/openssl/crypto/evp/evp.h | 2 + crypto/openssl/crypto/evp/evp_enc.c | 40 +++- crypto/openssl/crypto/evp/evp_err.c | 4 +- crypto/openssl/crypto/evp/evp_test.c | 4 +- crypto/openssl/crypto/opensslv.h | 6 +- crypto/openssl/crypto/rsa/Makefile | 6 +- crypto/openssl/crypto/rsa/rsa_eay.c | 15 +- crypto/openssl/crypto/rsa/rsa_oaep.c | 96 +++++---- crypto/openssl/crypto/rsa/rsa_pk1.c | 98 ++++----- crypto/openssl/crypto/rsa/rsa_ssl.c | 134 ++++++++---- crypto/openssl/doc/apps/ca.pod | 2 +- crypto/openssl/doc/crypto/PKCS12_parse.pod | 3 +- .../crypto/RSA_padding_add_PKCS1_type_1.pod | 7 +- .../doc/crypto/X509_NAME_ENTRY_get_object.pod | 3 - .../doc/{man3 => crypto}/X509_cmp_time.pod | 2 +- crypto/openssl/doc/ssl/SSL_get_error.pod | 13 +- crypto/openssl/doc/ssl/SSL_shutdown.pod | 4 + crypto/openssl/ssl/d1_pkt.c | 1 + crypto/openssl/ssl/s3_pkt.c | 10 +- crypto/openssl/ssl/t1_lib.c | 20 ++ secure/lib/libcrypto/Makefile.inc | 7 +- secure/lib/libcrypto/man/ASN1_OBJECT_new.3 | 40 ++-- secure/lib/libcrypto/man/ASN1_STRING_length.3 | 44 ++-- secure/lib/libcrypto/man/ASN1_STRING_new.3 | 36 ++-- .../lib/libcrypto/man/ASN1_STRING_print_ex.3 | 38 ++-- secure/lib/libcrypto/man/ASN1_TIME_set.3 | 52 ++--- .../lib/libcrypto/man/ASN1_generate_nconf.3 | 30 +-- secure/lib/libcrypto/man/BIO_ctrl.3 | 78 +++---- secure/lib/libcrypto/man/BIO_f_base64.3 | 32 +-- secure/lib/libcrypto/man/BIO_f_buffer.3 | 62 +++--- secure/lib/libcrypto/man/BIO_f_cipher.3 | 54 ++--- secure/lib/libcrypto/man/BIO_f_md.3 | 78 +++---- secure/lib/libcrypto/man/BIO_f_null.3 | 26 ++- secure/lib/libcrypto/man/BIO_f_ssl.3 | 76 +++---- secure/lib/libcrypto/man/BIO_find_type.3 | 44 ++-- secure/lib/libcrypto/man/BIO_new.3 | 44 ++-- secure/lib/libcrypto/man/BIO_new_CMS.3 | 42 ++-- secure/lib/libcrypto/man/BIO_push.3 | 36 ++-- secure/lib/libcrypto/man/BIO_read.3 | 52 ++--- secure/lib/libcrypto/man/BIO_s_accept.3 | 66 +++--- secure/lib/libcrypto/man/BIO_s_bio.3 | 100 ++++----- secure/lib/libcrypto/man/BIO_s_connect.3 | 98 ++++----- secure/lib/libcrypto/man/BIO_s_fd.3 | 74 +++---- secure/lib/libcrypto/man/BIO_s_file.3 | 88 ++++---- secure/lib/libcrypto/man/BIO_s_mem.3 | 42 ++-- secure/lib/libcrypto/man/BIO_s_null.3 | 26 ++- secure/lib/libcrypto/man/BIO_s_socket.3 | 44 ++-- secure/lib/libcrypto/man/BIO_set_callback.3 | 32 +-- secure/lib/libcrypto/man/BIO_should_retry.3 | 60 +++--- secure/lib/libcrypto/man/BN_BLINDING_new.3 | 62 +++--- secure/lib/libcrypto/man/BN_CTX_new.3 | 52 ++--- secure/lib/libcrypto/man/BN_CTX_start.3 | 48 +++-- secure/lib/libcrypto/man/BN_add.3 | 80 ++++---- secure/lib/libcrypto/man/BN_add_word.3 | 50 ++--- secure/lib/libcrypto/man/BN_bn2bin.3 | 68 +++--- secure/lib/libcrypto/man/BN_cmp.3 | 42 ++-- secure/lib/libcrypto/man/BN_copy.3 | 32 +-- secure/lib/libcrypto/man/BN_generate_prime.3 | 50 ++--- secure/lib/libcrypto/man/BN_mod_inverse.3 | 32 +-- .../lib/libcrypto/man/BN_mod_mul_montgomery.3 | 60 +++--- .../lib/libcrypto/man/BN_mod_mul_reciprocal.3 | 50 ++--- secure/lib/libcrypto/man/BN_new.3 | 42 ++-- secure/lib/libcrypto/man/BN_num_bytes.3 | 44 ++-- secure/lib/libcrypto/man/BN_rand.3 | 46 +++-- secure/lib/libcrypto/man/BN_set_bit.3 | 48 +++-- secure/lib/libcrypto/man/BN_swap.3 | 26 ++- secure/lib/libcrypto/man/BN_zero.3 | 46 +++-- secure/lib/libcrypto/man/CMS_add0_cert.3 | 46 +++-- .../libcrypto/man/CMS_add1_recipient_cert.3 | 38 ++-- secure/lib/libcrypto/man/CMS_add1_signer.3 | 46 +++-- secure/lib/libcrypto/man/CMS_compress.3 | 42 ++-- secure/lib/libcrypto/man/CMS_decrypt.3 | 44 ++-- secure/lib/libcrypto/man/CMS_encrypt.3 | 48 +++-- secure/lib/libcrypto/man/CMS_final.3 | 32 +-- .../libcrypto/man/CMS_get0_RecipientInfos.3 | 74 +++---- .../lib/libcrypto/man/CMS_get0_SignerInfos.3 | 54 ++--- secure/lib/libcrypto/man/CMS_get0_type.3 | 50 ++--- .../libcrypto/man/CMS_get1_ReceiptRequest.3 | 48 +++-- secure/lib/libcrypto/man/CMS_sign.3 | 44 ++-- secure/lib/libcrypto/man/CMS_sign_receipt.3 | 38 ++-- secure/lib/libcrypto/man/CMS_uncompress.3 | 36 ++-- secure/lib/libcrypto/man/CMS_verify.3 | 38 ++-- secure/lib/libcrypto/man/CMS_verify_receipt.3 | 38 ++-- secure/lib/libcrypto/man/CONF_modules_free.3 | 36 ++-- .../libcrypto/man/CONF_modules_load_file.3 | 44 ++-- secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 | 46 +++-- secure/lib/libcrypto/man/DH_generate_key.3 | 40 ++-- .../libcrypto/man/DH_generate_parameters.3 | 52 ++--- .../lib/libcrypto/man/DH_get_ex_new_index.3 | 30 +-- secure/lib/libcrypto/man/DH_new.3 | 40 ++-- secure/lib/libcrypto/man/DH_set_method.3 | 58 +++--- secure/lib/libcrypto/man/DH_size.3 | 28 +-- secure/lib/libcrypto/man/DSA_SIG_new.3 | 38 ++-- secure/lib/libcrypto/man/DSA_do_sign.3 | 40 ++-- secure/lib/libcrypto/man/DSA_dup_DH.3 | 32 +-- secure/lib/libcrypto/man/DSA_generate_key.3 | 36 ++-- .../libcrypto/man/DSA_generate_parameters.3 | 46 +++-- .../lib/libcrypto/man/DSA_get_ex_new_index.3 | 30 +-- secure/lib/libcrypto/man/DSA_new.3 | 40 ++-- secure/lib/libcrypto/man/DSA_set_method.3 | 58 +++--- secure/lib/libcrypto/man/DSA_sign.3 | 48 +++-- secure/lib/libcrypto/man/DSA_size.3 | 26 ++- .../lib/libcrypto/man/EC_GFp_simple_method.3 | 36 ++-- secure/lib/libcrypto/man/EC_GROUP_copy.3 | 30 +-- secure/lib/libcrypto/man/EC_GROUP_new.3 | 30 +-- secure/lib/libcrypto/man/EC_KEY_new.3 | 40 ++-- secure/lib/libcrypto/man/EC_POINT_add.3 | 30 +-- secure/lib/libcrypto/man/EC_POINT_new.3 | 30 +-- secure/lib/libcrypto/man/ERR_GET_LIB.3 | 34 +-- secure/lib/libcrypto/man/ERR_clear_error.3 | 30 +-- secure/lib/libcrypto/man/ERR_error_string.3 | 56 ++--- secure/lib/libcrypto/man/ERR_get_error.3 | 56 ++--- .../libcrypto/man/ERR_load_crypto_strings.3 | 38 ++-- secure/lib/libcrypto/man/ERR_load_strings.3 | 38 ++-- secure/lib/libcrypto/man/ERR_print_errors.3 | 38 ++-- secure/lib/libcrypto/man/ERR_put_error.3 | 36 ++-- secure/lib/libcrypto/man/ERR_remove_state.3 | 30 +-- secure/lib/libcrypto/man/ERR_set_mark.3 | 34 +-- secure/lib/libcrypto/man/EVP_BytesToKey.3 | 32 +-- secure/lib/libcrypto/man/EVP_DigestInit.3 | 124 +++++------ secure/lib/libcrypto/man/EVP_DigestSignInit.3 | 60 +++--- .../lib/libcrypto/man/EVP_DigestVerifyInit.3 | 56 ++--- secure/lib/libcrypto/man/EVP_EncodeInit.3 | 56 ++--- secure/lib/libcrypto/man/EVP_EncryptInit.3 | 176 ++++++++-------- secure/lib/libcrypto/man/EVP_OpenInit.3 | 46 +++-- secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 | 66 +++--- secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 | 36 ++-- secure/lib/libcrypto/man/EVP_PKEY_cmp.3 | 46 +++-- secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 | 44 ++-- secure/lib/libcrypto/man/EVP_PKEY_derive.3 | 46 +++-- secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 | 52 ++--- .../man/EVP_PKEY_get_default_digest.3 | 34 +-- secure/lib/libcrypto/man/EVP_PKEY_keygen.3 | 60 +++--- secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 | 112 +++++----- secure/lib/libcrypto/man/EVP_PKEY_new.3 | 36 ++-- .../libcrypto/man/EVP_PKEY_print_private.3 | 32 +-- secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 | 54 ++--- secure/lib/libcrypto/man/EVP_PKEY_sign.3 | 54 ++--- secure/lib/libcrypto/man/EVP_PKEY_verify.3 | 46 +++-- .../libcrypto/man/EVP_PKEY_verify_recover.3 | 46 +++-- secure/lib/libcrypto/man/EVP_SealInit.3 | 50 ++--- secure/lib/libcrypto/man/EVP_SignInit.3 | 70 ++++--- secure/lib/libcrypto/man/EVP_VerifyInit.3 | 68 +++--- secure/lib/libcrypto/man/OBJ_nid2obj.3 | 60 +++--- secure/lib/libcrypto/man/OPENSSL_Applink.3 | 22 +- .../libcrypto/man/OPENSSL_VERSION_NUMBER.3 | 30 +-- secure/lib/libcrypto/man/OPENSSL_config.3 | 44 ++-- secure/lib/libcrypto/man/OPENSSL_ia32cap.3 | 24 ++- .../libcrypto/man/OPENSSL_instrument_bus.3 | 22 +- .../man/OPENSSL_load_builtin_modules.3 | 38 ++-- .../man/OpenSSL_add_all_algorithms.3 | 44 ++-- .../libcrypto/man/PEM_write_bio_CMS_stream.3 | 42 ++-- .../man/PEM_write_bio_PKCS7_stream.3 | 42 ++-- secure/lib/libcrypto/man/PKCS12_create.3 | 28 +-- secure/lib/libcrypto/man/PKCS12_parse.3 | 35 ++-- secure/lib/libcrypto/man/PKCS7_decrypt.3 | 38 ++-- secure/lib/libcrypto/man/PKCS7_encrypt.3 | 44 ++-- secure/lib/libcrypto/man/PKCS7_sign.3 | 40 ++-- .../lib/libcrypto/man/PKCS7_sign_add_signer.3 | 42 ++-- secure/lib/libcrypto/man/PKCS7_verify.3 | 42 ++-- secure/lib/libcrypto/man/RAND_add.3 | 52 ++--- secure/lib/libcrypto/man/RAND_bytes.3 | 40 ++-- secure/lib/libcrypto/man/RAND_cleanup.3 | 30 +-- secure/lib/libcrypto/man/RAND_egd.3 | 58 +++--- secure/lib/libcrypto/man/RAND_load_file.3 | 40 ++-- .../lib/libcrypto/man/RAND_set_rand_method.3 | 48 +++-- secure/lib/libcrypto/man/RSA_blinding_on.3 | 36 ++-- secure/lib/libcrypto/man/RSA_check_key.3 | 34 +-- secure/lib/libcrypto/man/RSA_generate_key.3 | 44 ++-- .../lib/libcrypto/man/RSA_get_ex_new_index.3 | 76 +++---- secure/lib/libcrypto/man/RSA_new.3 | 40 ++-- .../man/RSA_padding_add_PKCS1_type_1.3 | 67 +++--- secure/lib/libcrypto/man/RSA_print.3 | 30 +-- .../lib/libcrypto/man/RSA_private_encrypt.3 | 38 ++-- secure/lib/libcrypto/man/RSA_public_encrypt.3 | 38 ++-- secure/lib/libcrypto/man/RSA_set_method.3 | 78 +++---- secure/lib/libcrypto/man/RSA_sign.3 | 42 ++-- .../man/RSA_sign_ASN1_OCTET_STRING.3 | 42 ++-- secure/lib/libcrypto/man/RSA_size.3 | 26 ++- secure/lib/libcrypto/man/SMIME_read_CMS.3 | 44 ++-- secure/lib/libcrypto/man/SMIME_read_PKCS7.3 | 44 ++-- secure/lib/libcrypto/man/SMIME_write_CMS.3 | 40 ++-- secure/lib/libcrypto/man/SMIME_write_PKCS7.3 | 42 ++-- .../man/X509_NAME_ENTRY_get_object.3 | 53 ++--- .../man/X509_NAME_add_entry_by_txt.3 | 42 ++-- .../man/X509_NAME_get_index_by_NID.3 | 50 ++--- secure/lib/libcrypto/man/X509_NAME_print_ex.3 | 42 ++-- .../libcrypto/man/X509_STORE_CTX_get_error.3 | 52 ++--- .../man/X509_STORE_CTX_get_ex_new_index.3 | 32 +-- secure/lib/libcrypto/man/X509_STORE_CTX_new.3 | 80 ++++---- .../man/X509_STORE_CTX_set_verify_cb.3 | 36 ++-- .../man/X509_STORE_set_verify_cb_func.3 | 36 ++-- .../man/X509_VERIFY_PARAM_set_flags.3 | 98 ++++----- secure/lib/libcrypto/man/X509_check_host.3 | 52 ++--- .../libcrypto/man/X509_check_private_key.3 | 32 +-- secure/lib/libcrypto/man/X509_cmp_time.3 | 28 +-- secure/lib/libcrypto/man/X509_new.3 | 36 ++-- secure/lib/libcrypto/man/X509_verify_cert.3 | 34 +-- secure/lib/libcrypto/man/bio.3 | 48 +++-- secure/lib/libcrypto/man/blowfish.3 | 50 ++--- secure/lib/libcrypto/man/bn.3 | 58 +++--- secure/lib/libcrypto/man/bn_internal.3 | 56 ++--- secure/lib/libcrypto/man/buffer.3 | 50 ++--- secure/lib/libcrypto/man/crypto.3 | 52 ++--- secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 | 28 +-- .../lib/libcrypto/man/d2i_CMS_ContentInfo.3 | 28 +-- secure/lib/libcrypto/man/d2i_DHparams.3 | 28 +-- secure/lib/libcrypto/man/d2i_DSAPublicKey.3 | 38 ++-- secure/lib/libcrypto/man/d2i_ECPKParameters.3 | 48 +++-- secure/lib/libcrypto/man/d2i_ECPrivateKey.3 | 48 +++-- .../lib/libcrypto/man/d2i_PKCS8PrivateKey.3 | 30 +-- secure/lib/libcrypto/man/d2i_PrivateKey.3 | 48 +++-- secure/lib/libcrypto/man/d2i_RSAPublicKey.3 | 36 ++-- secure/lib/libcrypto/man/d2i_X509.3 | 84 ++++---- secure/lib/libcrypto/man/d2i_X509_ALGOR.3 | 28 +-- secure/lib/libcrypto/man/d2i_X509_CRL.3 | 28 +-- secure/lib/libcrypto/man/d2i_X509_NAME.3 | 28 +-- secure/lib/libcrypto/man/d2i_X509_REQ.3 | 28 +-- secure/lib/libcrypto/man/d2i_X509_SIG.3 | 28 +-- secure/lib/libcrypto/man/des.3 | 148 ++++++------- secure/lib/libcrypto/man/dh.3 | 38 ++-- secure/lib/libcrypto/man/dsa.3 | 48 +++-- secure/lib/libcrypto/man/ec.3 | 42 ++-- secure/lib/libcrypto/man/ecdsa.3 | 58 +++--- secure/lib/libcrypto/man/engine.3 | 76 +++---- secure/lib/libcrypto/man/err.3 | 68 +++--- secure/lib/libcrypto/man/evp.3 | 88 ++++---- secure/lib/libcrypto/man/hmac.3 | 62 +++--- secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 | 42 ++-- .../lib/libcrypto/man/i2d_PKCS7_bio_stream.3 | 42 ++-- secure/lib/libcrypto/man/lh_stats.3 | 32 +-- secure/lib/libcrypto/man/lhash.3 | 88 ++++---- secure/lib/libcrypto/man/md5.3 | 50 ++--- secure/lib/libcrypto/man/mdc2.3 | 40 ++-- secure/lib/libcrypto/man/pem.3 | 40 ++-- secure/lib/libcrypto/man/rand.3 | 46 +++-- secure/lib/libcrypto/man/rc4.3 | 36 ++-- secure/lib/libcrypto/man/ripemd.3 | 42 ++-- secure/lib/libcrypto/man/rsa.3 | 46 +++-- secure/lib/libcrypto/man/sha.3 | 44 ++-- secure/lib/libcrypto/man/threads.3 | 64 +++--- secure/lib/libcrypto/man/ui.3 | 84 ++++---- secure/lib/libcrypto/man/ui_compat.3 | 42 ++-- secure/lib/libcrypto/man/x509.3 | 48 +++-- secure/lib/libssl/man/SSL_CIPHER_get_name.3 | 48 +++-- .../man/SSL_COMP_add_compression_method.3 | 36 ++-- secure/lib/libssl/man/SSL_CONF_CTX_new.3 | 40 ++-- .../lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 | 38 ++-- .../lib/libssl/man/SSL_CONF_CTX_set_flags.3 | 44 ++-- .../lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 | 42 ++-- secure/lib/libssl/man/SSL_CONF_cmd.3 | 70 ++++--- secure/lib/libssl/man/SSL_CONF_cmd_argv.3 | 36 ++-- .../lib/libssl/man/SSL_CTX_add1_chain_cert.3 | 64 +++--- .../libssl/man/SSL_CTX_add_extra_chain_cert.3 | 62 +++--- secure/lib/libssl/man/SSL_CTX_add_session.3 | 42 ++-- secure/lib/libssl/man/SSL_CTX_ctrl.3 | 28 +-- .../lib/libssl/man/SSL_CTX_flush_sessions.3 | 46 +++-- secure/lib/libssl/man/SSL_CTX_free.3 | 36 ++-- secure/lib/libssl/man/SSL_CTX_get0_param.3 | 34 +-- .../lib/libssl/man/SSL_CTX_get_ex_new_index.3 | 42 ++-- .../lib/libssl/man/SSL_CTX_get_verify_mode.3 | 36 ++-- .../man/SSL_CTX_load_verify_locations.3 | 44 ++-- secure/lib/libssl/man/SSL_CTX_new.3 | 56 ++--- secure/lib/libssl/man/SSL_CTX_sess_number.3 | 56 ++--- .../libssl/man/SSL_CTX_sess_set_cache_size.3 | 42 ++-- .../lib/libssl/man/SSL_CTX_sess_set_get_cb.3 | 64 +++--- secure/lib/libssl/man/SSL_CTX_sessions.3 | 36 ++-- secure/lib/libssl/man/SSL_CTX_set1_curves.3 | 50 ++--- .../man/SSL_CTX_set1_verify_cert_store.3 | 58 +++--- .../libssl/man/SSL_CTX_set_alpn_select_cb.3 | 40 ++-- secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 | 50 ++--- .../lib/libssl/man/SSL_CTX_set_cert_store.3 | 52 ++--- .../man/SSL_CTX_set_cert_verify_callback.3 | 40 ++-- .../lib/libssl/man/SSL_CTX_set_cipher_list.3 | 46 +++-- .../libssl/man/SSL_CTX_set_client_CA_list.3 | 56 ++--- .../libssl/man/SSL_CTX_set_client_cert_cb.3 | 56 ++--- .../libssl/man/SSL_CTX_set_custom_cli_ext.3 | 32 +-- .../man/SSL_CTX_set_default_passwd_cb.3 | 40 ++-- .../man/SSL_CTX_set_generate_session_id.3 | 48 +++-- .../libssl/man/SSL_CTX_set_info_callback.3 | 42 ++-- .../libssl/man/SSL_CTX_set_max_cert_list.3 | 44 ++-- secure/lib/libssl/man/SSL_CTX_set_mode.3 | 52 ++--- .../lib/libssl/man/SSL_CTX_set_msg_callback.3 | 40 ++-- secure/lib/libssl/man/SSL_CTX_set_options.3 | 72 ++++--- .../man/SSL_CTX_set_psk_client_callback.3 | 26 ++- .../libssl/man/SSL_CTX_set_quiet_shutdown.3 | 54 ++--- .../lib/libssl/man/SSL_CTX_set_read_ahead.3 | 30 +-- .../man/SSL_CTX_set_session_cache_mode.3 | 58 +++--- .../man/SSL_CTX_set_session_id_context.3 | 34 +-- .../lib/libssl/man/SSL_CTX_set_ssl_version.3 | 48 +++-- secure/lib/libssl/man/SSL_CTX_set_timeout.3 | 48 +++-- .../SSL_CTX_set_tlsext_servername_callback.3 | 38 ++-- .../libssl/man/SSL_CTX_set_tlsext_status_cb.3 | 46 +++-- .../man/SSL_CTX_set_tlsext_ticket_key_cb.3 | 36 ++-- .../libssl/man/SSL_CTX_set_tmp_dh_callback.3 | 48 +++-- .../libssl/man/SSL_CTX_set_tmp_rsa_callback.3 | 54 ++--- secure/lib/libssl/man/SSL_CTX_set_verify.3 | 64 +++--- .../lib/libssl/man/SSL_CTX_use_certificate.3 | 110 +++++----- .../man/SSL_CTX_use_psk_identity_hint.3 | 32 +-- .../lib/libssl/man/SSL_CTX_use_serverinfo.3 | 30 +-- secure/lib/libssl/man/SSL_SESSION_free.3 | 44 ++-- .../libssl/man/SSL_SESSION_get_ex_new_index.3 | 46 +++-- secure/lib/libssl/man/SSL_SESSION_get_time.3 | 46 +++-- secure/lib/libssl/man/SSL_accept.3 | 54 ++--- secure/lib/libssl/man/SSL_alert_type_string.3 | 40 ++-- secure/lib/libssl/man/SSL_check_chain.3 | 32 +-- secure/lib/libssl/man/SSL_clear.3 | 52 ++--- secure/lib/libssl/man/SSL_connect.3 | 54 ++--- secure/lib/libssl/man/SSL_do_handshake.3 | 54 ++--- .../libssl/man/SSL_export_keying_material.3 | 26 ++- secure/lib/libssl/man/SSL_free.3 | 42 ++-- secure/lib/libssl/man/SSL_get_SSL_CTX.3 | 28 +-- secure/lib/libssl/man/SSL_get_ciphers.3 | 38 ++-- .../lib/libssl/man/SSL_get_client_CA_list.3 | 42 ++-- .../lib/libssl/man/SSL_get_current_cipher.3 | 36 ++-- .../lib/libssl/man/SSL_get_default_timeout.3 | 38 ++-- secure/lib/libssl/man/SSL_get_error.3 | 69 ++++--- .../man/SSL_get_ex_data_X509_STORE_CTX_idx.3 | 40 ++-- secure/lib/libssl/man/SSL_get_ex_new_index.3 | 46 +++-- secure/lib/libssl/man/SSL_get_fd.3 | 30 +-- .../lib/libssl/man/SSL_get_peer_cert_chain.3 | 28 +-- .../lib/libssl/man/SSL_get_peer_certificate.3 | 34 +-- secure/lib/libssl/man/SSL_get_psk_identity.3 | 32 +-- secure/lib/libssl/man/SSL_get_rbio.3 | 26 ++- secure/lib/libssl/man/SSL_get_session.3 | 50 ++--- secure/lib/libssl/man/SSL_get_verify_result.3 | 40 ++-- secure/lib/libssl/man/SSL_get_version.3 | 26 ++- secure/lib/libssl/man/SSL_library_init.3 | 44 ++-- .../lib/libssl/man/SSL_load_client_CA_file.3 | 32 +-- secure/lib/libssl/man/SSL_new.3 | 32 +-- secure/lib/libssl/man/SSL_pending.3 | 38 ++-- secure/lib/libssl/man/SSL_read.3 | 92 +++++---- secure/lib/libssl/man/SSL_rstate_string.3 | 30 +-- secure/lib/libssl/man/SSL_session_reused.3 | 26 ++- secure/lib/libssl/man/SSL_set_bio.3 | 34 +-- secure/lib/libssl/man/SSL_set_connect_state.3 | 52 ++--- secure/lib/libssl/man/SSL_set_fd.3 | 34 +-- secure/lib/libssl/man/SSL_set_session.3 | 42 ++-- secure/lib/libssl/man/SSL_set_shutdown.3 | 44 ++-- secure/lib/libssl/man/SSL_set_verify_result.3 | 36 ++-- secure/lib/libssl/man/SSL_shutdown.3 | 84 ++++---- secure/lib/libssl/man/SSL_state_string.3 | 30 +-- secure/lib/libssl/man/SSL_want.3 | 52 ++--- secure/lib/libssl/man/SSL_write.3 | 82 ++++---- secure/lib/libssl/man/d2i_SSL_SESSION.3 | 50 ++--- secure/lib/libssl/man/ssl.3 | 194 +++++++++--------- secure/usr.bin/openssl/man/CA.pl.1 | 28 +-- secure/usr.bin/openssl/man/asn1parse.1 | 26 ++- secure/usr.bin/openssl/man/ca.1 | 36 ++-- secure/usr.bin/openssl/man/ciphers.1 | 24 ++- secure/usr.bin/openssl/man/cms.1 | 30 +-- secure/usr.bin/openssl/man/crl.1 | 26 ++- secure/usr.bin/openssl/man/crl2pkcs7.1 | 24 ++- secure/usr.bin/openssl/man/dgst.1 | 26 ++- secure/usr.bin/openssl/man/dhparam.1 | 26 ++- secure/usr.bin/openssl/man/dsa.1 | 30 +-- secure/usr.bin/openssl/man/dsaparam.1 | 30 +-- secure/usr.bin/openssl/man/ec.1 | 28 +-- secure/usr.bin/openssl/man/ecparam.1 | 28 +-- secure/usr.bin/openssl/man/enc.1 | 24 ++- secure/usr.bin/openssl/man/errstr.1 | 28 +-- secure/usr.bin/openssl/man/gendsa.1 | 28 +-- secure/usr.bin/openssl/man/genpkey.1 | 26 ++- secure/usr.bin/openssl/man/genrsa.1 | 28 +-- secure/usr.bin/openssl/man/nseq.1 | 22 +- secure/usr.bin/openssl/man/ocsp.1 | 22 +- secure/usr.bin/openssl/man/openssl.1 | 50 ++--- secure/usr.bin/openssl/man/passwd.1 | 22 +- secure/usr.bin/openssl/man/pkcs12.1 | 34 +-- secure/usr.bin/openssl/man/pkcs7.1 | 24 ++- secure/usr.bin/openssl/man/pkcs8.1 | 30 +-- secure/usr.bin/openssl/man/pkey.1 | 32 +-- secure/usr.bin/openssl/man/pkeyparam.1 | 26 ++- secure/usr.bin/openssl/man/pkeyutl.1 | 30 +-- secure/usr.bin/openssl/man/rand.1 | 26 ++- secure/usr.bin/openssl/man/req.1 | 40 ++-- secure/usr.bin/openssl/man/rsa.1 | 30 +-- secure/usr.bin/openssl/man/rsautl.1 | 24 ++- secure/usr.bin/openssl/man/s_client.1 | 30 +-- secure/usr.bin/openssl/man/s_server.1 | 28 +-- secure/usr.bin/openssl/man/s_time.1 | 36 ++-- secure/usr.bin/openssl/man/sess_id.1 | 24 ++- secure/usr.bin/openssl/man/smime.1 | 28 +-- secure/usr.bin/openssl/man/speed.1 | 22 +- secure/usr.bin/openssl/man/spkac.1 | 26 ++- secure/usr.bin/openssl/man/ts.1 | 54 ++--- secure/usr.bin/openssl/man/tsget.1 | 26 ++- secure/usr.bin/openssl/man/verify.1 | 24 ++- secure/usr.bin/openssl/man/version.1 | 22 +- secure/usr.bin/openssl/man/x509.1 | 32 +-- secure/usr.bin/openssl/man/x509v3_config.1 | 30 +-- 405 files changed, 9584 insertions(+), 7750 deletions(-) rename crypto/openssl/doc/{man3 => crypto}/X509_cmp_time.pod (93%) diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index cd435524db0..850e13f41c6 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -7,6 +7,33 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.0.2q and 1.0.2r [26 Feb 2019] + + *) 0-byte record padding oracle + + If an application encounters a fatal protocol error and then calls + SSL_shutdown() twice (once to send a close_notify, and once to receive one) + then OpenSSL can respond differently to the calling application if a 0 byte + record is received with invalid padding compared to if a 0 byte record is + received with an invalid MAC. If the application then behaves differently + based on that in a way that is detectable to the remote peer, then this + amounts to a padding oracle that could be used to decrypt data. + + In order for this to be exploitable "non-stitched" ciphersuites must be in + use. Stitched ciphersuites are optimised implementations of certain + commonly used ciphersuites. Also the application must call SSL_shutdown() + twice even if a protocol error has occurred (applications should not do + this but some do anyway). + + This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod + Aviram, with additional investigation by Steven Collison and Andrew + Hourselt. It was reported to OpenSSL on 10th December 2018. + (CVE-2019-1559) + [Matt Caswell] + + *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0(). + [Richard Levitte] + Changes between 1.0.2p and 1.0.2q [20 Nov 2018] *) Microarchitecture timing vulnerability in ECC scalar multiplication diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile index 8d0b9998738..2ffb28002ee 100644 --- a/crypto/openssl/Makefile +++ b/crypto/openssl/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2q +VERSION=1.0.2r MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -521,7 +521,7 @@ $(TARFILE).list: find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \ - \! -name '.#*' \! -name '*~' \! -type l \ + \! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \ | sort > $(TARFILE).list tar: $(TARFILE).list diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org index 89e5271801d..1d386a47b24 100644 --- a/crypto/openssl/Makefile.org +++ b/crypto/openssl/Makefile.org @@ -519,7 +519,7 @@ $(TARFILE).list: find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \ - \! -name '.#*' \! -name '*~' \! -type l \ + \! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \ | sort > $(TARFILE).list tar: $(TARFILE).list diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index 2c7473ab714..4d4e9df3793 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] + + o 0-byte record padding oracle (CVE-2019-1559) + Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) diff --git a/crypto/openssl/README b/crypto/openssl/README index ab31b382443..8404d214e23 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2q 20 Nov 2018 + OpenSSL 1.0.2r 26 Feb 2019 Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/openssl/crypto/asn1/ameth_lib.c b/crypto/openssl/crypto/asn1/ameth_lib.c index cc8f9a8243e..d04f7861a1b 100644 --- a/crypto/openssl/crypto/asn1/ameth_lib.c +++ b/crypto/openssl/crypto/asn1/ameth_lib.c @@ -234,6 +234,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) { + /* + * One of the following must be true: + * + * pem_str == NULL AND ASN1_PKEY_ALIAS is set + * pem_str != NULL AND ASN1_PKEY_ALIAS is clear + * + * Anything else is an error and may lead to a corrupt ASN1 method table + */ + if (!((ameth->pem_str == NULL + && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0) + || (ameth->pem_str != NULL + && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) { + return 0; + } + if (app_methods == NULL) { app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); if (!app_methods) @@ -305,18 +320,6 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, } else ameth->info = NULL; - /* - * One of the following must be true: - * - * pem_str == NULL AND ASN1_PKEY_ALIAS is set - * pem_str != NULL AND ASN1_PKEY_ALIAS is clear - * - * Anything else is an error and may lead to a corrupt ASN1 method table - */ - if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0) - || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0))) - goto err; - if (pem_str) { ameth->pem_str = BUF_strdup(pem_str); if (!ameth->pem_str) diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c index bbf906fabba..024d0cf418b 100644 --- a/crypto/openssl/crypto/bio/bss_file.c +++ b/crypto/openssl/crypto/bio/bss_file.c @@ -361,12 +361,16 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) } else _setmode(fd, _O_BINARY); } -# elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) +# elif defined(OPENSSL_SYS_OS2) int fd = fileno((FILE *)ptr); if (num & BIO_FP_TEXT) setmode(fd, O_TEXT); else setmode(fd, O_BINARY); +# elif defined(OPENSSL_SYS_WIN32_CYGWIN) + int fd = fileno((FILE *)ptr); + if (!(num & BIO_FP_TEXT)) + setmode(fd, O_BINARY); # endif } break; @@ -389,11 +393,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) if (!(num & BIO_FP_TEXT)) strcat(p, "b"); else strcat(p, "t"); +# elif defined(OPENSSL_SYS_WIN32_CYGWIN) + if (!(num & BIO_FP_TEXT)) + strcat(p, "b"); # endif # if defined(OPENSSL_SYS_NETWARE) if (!(num & BIO_FP_TEXT)) diff --git a/crypto/openssl/crypto/bn/bn_ctx.c b/crypto/openssl/crypto/bn/bn_ctx.c index 526c6a046d1..d18eedbd455 100644 --- a/crypto/openssl/crypto/bn/bn_ctx.c +++ b/crypto/openssl/crypto/bn/bn_ctx.c @@ -1,7 +1,7 @@ /* crypto/bn/bn_ctx.c */ /* Written by Ulf Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -299,6 +299,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) } /* OK, make sure the returned bignum is "zero" */ BN_zero(ret); + /* clear BN_FLG_CONSTTIME if leaked from previous frames */ + ret->flags &= (~BN_FLG_CONSTTIME); ctx->used++; CTXDBG_RET(ctx, ret); return ret; diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c index 9b95e5f2bd9..2a84698af8c 100644 --- a/crypto/openssl/crypto/bn/bn_lib.c +++ b/crypto/openssl/crypto/bn/bn_lib.c @@ -836,6 +836,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) int i; BN_ULONG aa, bb; + if (n == 0) + return 0; + aa = a[n - 1]; bb = b[n - 1]; if (aa != bb) diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/openssl/crypto/bn/bntest.c index abe5dbe0b01..75aa7075abd 100644 --- a/crypto/openssl/crypto/bn/bntest.c +++ b/crypto/openssl/crypto/bn/bntest.c @@ -89,6 +89,10 @@ #include #include +#ifndef OSSL_NELEM +# define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0])) +#endif + const int num0 = 100; /* number of tests */ const int num1 = 50; /* additional tests for some functions */ const int num2 = 5; /* number of tests for slow functions */ @@ -123,6 +127,7 @@ int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx); int test_kron(BIO *bp, BN_CTX *ctx); int test_sqrt(BIO *bp, BN_CTX *ctx); int rand_neg(void); +static int test_ctx_consttime_flag(void); static int results = 0; static unsigned char lst[] = @@ -330,6 +335,15 @@ int main(int argc, char *argv[]) goto err; (void)BIO_flush(out); #endif + + /* silently flush any pre-existing error on the stack */ + ERR_clear_error(); + + message(out, "BN_CTX_get BN_FLG_CONSTTIME"); + if (!test_ctx_consttime_flag()) + goto err; + (void)BIO_flush(out); + BN_CTX_free(ctx); BIO_free(out); @@ -2158,3 +2172,90 @@ int rand_neg(void) return (sign[(neg++) % 8]); } + +static int test_ctx_set_ct_flag(BN_CTX *c) +{ + int st = 0; + size_t i; + BIGNUM *b[15]; + + BN_CTX_start(c); + for (i = 0; i < OSSL_NELEM(b); i++) { + if (NULL == (b[i] = BN_CTX_get(c))) { + fprintf(stderr, "ERROR: BN_CTX_get() failed.\n"); + goto err; + } + if (i % 2 == 1) + BN_set_flags(b[i], BN_FLG_CONSTTIME); + } + + st = 1; + err: + BN_CTX_end(c); + return st; +} + +static int test_ctx_check_ct_flag(BN_CTX *c) +{ + int st = 0; + size_t i; + BIGNUM *b[30]; + + BN_CTX_start(c); + for (i = 0; i < OSSL_NELEM(b); i++) { + if (NULL == (b[i] = BN_CTX_get(c))) { + fprintf(stderr, "ERROR: BN_CTX_get() failed.\n"); + goto err; + } + if (BN_get_flags(b[i], BN_FLG_CONSTTIME) != 0) { + fprintf(stderr, "ERROR: BN_FLG_CONSTTIME should not be set.\n"); + goto err; + } + } + + st = 1; + err: + BN_CTX_end(c); + return st; +} + +static int test_ctx_consttime_flag(void) +{ + /*- + * The constant-time flag should not "leak" among BN_CTX frames: + * + * - test_ctx_set_ct_flag() starts a frame in the given BN_CTX and + * sets the BN_FLG_CONSTTIME flag on some of the BIGNUMs obtained + * from the frame before ending it. + * - test_ctx_check_ct_flag() then starts a new frame and gets a + * number of BIGNUMs from it. In absence of leaks, none of the + * BIGNUMs in the new frame should have BN_FLG_CONSTTIME set. + * + * In actual BN_CTX usage inside libcrypto the leak could happen at + * any depth level in the BN_CTX stack, with varying results + * depending on the patterns of sibling trees of nested function + * calls sharing the same BN_CTX object, and the effect of + * unintended BN_FLG_CONSTTIME on the called BN_* functions. + * + * This simple unit test abstracts away this complexity and verifies + * that the leak does not happen between two sibling functions + * sharing the same BN_CTX object at the same level of nesting. + * + */ + BN_CTX *c = NULL; + int st = 0; + + if (NULL == (c = BN_CTX_new())) { + fprintf(stderr, "ERROR: BN_CTX_new() failed.\n"); + goto err; + } + + if (!test_ctx_set_ct_flag(c) + || !test_ctx_check_ct_flag(c)) + goto err; + + st = 1; + err: + BN_CTX_free(c); + return st; +} diff --git a/crypto/openssl/crypto/constant_time_locl.h b/crypto/openssl/crypto/constant_time_locl.h index c786aea9494..a5734f2fece 100644 --- a/crypto/openssl/crypto/constant_time_locl.h +++ b/crypto/openssl/crypto/constant_time_locl.h @@ -204,6 +204,12 @@ static inline int constant_time_select_int(unsigned int mask, int a, int b) return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); } +/* + * Expected usage pattern is to unconditionally set error and then + * wipe it if there was no actual error. |clear| is 1 or 0. + */ +void err_clear_last_constant_time(int clear); + #ifdef __cplusplus } #endif diff --git a/crypto/openssl/crypto/ec/ec_ameth.c b/crypto/openssl/crypto/ec/ec_ameth.c index aa5f3056af7..db7e791bf53 100644 --- a/crypto/openssl/crypto/ec/ec_ameth.c +++ b/crypto/openssl/crypto/ec/ec_ameth.c @@ -601,7 +601,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha256; - return 2; + return 1; default: return -2; diff --git a/crypto/openssl/crypto/err/Makefile b/crypto/openssl/crypto/err/Makefile index b6f3ef1778d..a09312b9f05 100644 --- a/crypto/openssl/crypto/err/Makefile +++ b/crypto/openssl/crypto/err/Makefile @@ -82,7 +82,7 @@ err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -err.o: ../cryptlib.h err.c +err.o: ../constant_time_locl.h ../cryptlib.h err.c err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c index e9ef2156e11..5ce774a3f56 100644 --- a/crypto/openssl/crypto/err/err.c +++ b/crypto/openssl/crypto/err/err.c @@ -118,6 +118,7 @@ #include #include #include +#include "constant_time_locl.h" DECLARE_LHASH_OF(ERR_STRING_DATA); DECLARE_LHASH_OF(ERR_STATE); @@ -1156,3 +1157,40 @@ int ERR_pop_to_mark(void) es->err_flags[es->top] &= ~ERR_FLAG_MARK; return 1; } + +#ifdef UINTPTR_T +# undef UINTPTR_T +#endif +/* + * uintptr_t is the answer, but unformtunately we can't assume that all + * compilers supported by 1.0.2 have it :-( + */ +#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64 +/* + * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4 + * even in 64-bit builds, which means that it won't work as mask. + */ +# define UINTPTR_T unsigned long long +#else +# define UINTPTR_T size_t +#endif + +void err_clear_last_constant_time(int clear) +{ + ERR_STATE *es; + int top; + + es = ERR_get_state(); + if (es == NULL) + return; + + top = es->top; + + es->err_flags[top] &= ~(0 - clear); + es->err_buffer[top] &= ~(0UL - clear); + es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] & + ~((UINTPTR_T)0 - clear)); + es->err_line[top] |= 0 - clear; + + es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS; +} diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h index cf1de15e6d0..883a9434899 100644 --- a/crypto/openssl/crypto/evp/evp.h +++ b/crypto/openssl/crypto/evp/evp.h @@ -1489,8 +1489,10 @@ void ERR_load_EVP_strings(void); # define EVP_F_EVP_CIPHER_CTX_CTRL 124 # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 # define EVP_F_EVP_DECRYPTFINAL_EX 101 +# define EVP_F_EVP_DECRYPTUPDATE 181 # define EVP_F_EVP_DIGESTINIT_EX 128 # define EVP_F_EVP_ENCRYPTFINAL_EX 127 +# define EVP_F_EVP_ENCRYPTUPDATE 180 # define EVP_F_EVP_MD_CTX_COPY_EX 110 # define EVP_F_EVP_MD_SIZE 162 # define EVP_F_EVP_OPENINIT 102 diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c index 0c740d16790..c63fb53ac85 100644 --- a/crypto/openssl/crypto/evp/evp_enc.c +++ b/crypto/openssl/crypto/evp/evp_enc.c @@ -317,8 +317,9 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); } -int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) +static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, + const unsigned char *in, int inl) { int i, j, bl; @@ -380,6 +381,18 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } +int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) +{ + /* Prevent accidental use of decryption context when encrypting */ + if (!ctx->encrypt) { + EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION); + return 0; + } + + return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); +} + int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int ret; @@ -392,6 +405,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int n, ret; unsigned int i, b, bl; + /* Prevent accidental use of decryption context when encrypting */ + if (!ctx->encrypt) { + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION); + return 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { ret = M_do_cipher(ctx, out, NULL, 0); if (ret < 0) @@ -435,6 +454,12 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, int fix_len; unsigned int b; + /* Prevent accidental use of encryption context when decrypting */ + if (ctx->encrypt) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION); + return 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { fix_len = M_do_cipher(ctx, out, in, inl); if (fix_len < 0) { @@ -451,7 +476,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } if (ctx->flags & EVP_CIPH_NO_PADDING) - return EVP_EncryptUpdate(ctx, out, outl, in, inl); + return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); b = ctx->cipher->block_size; OPENSSL_assert(b <= sizeof(ctx->final)); @@ -463,7 +488,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } else fix_len = 0; - if (!EVP_EncryptUpdate(ctx, out, outl, in, inl)) + if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl)) return 0; /* @@ -494,6 +519,13 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int i, n; unsigned int b; + + /* Prevent accidental use of encryption context when decrypting */ + if (ctx->encrypt) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION); + return 0; + } + *outl = 0; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { diff --git a/crypto/openssl/crypto/evp/evp_err.c b/crypto/openssl/crypto/evp/evp_err.c index bcd841eb779..11647b92c61 100644 --- a/crypto/openssl/crypto/evp/evp_err.c +++ b/crypto/openssl/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -92,8 +92,10 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, + {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"}, {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, + {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"}, {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"}, {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, diff --git a/crypto/openssl/crypto/evp/evp_test.c b/crypto/openssl/crypto/evp/evp_test.c index 97a20830278..28544a61a68 100644 --- a/crypto/openssl/crypto/evp/evp_test.c +++ b/crypto/openssl/crypto/evp/evp_test.c @@ -1,6 +1,6 @@ /* Written by Ben Laurie, 2001 */ /* - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -327,7 +327,7 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn, ERR_print_errors_fp(stderr); test1_exit(12); } - if (an && !EVP_EncryptUpdate(&ctx, NULL, &outl, aad, an)) { + if (an && !EVP_DecryptUpdate(&ctx, NULL, &outl, aad, an)) { fprintf(stderr, "AAD set failed\n"); ERR_print_errors_fp(stderr); test1_exit(13); diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h index 2f26ed9ff46..330aa04e87d 100644 --- a/crypto/openssl/crypto/opensslv.h +++ b/crypto/openssl/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1000211fL +# define OPENSSL_VERSION_NUMBER 0x1000212fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q-fips 20 Nov 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2r-fips 26 Feb 2019" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q-freebsd 20 Nov 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2r-freebsd 26 Feb 2019" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/openssl/crypto/rsa/Makefile b/crypto/openssl/crypto/rsa/Makefile index 6be73ed187f..b083e291909 100644 --- a/crypto/openssl/crypto/rsa/Makefile +++ b/crypto/openssl/crypto/rsa/Makefile @@ -153,7 +153,8 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_eay.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h rsa_eay.c +rsa_eay.o: ../../include/openssl/symhacks.h ../bn_int.h ../constant_time_locl.h +rsa_eay.o: ../cryptlib.h rsa_eay.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -299,7 +300,8 @@ rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c +rsa_ssl.o: ../../include/openssl/symhacks.h ../constant_time_locl.h +rsa_ssl.o: ../cryptlib.h rsa_ssl.c rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c index be948a4cf8b..7f20fd6738a 100644 --- a/crypto/openssl/crypto/rsa/rsa_eay.c +++ b/crypto/openssl/crypto/rsa/rsa_eay.c @@ -115,6 +115,7 @@ #include #include #include "bn_int.h" +#include "constant_time_locl.h" #ifndef RSA_NULL @@ -397,6 +398,11 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, goto err; } + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, + rsa->n, ctx)) + goto err; + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { blinding = rsa_get_blinding(rsa, &local_blinding, ctx); if (blinding == NULL) { @@ -431,11 +437,6 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, } else d = rsa->d; - if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, - rsa->n, ctx)) - goto err; - if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, rsa->_method_mod_n)) goto err; @@ -587,8 +588,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); goto err; } - if (r < 0) - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); + err_clear_last_constant_time(r >= 0); err: if (ctx != NULL) { diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/openssl/crypto/rsa/rsa_oaep.c index 3fb8f6b33d4..033ea5a520c 100644 --- a/crypto/openssl/crypto/rsa/rsa_oaep.c +++ b/crypto/openssl/crypto/rsa/rsa_oaep.c @@ -121,7 +121,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, const EVP_MD *mgf1md) { int i, dblen = 0, mlen = -1, one_index = 0, msg_index; - unsigned int good, found_one_byte; + unsigned int good = 0, found_one_byte, mask; const unsigned char *maskedseed, *maskeddb; /* * |em| is the encoded message, zero-padded to exactly |num| bytes: em = @@ -148,8 +148,11 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, * the ciphertext, see PKCS #1 v2.2, section 7.1.2. * This does not leak any side-channel information. */ - if (num < flen || num < 2 * mdlen + 2) - goto decoding_err; + if (num < flen || num < 2 * mdlen + 2) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, + RSA_R_OAEP_DECODING_ERROR); + return -1; + } dblen = num - mdlen - 1; db = OPENSSL_malloc(dblen); @@ -158,26 +161,26 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, goto cleanup; } - if (flen != num) { - em = OPENSSL_malloc(num); - if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, - ERR_R_MALLOC_FAILURE); - goto cleanup; - } + em = OPENSSL_malloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, + ERR_R_MALLOC_FAILURE); + goto cleanup; + } - /* - * Caller is encouraged to pass zero-padded message created with - * BN_bn2binpad, but if it doesn't, we do this zero-padding copy - * to avoid leaking that information. The copy still leaks some - * side-channel information, but it's impossible to have a fixed - * memory access pattern since we can't read out of the bounds of - * |from|. - */ - memset(em, 0, num); - memcpy(em + num - flen, from, flen); - from = em; + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad. Trouble is that since we can't read out of |from|'s + * bounds, it's impossible to have an invariant memory access pattern + * in case |from| was not zero-padded in advance. + */ + for (from += flen, em += num, i = 0; i < num; i++) { + mask = ~constant_time_is_zero(flen); + flen -= 1 & mask; + from -= 1 & mask; + *--em = *from & mask; } + from = em; /* * The first byte must be zero, however we must not leak if this is @@ -224,37 +227,50 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, * so plaintext-awareness ensures timing side-channels are no longer a * concern. */ - if (!good) - goto decoding_err; - msg_index = one_index + 1; mlen = dblen - msg_index; - if (tlen < mlen) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_DATA_TOO_LARGE); - mlen = -1; - } else { - memcpy(to, db + msg_index, mlen); - goto cleanup; + /* + * For good measure, do this check in constant tine as well. + */ + good &= constant_time_ge(tlen, mlen); + + /* + * Even though we can't fake result's length, we can pretend copying + * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |dblen| + * bytes are viewed as circular buffer with start at |tlen|-|mlen'|, + * where |mlen'| is "saturated" |mlen| value. Deducing information + * about failure or |mlen| would take attacker's ability to observe + * memory access pattern with byte granularity *as it occurs*. It + * should be noted that failure is indistinguishable from normal + * operation if |tlen| is fixed by protocol. + */ + tlen = constant_time_select_int(constant_time_lt(dblen, tlen), dblen, tlen); + msg_index = constant_time_select_int(good, msg_index, dblen - tlen); + mlen = dblen - msg_index; + for (from = db + msg_index, mask = good, i = 0; i < tlen; i++) { + unsigned int equals = constant_time_eq(i, mlen); + + from -= dblen & equals; /* if (i == dblen) rewind */ + mask &= mask ^ equals; /* if (i == dblen) mask = 0 */ + to[i] = constant_time_select_8(mask, from[i], to[i]); } - decoding_err: /* * To avoid chosen ciphertext attacks, the error message should not * reveal which kind of decoding error happened. */ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_OAEP_DECODING_ERROR); + err_clear_last_constant_time(1 & good); cleanup: - if (db != NULL) { - OPENSSL_cleanse(db, dblen); - OPENSSL_free(db); - } - if (em != NULL) { - OPENSSL_cleanse(em, num); - OPENSSL_free(em); - } - return mlen; + OPENSSL_cleanse(seed, sizeof(seed)); + OPENSSL_cleanse(db, dblen); + OPENSSL_free(db); + OPENSSL_cleanse(em, num); + OPENSSL_free(em); + + return constant_time_select_int(good, mlen, -1); } int PKCS1_MGF1(unsigned char *mask, long len, diff --git a/crypto/openssl/crypto/rsa/rsa_pk1.c b/crypto/openssl/crypto/rsa/rsa_pk1.c index 5d7882a3bfc..074bc0a9394 100644 --- a/crypto/openssl/crypto/rsa/rsa_pk1.c +++ b/crypto/openssl/crypto/rsa/rsa_pk1.c @@ -207,7 +207,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, int i; /* |em| is the encoded message, zero-padded to exactly |num| bytes */ unsigned char *em = NULL; - unsigned int good, found_zero_byte; + unsigned int good, found_zero_byte, mask; int zero_index = 0, msg_index, mlen = -1; if (tlen < 0 || flen < 0) @@ -218,40 +218,41 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * section 7.2.2. */ - if (flen > num) - goto err; - - if (num < 11) - goto err; + if (flen > num || num < 11) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, + RSA_R_PKCS_DECODING_ERROR); + return -1; + } - if (flen != num) { - em = OPENSSL_malloc(num); - if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); - return -1; - } - /* - * Caller is encouraged to pass zero-padded message created with - * BN_bn2binpad, but if it doesn't, we do this zero-padding copy - * to avoid leaking that information. The copy still leaks some - * side-channel information, but it's impossible to have a fixed - * memory access pattern since we can't read out of the bounds of - * |from|. - */ - memset(em, 0, num); - memcpy(em + num - flen, from, flen); - from = em; + em = OPENSSL_malloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; } + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad. Trouble is that since we can't read out of |from|'s + * bounds, it's impossible to have an invariant memory access pattern + * in case |from| was not zero-padded in advance. + */ + for (from += flen, em += num, i = 0; i < num; i++) { + mask = ~constant_time_is_zero(flen); + flen -= 1 & mask; + from -= 1 & mask; + *--em = *from & mask; + } + from = em; good = constant_time_is_zero(from[0]); good &= constant_time_eq(from[1], 2); + /* scan over padding data */ found_zero_byte = 0; for (i = 2; i < num; i++) { unsigned int equals0 = constant_time_is_zero(from[i]); - zero_index = - constant_time_select_int(~found_zero_byte & equals0, i, - zero_index); + + zero_index = constant_time_select_int(~found_zero_byte & equals0, + i, zero_index); found_zero_byte |= equals0; } @@ -260,7 +261,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * If we never found a 0-byte, then |zero_index| is 0 and the check * also fails. */ - good &= constant_time_ge((unsigned int)(zero_index), 2 + 8); + good &= constant_time_ge(zero_index, 2 + 8); /* * Skip the zero byte. This is incorrect if we never found a zero-byte @@ -270,30 +271,35 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, mlen = num - msg_index; /* - * For good measure, do this check in constant time as well; it could - * leak something if |tlen| was assuming valid padding. + * For good measure, do this check in constant time as well. */ - good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen)); + good &= constant_time_ge(tlen, mlen); /* - * We can't continue in constant-time because we need to copy the result - * and we cannot fake its length. This unavoidably leaks timing - * information at the API boundary. + * Even though we can't fake result's length, we can pretend copying + * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num| + * bytes are viewed as circular buffer with start at |tlen|-|mlen'|, + * where |mlen'| is "saturated" |mlen| value. Deducing information + * about failure or |mlen| would take attacker's ability to observe + * memory access pattern with byte granularity *as it occurs*. It + * should be noted that failure is indistinguishable from normal + * operation if |tlen| is fixed by protocol. */ - if (!good) { - mlen = -1; - goto err; + tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen); + msg_index = constant_time_select_int(good, msg_index, num - tlen); + mlen = num - msg_index; + for (from += msg_index, mask = good, i = 0; i < tlen; i++) { + unsigned int equals = constant_time_eq(i, mlen); + + from -= tlen & equals; /* if (i == mlen) rewind */ + mask &= mask ^ equals; /* if (i == mlen) mask = 0 */ + to[i] = constant_time_select_8(mask, from[i], to[i]); } - memcpy(to, from + msg_index, mlen); + OPENSSL_cleanse(em, num); + OPENSSL_free(em); + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); + err_clear_last_constant_time(1 & good); - err: - if (em != NULL) { - OPENSSL_cleanse(em, num); - OPENSSL_free(em); - } - if (mlen == -1) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, - RSA_R_PKCS_DECODING_ERROR); - return mlen; + return constant_time_select_int(good, mlen, -1); } diff --git a/crypto/openssl/crypto/rsa/rsa_ssl.c b/crypto/openssl/crypto/rsa/rsa_ssl.c index 831f75aaf43..e9a5fe2385b 100644 --- a/crypto/openssl/crypto/rsa/rsa_ssl.c +++ b/crypto/openssl/crypto/rsa/rsa_ssl.c @@ -61,6 +61,7 @@ #include #include #include +#include "constant_time_locl.h" int RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from, int flen) @@ -101,57 +102,116 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, return (1); } +/* + * Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding + * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also + * preserves error code reporting for backward compatibility. + */ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, const unsigned char *from, int flen, int num) { - int i, j, k; - const unsigned char *p; + int i; + /* |em| is the encoded message, zero-padded to exactly |num| bytes */ + unsigned char *em = NULL; + unsigned int good, found_zero_byte, mask, threes_in_row; + int zero_index = 0, msg_index, mlen = -1, err; - p = from; if (flen < 10) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return (-1); } - /* Accept even zero-padded input */ - if (flen == num) { - if (*(p++) != 0) { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); - return -1; - } - flen--; + + em = OPENSSL_malloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, ERR_R_MALLOC_FAILURE); + return -1; } - if ((num != (flen + 1)) || (*(p++) != 02)) { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); - return (-1); + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad. Trouble is that since we can't read out of |from|'s + * bounds, it's impossible to have an invariant memory access pattern + * in case |from| was not zero-padded in advance. + */ + for (from += flen, em += num, i = 0; i < num; i++) { + mask = ~constant_time_is_zero(flen); + flen -= 1 & mask; + from -= 1 & mask; + *--em = *from & mask; } + from = em; + + good = constant_time_is_zero(from[0]); + good &= constant_time_eq(from[1], 2); + err = constant_time_select_int(good, 0, RSA_R_BLOCK_TYPE_IS_NOT_02); + mask = ~good; /* scan over padding data */ - j = flen - 1; /* one for type */ - for (i = 0; i < j; i++) - if (*(p++) == 0) - break; - - if ((i == j) || (i < 8)) { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, - RSA_R_NULL_BEFORE_BLOCK_MISSING); - return (-1); - } - for (k = -9; k < -1; k++) { - if (p[k] != 0x03) - break; - } - if (k == -1) { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK); - return (-1); + found_zero_byte = 0; + threes_in_row = 0; + for (i = 2; i < num; i++) { + unsigned int equals0 = constant_time_is_zero(from[i]); + + zero_index = constant_time_select_int(~found_zero_byte & equals0, + i, zero_index); + found_zero_byte |= equals0; + + threes_in_row += 1 & ~found_zero_byte; + threes_in_row &= found_zero_byte | constant_time_eq(from[i], 3); } - i++; /* Skip over the '\0' */ - j -= i; - if (j > tlen) { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE); - return (-1); + /* + * PS must be at least 8 bytes long, and it starts two bytes into |from|. + * If we never found a 0-byte, then |zero_index| is 0 and the check + * also fails. + */ + good &= constant_time_ge(zero_index, 2 + 8); + err = constant_time_select_int(mask | good, err, + RSA_R_NULL_BEFORE_BLOCK_MISSING); + mask = ~good; + + good &= constant_time_lt(threes_in_row, 8); + err = constant_time_select_int(mask | good, err, + RSA_R_SSLV3_ROLLBACK_ATTACK); + mask = ~good; + + /* + * Skip the zero byte. This is incorrect if we never found a zero-byte + * but in this case we also do not copy the message out. + */ + msg_index = zero_index + 1; + mlen = num - msg_index; + + /* + * For good measure, do this check in constant time as well. + */ + good &= constant_time_ge(tlen, mlen); + err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE); + + /* + * Even though we can't fake result's length, we can pretend copying + * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num| + * bytes are viewed as circular buffer with start at |tlen|-|mlen'|, + * where |mlen'| is "saturated" |mlen| value. Deducing information + * about failure or |mlen| would take attacker's ability to observe + * memory access pattern with byte granularity *as it occurs*. It + * should be noted that failure is indistinguishable from normal + * operation if |tlen| is fixed by protocol. + */ + tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen); + msg_index = constant_time_select_int(good, msg_index, num - tlen); + mlen = num - msg_index; + for (from += msg_index, mask = good, i = 0; i < tlen; i++) { + unsigned int equals = constant_time_eq(i, mlen); + + from -= tlen & equals; /* if (i == mlen) rewind */ + mask &= mask ^ equals; /* if (i == mlen) mask = 0 */ + to[i] = constant_time_select_8(mask, from[i], to[i]); } - memcpy(to, p, (unsigned int)j); - return (j); + OPENSSL_cleanse(em, num); + OPENSSL_free(em); + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, err); + err_clear_last_constant_time(1 & good); + + return constant_time_select_int(good, mlen, -1); } diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod index def1d3f7234..4e9655bd109 100644 --- a/crypto/openssl/doc/apps/ca.pod +++ b/crypto/openssl/doc/apps/ca.pod @@ -214,7 +214,7 @@ the section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to B unless the B<-extfile> option is used). If no extension section is present then, a V1 certificate is created. If the extension section -is present (even if it is empty), then a V3 certificate is created. See the:w +is present (even if it is empty), then a V3 certificate is created. See the L manual page for details of the extension section format. diff --git a/crypto/openssl/doc/crypto/PKCS12_parse.pod b/crypto/openssl/doc/crypto/PKCS12_parse.pod index c54cf2ad613..cd648d39b0d 100644 --- a/crypto/openssl/doc/crypto/PKCS12_parse.pod +++ b/crypto/openssl/doc/crypto/PKCS12_parse.pod @@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure #include -int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod index f20f815d478..800e777869f 100644 --- a/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod +++ b/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod @@ -109,7 +109,12 @@ L. The RSA_padding_check_PKCS1_type_2() padding check leaks timing information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the PKCS #1 -v1.5 padding design. Prefer PKCS1_OAEP padding. +v1.5 padding design. Prefer PKCS1_OAEP padding. Otherwise it can +be recommended to pass zero-padded B, so that B equals to +B, and if fixed by protocol, B being set to the +expected length. In such case leakage would be minimal, it would +take attacker's ability to observe memory access pattern with byte +granilarity as it occurs, post-factum timing analysis won't do. =head1 SEE ALSO diff --git a/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod b/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod index 4716e7ee754..403725fd48a 100644 --- a/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod +++ b/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod @@ -44,9 +44,6 @@ X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be used to examine an B function as returned by X509_NAME_get_entry() for example. -X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(), -and X509_NAME_ENTRY_create_by_OBJ() create and return an - X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(), X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data() are seldom used in practice because B structures diff --git a/crypto/openssl/doc/man3/X509_cmp_time.pod b/crypto/openssl/doc/crypto/X509_cmp_time.pod similarity index 93% rename from crypto/openssl/doc/man3/X509_cmp_time.pod rename to crypto/openssl/doc/crypto/X509_cmp_time.pod index 5bf51114511..f3c0750efe0 100644 --- a/crypto/openssl/doc/man3/X509_cmp_time.pod +++ b/crypto/openssl/doc/crypto/X509_cmp_time.pod @@ -29,7 +29,7 @@ B, and 1 otherwise. It returns 0 on error. =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/ssl/SSL_get_error.pod b/crypto/openssl/doc/ssl/SSL_get_error.pod index 2a93894096e..7537616d475 100644 --- a/crypto/openssl/doc/ssl/SSL_get_error.pod +++ b/crypto/openssl/doc/ssl/SSL_get_error.pod @@ -90,14 +90,17 @@ Details depend on the application. =item SSL_ERROR_SYSCALL -Some non-recoverable I/O error occurred. -The OpenSSL error queue may contain more information on the error. -For socket I/O on Unix systems, consult B for details. +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +B for details. If this error occurs then no further I/O operations should +be performed on the connection and SSL_shutdown() must not be called. =item SSL_ERROR_SSL -A failure in the SSL library occurred, usually a protocol error. The -OpenSSL error queue contains more information on the error. +A non-recoverable, fatal error in the SSL library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and SSL_shutdown() must not be called. =back diff --git a/crypto/openssl/doc/ssl/SSL_shutdown.pod b/crypto/openssl/doc/ssl/SSL_shutdown.pod index efbff5a0a32..e2a776cf1c7 100644 --- a/crypto/openssl/doc/ssl/SSL_shutdown.pod +++ b/crypto/openssl/doc/ssl/SSL_shutdown.pod @@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. +Note that SSL_shutdown() must not be called if a previous fatal error has +occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL +or SSL_ERROR_SSL. + The shutdown procedure consists of 2 steps: the sending of the "close notify" shutdown alert and the reception of the peer's "close notify" shutdown alert. According to the TLS standard, it is acceptable for an application diff --git a/crypto/openssl/ssl/d1_pkt.c b/crypto/openssl/ssl/d1_pkt.c index 23aa9dbce48..c7fe97727bf 100644 --- a/crypto/openssl/ssl/d1_pkt.c +++ b/crypto/openssl/ssl/d1_pkt.c @@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); + s->state = SSL_ST_ERR; return (0); } else { al = SSL_AD_ILLEGAL_PARAMETER; diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index 6527df8ce22..830b7237a2f 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); + s->state = SSL_ST_ERR; return (0); } else { al = SSL_AD_ILLEGAL_PARAMETER; @@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc) * protocol_version alerts */ if (desc < 0) return -1; - /* If a fatal one, remove from cache */ - if ((level == 2) && (s->session != NULL)) - SSL_CTX_remove_session(s->session_ctx, s->session); + /* If a fatal one, remove from cache and go into the error state */ + if (level == SSL3_AL_FATAL) { + if (s->session != NULL) + SSL_CTX_remove_session(s->session_ctx, s->session); + s->state = SSL_ST_ERR; + } s->s3->alert_dispatch = 1; s->s3->send_alert[0] = level; diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c index 55f918d1085..8c1f3ae5707 100644 --- a/crypto/openssl/ssl/t1_lib.c +++ b/crypto/openssl/ssl/t1_lib.c @@ -3697,6 +3697,12 @@ int tls12_get_sigid(const EVP_PKEY *pk) sizeof(tls12_sig) / sizeof(tls12_lookup)); } +static int tls12_get_hash_nid(unsigned char hash_alg) +{ + return tls12_find_nid(hash_alg, tls12_md, + sizeof(tls12_md) / sizeof(tls12_lookup)); +} + const EVP_MD *tls12_get_hash(unsigned char hash_alg) { switch (hash_alg) { @@ -3887,6 +3893,8 @@ int tls1_process_sigalgs(SSL *s) const EVP_MD *md; CERT *c = s->cert; TLS_SIGALGS *sigptr; + int mandatory_mdnid; + if (!tls1_set_shared_sigalgs(s)) return 0; @@ -3918,6 +3926,18 @@ int tls1_process_sigalgs(SSL *s) for (i = 0, sigptr = c->shared_sigalgs; i < c->shared_sigalgslen; i++, sigptr++) { idx = tls12_get_pkey_idx(sigptr->rsign); + if (s->cert->pkeys[idx].privatekey) { + ERR_set_mark(); + if (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey, + &mandatory_mdnid) == 2 && + mandatory_mdnid != tls12_get_hash_nid(sigptr->rhash)) + continue; + /* + * If EVP_PKEY_get_default_digest_nid() failed, don't pollute + * the error stack. + */ + ERR_pop_to_mark(); + } if (idx > 0 && c->pkeys[idx].digest == NULL) { md = tls12_get_hash(sigptr->rhash); c->pkeys[idx].digest = md; diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index e64fd01c14a..77e3544455c 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -3,8 +3,8 @@ .include # OpenSSL version used for manual page generation -OPENSSL_VER= 1.0.2q -OPENSSL_DATE= 2018-11-20 +OPENSSL_VER= 1.0.2r +OPENSSL_DATE= 2019-02-26 LCRYPTO_SRC= ${SRCTOP}/crypto/openssl LCRYPTO_DOC= ${LCRYPTO_SRC}/doc @@ -64,9 +64,6 @@ MANDIR= ${SHAREDIR}/openssl/man/man .if defined(LIB) _docs= ${LIB} -.if ${LIB} == crypto -_docs+= man3 -.endif _skip= SSLeay_version des_modes _sec= 3 .else diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 index f960b15b984..40a1e5b3e1f 100644 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_new 3" -.TH ASN1_OBJECT_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ASN1_OBJECT_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,24 +153,24 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an \&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 .PP -\&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure. +\&\fBASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure. .PP -\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. +\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. .SH "NOTES" .IX Header "NOTES" -Although \fIASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it +Although \fBASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it is almost never used in applications. The \s-1ASN1\s0 object utility functions -such as \fIOBJ_nid2obj()\fR are used instead. +such as \fBOBJ_nid2obj()\fR are used instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). +If the allocation fails, \fBASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIASN1_OBJECT_free()\fR returns no value. +\&\fBASN1_OBJECT_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_ASN1_OBJECT\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBd2i_ASN1_OBJECT\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIASN1_OBJECT_new()\fR and \fIASN1_OBJECT_free()\fR are available in all versions of SSLeay and OpenSSL. +\&\fBASN1_OBJECT_new()\fR and \fBASN1_OBJECT_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 index 8afa7adc56d..55309493f85 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_length 3" -.TH ASN1_STRING_length 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ASN1_STRING_length 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,28 +164,28 @@ ASN1_STRING utility functions .IX Header "DESCRIPTION" These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. .PP -\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. .PP -\&\fIASN1_STRING_data()\fR returns an internal pointer to the data of \fBx\fR. +\&\fBASN1_STRING_data()\fR returns an internal pointer to the data of \fBx\fR. Since this is an internal pointer it should \fBnot\fR be freed or modified in any way. .PP -\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. +\&\fBASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. .PP -\&\fIASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two +\&\fBASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two are identical. The string types and content are compared. .PP -\&\fIASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer +\&\fBASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer \&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR is \-1 then the length is determined by strlen(data). .PP -\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants +\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants such as \fBV_ASN1_OCTET_STRING\fR. .PP -\&\fIASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the +\&\fBASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the converted data is allocated in a buffer in \fB*out\fR. The length of \&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR -should be free using \fIOPENSSL_free()\fR. +should be free using \fBOPENSSL_free()\fR. .SH "NOTES" .IX Header "NOTES" Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR @@ -195,18 +199,18 @@ These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGE or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR utility functions should be used instead. .PP -In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR +In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\fR is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format. .PP Similar care should be take to ensure the data is in the correct format -when calling \fIASN1_STRING_set()\fR. +when calling \fBASN1_STRING_set()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 index ea388d7861d..4202bb672bc 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ASN1_STRING_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,26 +152,26 @@ ASN1_STRING allocation functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +\&\fBASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type is undefined. .PP -\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +\&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of type \fBtype\fR. .PP -\&\fIASN1_STRING_free()\fR frees up \fBa\fR. +\&\fBASN1_STRING_free()\fR frees up \fBa\fR. .SH "NOTES" .IX Header "NOTES" Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example -\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +\&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid +\&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid \&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIASN1_STRING_free()\fR does not return a value. +\&\fBASN1_STRING_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 index 35062521748..6530b98b4e4 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_print_ex 3" -.TH ASN1_STRING_print_ex 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ASN1_STRING_print_ex 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,16 +154,16 @@ ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \- ASN1_STRING These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to represent all the \s-1ASN1\s0 string types. .PP -\&\fIASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by -the options \fBflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs +\&\fBASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by +the options \fBflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs to \fBfp\fR instead. .PP -\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to -\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) +\&\fBASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to +\&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) with '.'. .SH "NOTES" .IX Header "NOTES" -\&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications. +\&\fBASN1_STRING_print()\fR is a legacy function which should be avoided in new applications. .PP Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. @@ -194,7 +198,7 @@ all: everything is assumed to be one byte per character. This is primarily for debugging purposes and can result in confusing output in multi character strings. .PP If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out -before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fIASN1_tag2str()\fR. +before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fBASN1_tag2str()\fR. .PP The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just outputs the value of the string using the form #XXXX using hex format for each @@ -216,8 +220,8 @@ equivalent to: \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIASN1_tag2str\fR\|(3) +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBASN1_tag2str\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/ASN1_TIME_set.3 index 6414a09b764..654379cb31f 100644 --- a/secure/lib/libcrypto/man/ASN1_TIME_set.3 +++ b/secure/lib/libcrypto/man/ASN1_TIME_set.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_TIME_set 3" -.TH ASN1_TIME_set 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ASN1_TIME_set 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,30 +156,30 @@ ASN1_TIME_print, ASN1_TIME_diff \- ASN.1 Time functions. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fIASN1_TIME_set()\fR sets the \s-1ASN1_TIME\s0 structure \fBs\fR to the +The function \fBASN1_TIME_set()\fR sets the \s-1ASN1_TIME\s0 structure \fBs\fR to the time represented by the time_t value \fBt\fR. If \fBs\fR is \s-1NULL\s0 a new \s-1ASN1_TIME\s0 structure is allocated and returned. .PP -\&\fIASN1_TIME_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBs\fR to the time represented +\&\fBASN1_TIME_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBs\fR to the time represented by the time \fBoffset_day\fR and \fBoffset_sec\fR after the time_t value \fBt\fR. The values of \fBoffset_day\fR or \fBoffset_sec\fR can be negative to set a time before \fBt\fR. The \fBoffset_sec\fR value can also exceed the number of seconds in a day. If \fBs\fR is \s-1NULL\s0 a new \s-1ASN1_TIME\s0 structure is allocated and returned. .PP -\&\fIASN1_TIME_set_string()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time +\&\fBASN1_TIME_set_string()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time represented by string \fBstr\fR which must be in appropriate \s-1ASN.1\s0 time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). .PP -\&\fIASN1_TIME_check()\fR checks the syntax of \s-1ASN1_TIME\s0 structure \fBs\fR. +\&\fBASN1_TIME_check()\fR checks the syntax of \s-1ASN1_TIME\s0 structure \fBs\fR. .PP -\&\fIASN1_TIME_print()\fR prints out the time \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable +\&\fBASN1_TIME_print()\fR prints out the time \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example \&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time structure has invalid format it prints out \*(L"Bad time value\*(R" and returns an error. .PP -\&\fIASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between +\&\fBASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between \&\fBfrom\fR and \fBto\fR. If \fBto\fR represents a time later than \fBfrom\fR then one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then @@ -192,21 +196,21 @@ in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else GeneralizedTime is used. .PP The \s-1ASN1_TIME\s0 structure is represented as an \s-1ASN1_STRING\s0 internally and can -be freed up using \fIASN1_STRING_free()\fR. +be freed up using \fBASN1_STRING_free()\fR. .PP The \s-1ASN1_TIME\s0 structure can represent years from 0000 to 9999 but no attempt is made to correct ancient calendar changes (for example from Julian to Gregorian calendars). .PP Some applications add offset times directly to a time_t value and pass the -results to \fIASN1_TIME_set()\fR (or equivalent). This can cause problems as the +results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the time_t value can overflow on some systems resulting in unexpected results. -New applications should use \fIASN1_TIME_adj()\fR instead and pass the offset value +New applications should use \fBASN1_TIME_adj()\fR instead and pass the offset value in the \fBoffset_sec\fR and \fBoffset_day\fR parameters instead of directly manipulating a time_t value. .SH "BUGS" .IX Header "BUGS" -\&\fIASN1_TIME_print()\fR currently does not print out the time zone: it either prints +\&\fBASN1_TIME_print()\fR currently does not print out the time zone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. .SH "EXAMPLES" @@ -244,17 +248,17 @@ Determine if one time is later or sooner than the current time: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_TIME_set()\fR and \fIASN1_TIME_adj()\fR return a pointer to an \s-1ASN1_TIME\s0 structure +\&\fBASN1_TIME_set()\fR and \fBASN1_TIME_adj()\fR return a pointer to an \s-1ASN1_TIME\s0 structure or \s-1NULL\s0 if an error occurred. .PP -\&\fIASN1_TIME_set_string()\fR returns 1 if the time value is successfully set and +\&\fBASN1_TIME_set_string()\fR returns 1 if the time value is successfully set and 0 otherwise. .PP -\&\fIASN1_TIME_check()\fR returns 1 if the structure is syntactically correct and 0 +\&\fBASN1_TIME_check()\fR returns 1 if the structure is syntactically correct and 0 otherwise. .PP -\&\fIASN1_TIME_print()\fR returns 1 if the time is successfully printed out and 0 if +\&\fBASN1_TIME_print()\fR returns 1 if the time is successfully printed out and 0 if an error occurred (I/O error or invalid time format). .PP -\&\fIASN1_TIME_diff()\fR returns 1 for sucess and 0 for failure. It can fail if the +\&\fBASN1_TIME_diff()\fR returns 1 for sucess and 0 for failure. It can fail if the pass \s-1ASN1_TIME\s0 structure has invalid syntax for example. diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 index 9e3d04f47c2..aa0a7dbf753 100644 --- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 +++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_generate_nconf 3" -.TH ASN1_generate_nconf 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ASN1_generate_nconf 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -360,13 +364,13 @@ structure: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR return the encoded +\&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -The error codes that can be obtained by \fIERR_get_error\fR\|(3). +The error codes that can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR were added to OpenSSL 0.9.8 +\&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR were added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index cf4ec2cfaee..f3032d13720 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_ctrl 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,7 +172,7 @@ BIO_get_info_callback, BIO_set_info_callback \- BIO control operations .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR +\&\fBBIO_ctrl()\fR, \fBBIO_callback_ctrl()\fR, \fBBIO_ptr_ctrl()\fR and \fBBIO_int_ctrl()\fR are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. These functions are not normally called directly, various macros are used instead. The standard macros are described below, macros @@ -176,82 +180,82 @@ specific to a particular type of \s-1BIO\s0 are described in the specific BIOs manual page as well as any special features of the standard calls. .PP -\&\fIBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case +\&\fBBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case of file related BIOs for example it rewinds the file pointer to the start of the file. .PP -\&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and +\&\fBBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and \&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. .PP -\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 +\&\fBBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 .PP -\&\fIBIO_flush()\fR normally writes out any internally buffered data, in some +\&\fBBIO_flush()\fR normally writes out any internally buffered data, in some cases it is used to signal \s-1EOF\s0 and that no more data will be written. .PP -\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of +\&\fBBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of \&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type. .PP -\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can +\&\fBBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should be closed when the \s-1BIO\s0 is freed. .PP -\&\fIBIO_get_close()\fR returns the BIOs close flag. +\&\fBBIO_get_close()\fR returns the BIOs close flag. .PP -\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR +\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR return the number of pending characters in the BIOs read and write buffers. -Not all BIOs support these calls. \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR -return a size_t type and are functions, \fIBIO_pending()\fR and \fIBIO_wpending()\fR are -macros which call \fIBIO_ctrl()\fR. +Not all BIOs support these calls. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR +return a size_t type and are functions, \fBBIO_pending()\fR and \fBBIO_wpending()\fR are +macros which call \fBBIO_ctrl()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File +\&\fBBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File BIOs are an exception, they return 0 for success and \-1 for failure. .PP -\&\fIBIO_seek()\fR and \fIBIO_tell()\fR both return the current file position on success -and \-1 for failure, except file BIOs which for \fIBIO_seek()\fR always return 0 +\&\fBBIO_seek()\fR and \fBBIO_tell()\fR both return the current file position on success +and \-1 for failure, except file BIOs which for \fBBIO_seek()\fR always return 0 for success and \-1 for failure. .PP -\&\fIBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. +\&\fBBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. .PP -\&\fIBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. +\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. .PP -\&\fIBIO_set_close()\fR always returns 1. +\&\fBBIO_set_close()\fR always returns 1. .PP -\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 +\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 .PP -\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR +\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR return the amount of pending data. .SH "NOTES" .IX Header "NOTES" -\&\fIBIO_flush()\fR, because it can write data may return 0 or \-1 indicating -that the call should be retried later in a similar manner to \fIBIO_write()\fR. -The \fIBIO_should_retry()\fR call should be used and appropriate action taken +\&\fBBIO_flush()\fR, because it can write data may return 0 or \-1 indicating +that the call should be retried later in a similar manner to \fBBIO_write()\fR. +The \fBBIO_should_retry()\fR call should be used and appropriate action taken is the call fails. .PP -The return values of \fIBIO_pending()\fR and \fIBIO_wpending()\fR may not reliably +The return values of \fBBIO_pending()\fR and \fBBIO_wpending()\fR may not reliably determine the amount of pending data in all cases. For example in the case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures internal buffers but it is not possible to determine this in a portably way. For other types of \s-1BIO\s0 they may not be supported. .PP -Filter BIOs if they do not internally handle a particular \fIBIO_ctrl()\fR +Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR operation usually pass the operation to the next \s-1BIO\s0 in the chain. This often means there is no need to locate the required \s-1BIO\s0 for a particular operation, it can be called on a chain and it will be automatically passed to the relevant \s-1BIO.\s0 However this can cause unexpected results: for example no current filter BIOs implement -\&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 +\&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 or file descriptor \s-1BIO.\s0 .PP -Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR +Source/sink BIOs return an 0 if they do not recognize the \fBBIO_ctrl()\fR operation. .SH "BUGS" .IX Header "BUGS" Some of the return values are ambiguous and care should be taken. In particular a return value of 0 can be returned if an operation is not supported, if an error occurred, if \s-1EOF\s0 has not been reached and in -the case of \fIBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. +the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index 5e3f08671e5..45c6ffdbd1a 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_f_base64 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,17 +150,17 @@ BIO_f_base64 \- base64 BIO filter .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter +\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter \&\s-1BIO\s0 that base64 encodes any data written through it and decodes any data read through it. .PP -Base64 BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR. +Base64 BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. .PP -\&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is +\&\fBBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is used to signal that no more data is to be encoded: this is used to flush the final block through the \s-1BIO.\s0 .PP -The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR +The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fBBIO_set_flags()\fR to encode the data all on one line or expect the data to be all on one line. .SH "NOTES" @@ -165,7 +169,7 @@ Because of the format of base64 encoding the end of the encoded block cannot always be reliably determined. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. +\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. .SH "EXAMPLES" .IX Header "EXAMPLES" Base64 encode the string \*(L"Hello World\en\*(R" and write the result diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index 4f679f1b781..e2ccb87e9ef 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_f_buffer 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,54 +155,54 @@ BIO_f_buffer \- buffering BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. .PP Data written to a buffering \s-1BIO\s0 is buffered and periodically written to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from an internal buffer which is filled from the next \s-1BIO\s0 in the chain. -Both \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported. +Both \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported. .PP -Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. +Calling \fBBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. .PP -\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. .PP -\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR +\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR set the read, write or both read and write buffer sizes to \fBsize\fR. The initial buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared when the buffer is resized. .PP -\&\fIBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR +\&\fBBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer is expanded. .SH "NOTES" .IX Header "NOTES" -Buffering BIOs implement \fIBIO_gets()\fR by using \fIBIO_read()\fR operations on the +Buffering BIOs implement \fBBIO_gets()\fR by using \fBBIO_read()\fR operations on the next \s-1BIO\s0 in the chain. By prepending a buffering \s-1BIO\s0 to a chain it is therefore -possible to provide \fIBIO_gets()\fR functionality if the following BIOs do not +possible to provide \fBBIO_gets()\fR functionality if the following BIOs do not support it (for example \s-1SSL\s0 BIOs). .PP Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills -or when \fIBIO_flush()\fR is called. It is therefore important to call \fIBIO_flush()\fR +or when \fBBIO_flush()\fR is called. It is therefore important to call \fBBIO_flush()\fR whenever any pending data should be written such as when removing a buffering -\&\s-1BIO\s0 using \fIBIO_pop()\fR. \fIBIO_flush()\fR may need to be retried if the ultimate +\&\s-1BIO\s0 using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate source/sink \s-1BIO\s0 is non blocking. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. .PP -\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). .PP -\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR +\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR return 1 if the buffer was successfully resized or 0 for failure. .PP -\&\fIBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if +\&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if there was an error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fIBIO\s0\fR\|(3), -\&\fIBIO_reset\fR\|(3), -\&\fIBIO_flush\fR\|(3), -\&\fIBIO_pop\fR\|(3), -\&\fIBIO_ctrl\fR\|(3), -\&\fIBIO_int_ctrl\fR\|(3) +\&\s-1\fBBIO\s0\fR\|(3), +\&\fBBIO_reset\fR\|(3), +\&\fBBIO_flush\fR\|(3), +\&\fBBIO_pop\fR\|(3), +\&\fBBIO_ctrl\fR\|(3), +\&\fBBIO_int_ctrl\fR\|(3) diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index 7a99d46d2ff..881cd5d86b3 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_f_cipher 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,53 +154,53 @@ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- ciphe .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter +\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter \&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data read from it. It is a \s-1BIO\s0 wrapper for the cipher routines -\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR. +\&\fBEVP_CipherInit()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal()\fR. .PP -Cipher BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR. +Cipher BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. .PP -\&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is +\&\fBBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is used to signal that no more data is to be encrypted: this is used to flush and possibly pad the final block through the \s-1BIO.\s0 .PP -\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR +\&\fBBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for decryption. .PP When reading from an encryption \s-1BIO\s0 the final block is automatically -decrypted and checked when \s-1EOF\s0 is detected. \fIBIO_get_cipher_status()\fR -is a \fIBIO_ctrl()\fR macro which can be called to determine whether the +decrypted and checked when \s-1EOF\s0 is detected. \fBBIO_get_cipher_status()\fR +is a \fBBIO_ctrl()\fR macro which can be called to determine whether the decryption operation was successful. .PP -\&\fIBIO_get_cipher_ctx()\fR is a \fIBIO_ctrl()\fR macro which retrieves the internal +\&\fBBIO_get_cipher_ctx()\fR is a \fBBIO_ctrl()\fR macro which retrieves the internal \&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction with the standard cipher routines to set it up. This is useful when -\&\fIBIO_set_cipher()\fR is not flexible enough for the applications needs. +\&\fBBIO_set_cipher()\fR is not flexible enough for the applications needs. .SH "NOTES" .IX Header "NOTES" -When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block +When encrypting \fBBIO_flush()\fR \fBmust\fR be called to flush the final block through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent decrypt. .PP When decrypting an error on the final block is signalled by a zero return value from the read operation. A successful decrypt followed -by \s-1EOF\s0 will also return zero for the final read. \fIBIO_get_cipher_status()\fR +by \s-1EOF\s0 will also return zero for the final read. \fBBIO_get_cipher_status()\fR should be called to determine if the decrypt was successful. .PP -As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can +As always, if \fBBIO_gets()\fR or \fBBIO_puts()\fR support is needed then it can be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. +\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. .PP -\&\fIBIO_set_cipher()\fR does not return a value. +\&\fBBIO_set_cipher()\fR does not return a value. .PP -\&\fIBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 +\&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 for failure. .PP -\&\fIBIO_get_cipher_ctx()\fR currently always returns 1. +\&\fBBIO_get_cipher_ctx()\fR currently always returns 1. .SH "EXAMPLES" .IX Header "EXAMPLES" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index bea60841f49..1d9b66ed4eb 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_f_md 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,57 +153,57 @@ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter +\&\fBBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter \&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper -for the digest routines \fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR -and \fIEVP_DigestFinal()\fR. +for the digest routines \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR +and \fBEVP_DigestFinal()\fR. .PP -Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read()\fR and -\&\fIBIO_write()\fR is digested. +Any data written or read through a digest \s-1BIO\s0 using \fBBIO_read()\fR and +\&\fBBIO_write()\fR is digested. .PP -\&\fIBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the -digest calculation and returns the digest value. \fIBIO_puts()\fR is +\&\fBBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the +digest calculation and returns the digest value. \fBBIO_puts()\fR is not supported. .PP -\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 +\&\fBBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 .PP -\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this +\&\fBBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this must be called to initialize a digest \s-1BIO\s0 before any data is -passed through it. It is a \fIBIO_ctrl()\fR macro. +passed through it. It is a \fBBIO_ctrl()\fR macro. .PP -\&\fIBIO_get_md()\fR places the a pointer to the digest BIOs digest method -in \fBmdp\fR, it is a \fIBIO_ctrl()\fR macro. +\&\fBBIO_get_md()\fR places the a pointer to the digest BIOs digest method +in \fBmdp\fR, it is a \fBBIO_ctrl()\fR macro. .PP -\&\fIBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. +\&\fBBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. .SH "NOTES" .IX Header "NOTES" -The context returned by \fIBIO_get_md_ctx()\fR can be used in calls -to \fIEVP_DigestFinal()\fR and also the signature routines \fIEVP_SignFinal()\fR -and \fIEVP_VerifyFinal()\fR. +The context returned by \fBBIO_get_md_ctx()\fR can be used in calls +to \fBEVP_DigestFinal()\fR and also the signature routines \fBEVP_SignFinal()\fR +and \fBEVP_VerifyFinal()\fR. .PP -The context returned by \fIBIO_get_md_ctx()\fR is an internal context +The context returned by \fBBIO_get_md_ctx()\fR is an internal context structure. Changes made to this context will affect the digest \&\s-1BIO\s0 itself and the context pointer will become invalid when the digest \&\s-1BIO\s0 is freed. .PP After the digest has been retrieved from a digest \s-1BIO\s0 it must be -reinitialized by calling \fIBIO_reset()\fR, or \fIBIO_set_md()\fR before any more +reinitialized by calling \fBBIO_reset()\fR, or \fBBIO_set_md()\fR before any more data is passed through it. .PP -If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through +If an application needs to call \fBBIO_gets()\fR or \fBBIO_puts()\fR through a chain containing digest BIOs then this can be done by prepending a buffering \s-1BIO.\s0 .PP -Before OpenSSL 1.0.0 the call to \fIBIO_get_md_ctx()\fR would only work if the \s-1BIO\s0 -had been initialized for example by calling \fIBIO_set_md()\fR ). In OpenSSL +Before OpenSSL 1.0.0 the call to \fBBIO_get_md_ctx()\fR would only work if the \s-1BIO\s0 +had been initialized for example by calling \fBBIO_set_md()\fR ). In OpenSSL 1.0.0 and later the context is always returned and the \s-1BIO\s0 is state is set to initialized. This allows applications to initialize the context externally -if the standard calls such as \fIBIO_set_md()\fR are not sufficiently flexible. +if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method. +\&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method. .PP -\&\fIBIO_set_md()\fR, \fIBIO_get_md()\fR and \fIBIO_md_ctx()\fR return 1 for success and +\&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and 0 for failure. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -268,11 +272,11 @@ outputs them. This could be used with the examples above. .Ve .SH "BUGS" .IX Header "BUGS" -The lack of support for \fIBIO_puts()\fR and the non standard behaviour of -\&\fIBIO_gets()\fR could be regarded as anomalous. It could be argued that \fIBIO_gets()\fR -and \fIBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest +The lack of support for \fBBIO_puts()\fR and the non standard behaviour of +\&\fBBIO_gets()\fR could be regarded as anomalous. It could be argued that \fBBIO_gets()\fR +and \fBBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest the data passed through and that digests should be retrieved using a -separate \fIBIO_ctrl()\fR call. +separate \fBBIO_ctrl()\fR call. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index fdf7d4518fa..581dd478379 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_f_null 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ BIO_f_null \- null filter .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 +\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 that does nothing. .PP All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in @@ -156,7 +160,7 @@ behaves just as though the \s-1BIO\s0 was not there. As may be apparent a null filter \s-1BIO\s0 is not particularly useful. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. +\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index f7364a2ddfd..f5cf4f7d109 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_f_ssl 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +171,7 @@ BIO_ssl_shutdown \- SSL BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which +\&\fBBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to \&\s-1SSL I/O.\s0 .PP @@ -175,63 +179,63 @@ I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol wi the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established then an attempt is made to establish one on the first I/O call. .PP -If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fIBIO_push()\fR it is automatically +If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fBBIO_push()\fR it is automatically used as the \s-1SSL\s0 BIOs read and write BIOs. .PP -Calling \fIBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection -by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in +Calling \fBBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection +by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next \s-1BIO\s0 in the chain: this will typically disconnect the underlying transport. The \s-1SSL BIO\s0 is then reset to the initial accept or connect state. .PP If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal -\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR. +\&\s-1SSL\s0 structure is also freed using \fBSSL_free()\fR. .PP -\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using +\&\fBBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using the close flag \fBc\fR. .PP -\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be +\&\fBBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be manipulated using the standard \s-1SSL\s0 library functions. .PP -\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR +\&\fBBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR is 1 client mode is set. If \fBclient\fR is 0 server mode is set. .PP -\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count +\&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at least 512 bytes. .PP -\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to +\&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to \&\fBseconds\fR. When the renegotiate timeout elapses the session is automatically renegotiated. .PP -\&\fIBIO_get_num_renegotiates()\fR returns the total number of session +\&\fBBIO_get_num_renegotiates()\fR returns the total number of session renegotiations due to I/O or timeout. .PP -\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using +\&\fBBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using client mode if \fBclient\fR is non zero. .PP -\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an +\&\fBBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an \&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0 .PP -\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting +\&\fBBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR) and a connect \&\s-1BIO.\s0 .PP -\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between +\&\fBBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between \&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the -\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on +\&\s-1SSL\s0 BIOs in each chain and calling \fBSSL_copy_session_id()\fR on the internal \s-1SSL\s0 pointer. .PP -\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 +\&\fBBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the -chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0 +chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0 pointer. .PP -\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the +\&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the -call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs +call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs to determine if the call should be retried. If an \s-1SSL\s0 connection has already been established this call has no effect. .SH "NOTES" @@ -239,7 +243,7 @@ already been established this call has no effect. \&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport is non blocking they can still request a retry in exceptional circumstances. Specifically this will happen if a session -renegotiation takes place during a \fIBIO_read()\fR operation, one +renegotiation takes place during a \fBBIO_read()\fR operation, one case where this happens is when step up occurs. .PP In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be @@ -247,12 +251,12 @@ set to disable this behaviour. That is when this flag is set an \s-1SSL BIO\s0 using a blocking transport will never request a retry. .PP -Since unknown \fIBIO_ctrl()\fR operations are sent through filter -BIOs the servers name and port can be set using \fIBIO_set_host()\fR -on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having +Since unknown \fBBIO_ctrl()\fR operations are sent through filter +BIOs the servers name and port can be set using \fBBIO_set_host()\fR +on the \s-1BIO\s0 returned by \fBBIO_new_ssl_connect()\fR without having to locate the connect \s-1BIO\s0 first. .PP -Applications do not have to call \fIBIO_do_handshake()\fR but may wish +Applications do not have to call \fBBIO_do_handshake()\fR but may wish to do so to separate the handshake process from other I/O processing. .SH "RETURN VALUES" @@ -262,7 +266,7 @@ processing. .IX Header "EXAMPLE" This \s-1SSL/TLS\s0 client example, attempts to retrieve a page from an \&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the -unencrypted example in \fIBIO_s_connect\fR\|(3). +unencrypted example in \fBBIO_s_connect\fR\|(3). .PP .Vb 5 \& BIO *sbio, *out; @@ -443,7 +447,7 @@ a client and also echoes the request to standard output. .Ve .SH "BUGS" .IX Header "BUGS" -In OpenSSL versions before 1.0.0 the \fIBIO_pop()\fR call was handled incorrectly, +In OpenSSL versions before 1.0.0 the \fBBIO_pop()\fR call was handled incorrectly, the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not explicitly being popped (e.g. a pop higher up the chain). Applications which diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index 865c19316d2..67fd5a501ff 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_find_type 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,31 +177,31 @@ BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting +The \fBBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as \&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is -searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is +searched for. \fBBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is found. .PP Note: not all the \fBBIO_TYPE_*\fR types above have corresponding \s-1BIO\s0 implementations. .PP -\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs -in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a +\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs +in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a certain type. .PP -\&\fIBIO_method_type()\fR returns the type of a \s-1BIO.\s0 +\&\fBBIO_method_type()\fR returns the type of a \s-1BIO.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. +\&\fBBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. .PP -\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. +\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. .PP -\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. +\&\fBBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. .SH "NOTES" .IX Header "NOTES" -\&\fIBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0 -chain or find multiple matches using \fIBIO_find_type()\fR. Previous versions had to +\&\fBBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0 +chain or find multiple matches using \fBBIO_find_type()\fR. Previous versions had to use: .PP .Vb 1 @@ -205,7 +209,7 @@ use: .Ve .SH "BUGS" .IX Header "BUGS" -\&\fIBIO_find_type()\fR in OpenSSL 0.9.5a and earlier could not be safely passed a +\&\fBBIO_find_type()\fR in OpenSSL 0.9.5a and earlier could not be safely passed a \&\s-1NULL\s0 pointer for the \fBb\fR argument. .SH "EXAMPLE" .IX Header "EXAMPLE" diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index e8de943dbef..ac54a43d468 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,35 +153,35 @@ BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- BIO allocation and freein .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. +The \fBBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. .PP -\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO.\s0 +\&\fBBIO_set()\fR sets the method of an already existing \s-1BIO.\s0 .PP -\&\fIBIO_free()\fR frees up a single \s-1BIO,\s0 \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0 -but it does not return a value. Calling \fIBIO_free()\fR may also have some effect +\&\fBBIO_free()\fR frees up a single \s-1BIO,\s0 \fBBIO_vfree()\fR also frees up a single \s-1BIO\s0 +but it does not return a value. Calling \fBBIO_free()\fR may also have some effect on the underlying I/O structure, for example it may close the file being referred to under certain circumstances. For more details see the individual \&\s-1BIO_METHOD\s0 descriptions. .PP -\&\fIBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error +\&\fBBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error occurs freeing up an individual \s-1BIO\s0 in the chain. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. +\&\fBBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. .PP -\&\fIBIO_set()\fR, \fIBIO_free()\fR return 1 for success and 0 for failure. +\&\fBBIO_set()\fR, \fBBIO_free()\fR return 1 for success and 0 for failure. .PP -\&\fIBIO_free_all()\fR and \fIBIO_vfree()\fR do not return values. +\&\fBBIO_free_all()\fR and \fBBIO_vfree()\fR do not return values. .SH "NOTES" .IX Header "NOTES" Some BIOs (such as memory BIOs) can be used immediately after calling -\&\fIBIO_new()\fR. Others (such as file BIOs) need some additional initialization, +\&\fBBIO_new()\fR. Others (such as file BIOs) need some additional initialization, and frequently a utility function exists to create and initialize such BIOs. .PP -If \fIBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting in a memory leak. .PP -Calling \fIBIO_free_all()\fR a single \s-1BIO\s0 has the same effect as calling \fIBIO_free()\fR +Calling \fBBIO_free_all()\fR a single \s-1BIO\s0 has the same effect as calling \fBBIO_free()\fR on it other than the discarded return value. .PP Normally the \fBtype\fR argument is supplied by a function which returns a diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3 index 891e7e1d67c..af20ea6eb89 100644 --- a/secure/lib/libcrypto/man/BIO_new_CMS.3 +++ b/secure/lib/libcrypto/man/BIO_new_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new_CMS 3" -.TH BIO_new_CMS 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_new_CMS 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output +\&\fBBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output of the filter is written to \fBout\fR. Any data written to the chain is automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. .SH "NOTES" @@ -155,15 +159,15 @@ automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appr The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It supports non blocking I/O. Content is processed and streamed on the fly and not all held in memory at once: so it is possible to encode very large structures. -After all content has been written through the chain \fIBIO_flush()\fR must be called +After all content has been written through the chain \fBBIO_flush()\fR must be called to finalise the structure. .PP The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR parameter of the \fBcms\fR creation function. .PP If an application wishes to write additional data to \fBout\fR BIOs should be -removed from the chain using \fIBIO_pop()\fR and freed with \fIBIO_free()\fR until \fBout\fR -is reached. If no additional data needs to be written \fIBIO_free_all()\fR can be +removed from the chain using \fBBIO_pop()\fR and freed with \fBBIO_free()\fR until \fBout\fR +is reached. If no additional data needs to be written \fBBIO_free_all()\fR can be called to free up the whole chain. .PP Any content written through the filter is used verbatim: no canonical @@ -176,19 +180,19 @@ structures. .PP Large numbers of small writes through the chain should be avoided as this will produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending -a \fIBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. +a \fBBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. .SH "BUGS" .IX Header "BUGS" There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode a \s-1CMS\s0 structure on the fly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_encrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBIO_new_CMS()\fR was added to OpenSSL 1.0.0 +\&\fBBIO_new_CMS()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index 1767c4defd5..e99dc6d34f4 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_push 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,20 +150,20 @@ BIO_push, BIO_pop \- add and remove BIOs from a chain. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns +The \fBBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns \&\fBb\fR. .PP -\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 +\&\fBBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then becomes a single \s-1BIO\s0 with no association with the original chain, it can thus be freed or attached to a different chain. .SH "NOTES" .IX Header "NOTES" -The names of these functions are perhaps a little misleading. \fIBIO_push()\fR -joins two \s-1BIO\s0 chains whereas \fIBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, +The names of these functions are perhaps a little misleading. \fBBIO_push()\fR +joins two \s-1BIO\s0 chains whereas \fBBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, the deleted \s-1BIO\s0 does not need to be at the end of a chain. .PP -The process of calling \fIBIO_push()\fR and \fIBIO_pop()\fR on a \s-1BIO\s0 may have additional +The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a \s-1BIO\s0 may have additional consequences (a control call is made to the affected BIOs) any effects will be noted in the descriptions of individual BIOs. .SH "EXAMPLES" @@ -195,9 +199,9 @@ The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data be written to \fBmd1\fR as before. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_push()\fR returns the end of the chain, \fBb\fR. +\&\fBBIO_push()\fR returns the end of the chain, \fBb\fR. .PP -\&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next +\&\fBBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next \&\s-1BIO.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index 67985fe04d2..ad220414c05 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_read 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,18 +152,18 @@ BIO_read, BIO_write, BIO_gets, BIO_puts \- BIO I/O functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places +\&\fBBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data in \fBbuf\fR. .PP -\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data +\&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data in \fBbuf\fR. Usually this operation will attempt to read a line of data from the \s-1BIO\s0 of maximum length \fBlen\fR. There are exceptions to this -however, for example \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and -return the digest and other BIOs may not support \fIBIO_gets()\fR at all. +however, for example \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and +return the digest and other BIOs may not support \fBBIO_gets()\fR at all. .PP -\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +\&\fBBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. .PP -\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +\&\fBBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return either the amount of data successfully read or @@ -174,23 +178,23 @@ it may merely be an indication that no data is currently available and that the application should retry the operation later. .PP One technique sometimes used with blocking sockets is to use a system call -(such as \fIselect()\fR, \fIpoll()\fR or equivalent) to determine when data is available -and then call \fIread()\fR to read the data. The equivalent with BIOs (that is call -\&\fIselect()\fR on the underlying I/O structure and then call \fIBIO_read()\fR to -read the data) should \fBnot\fR be used because a single call to \fIBIO_read()\fR +(such as \fBselect()\fR, \fBpoll()\fR or equivalent) to determine when data is available +and then call \fBread()\fR to read the data. The equivalent with BIOs (that is call +\&\fBselect()\fR on the underlying I/O structure and then call \fBBIO_read()\fR to +read the data) should \fBnot\fR be used because a single call to \fBBIO_read()\fR can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying -I/O structure and may block as a result. Instead \fIselect()\fR (or equivalent) +I/O structure and may block as a result. Instead \fBselect()\fR (or equivalent) should be combined with non blocking I/O so successive reads will request a retry instead of blocking. .PP -See \fIBIO_should_retry\fR\|(3) for details of how to +See \fBBIO_should_retry\fR\|(3) for details of how to determine the cause of a retry and other I/O issues. .PP -If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to -work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3) +If the \fBBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to +work around this by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3) to the chain. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBIO_should_retry\fR\|(3) +\&\fBBIO_should_retry\fR\|(3) .PP \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index 0ba70595ca6..b86b1fa5bb7 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_s_accept 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,7 +168,7 @@ BIO_get_bind_mode, BIO_do_accept \- accept BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper +\&\fBBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket accept routines. .PP Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data @@ -176,43 +180,43 @@ on the underlying connection. If no connection is established and the port (see below) is set up properly then the \s-1BIO\s0 waits for an incoming connection. .PP -Accept BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR. +Accept BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. .PP If the close flag is set on an accept \s-1BIO\s0 then any active connection on that chain is shutdown and the socket closed when the \s-1BIO\s0 is freed. .PP -Calling \fIBIO_reset()\fR on a accept \s-1BIO\s0 will close any active +Calling \fBBIO_reset()\fR on a accept \s-1BIO\s0 will close any active connection and reset the \s-1BIO\s0 into a state where it awaits another incoming connection. .PP -\&\fIBIO_get_fd()\fR and \fIBIO_set_fd()\fR can be called to retrieve or set -the accept socket. See \fIBIO_s_fd\fR\|(3) +\&\fBBIO_get_fd()\fR and \fBBIO_set_fd()\fR can be called to retrieve or set +the accept socket. See \fBBIO_s_fd\fR\|(3) .PP -\&\fIBIO_set_accept_port()\fR uses the string \fBname\fR to set the accept +\&\fBBIO_set_accept_port()\fR uses the string \fBname\fR to set the accept port. The port is represented as a string of the form \*(L"host:port\*(R", where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. The host can be can be \*(L"*\*(R" which is interpreted as meaning any interface; \*(L"port\*(R" has the same syntax -as the port specified in \fIBIO_set_conn_port()\fR for connect BIOs, +as the port specified in \fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical port string or a string to lookup -using \fIgetservbyname()\fR and a string table. +using \fBgetservbyname()\fR and a string table. .PP -\&\fIBIO_new_accept()\fR combines \fIBIO_new()\fR and \fIBIO_set_accept_port()\fR into +\&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_port()\fR into a single call: that is it creates a new accept \s-1BIO\s0 with port \&\fBhost_port\fR. .PP -\&\fIBIO_set_nbio_accept()\fR sets the accept socket to blocking mode +\&\fBBIO_set_nbio_accept()\fR sets the accept socket to blocking mode (the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1. .PP -\&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which +\&\fBBIO_set_accept_bios()\fR can be used to set a chain of BIOs which will be duplicated and prepended to the chain when an incoming connection is received. This is useful if, for example, a buffering or \s-1SSL BIO\s0 is required for each connection. The chain of BIOs must not be freed after this call, they will be automatically freed when the accept \s-1BIO\s0 is freed. .PP -\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve +\&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve the current bind mode. If \s-1BIO_BIND_NORMAL\s0 (the default) is set then another socket cannot be bound to the same port. If \&\s-1BIO_BIND_REUSEADDR\s0 is set then other sockets can bind to the @@ -221,10 +225,10 @@ attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails and the port is not in use then a second attempt is made using \s-1BIO_BIND_REUSEADDR.\s0 .PP -\&\fIBIO_do_accept()\fR serves two functions. When it is first +\&\fBBIO_do_accept()\fR serves two functions. When it is first called, after the accept \s-1BIO\s0 has been setup, it will attempt to create the accept socket and bind an address to it. Second -and subsequent calls to \fIBIO_do_accept()\fR will await an incoming +and subsequent calls to \fBBIO_do_accept()\fR will await an incoming connection, or request a retry in non blocking mode. .SH "NOTES" .IX Header "NOTES" @@ -239,7 +243,7 @@ accept\->socket. This effectively means that attempting I/O on an initial accept socket will await an incoming connection then perform I/O on it. .PP -If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR +If any additional BIOs have been set using \fBBIO_set_accept_bios()\fR then they are placed between the socket and the accept \s-1BIO,\s0 that is the chain will be accept\->otherbios\->socket. .PP @@ -256,24 +260,24 @@ After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently established connection and \fBaccept\fR will now be a single \s-1BIO\s0 again which can be used to await further incoming connections. If no further connections will be accepted the \fBaccept\fR can -be freed using \fIBIO_free()\fR. +be freed using \fBBIO_free()\fR. .PP If only a single connection will be processed it is possible to perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable however because the accept \s-1BIO\s0 will still accept additional incoming -connections. This can be resolved by using \fIBIO_pop()\fR (see above) +connections. This can be resolved by using \fBBIO_pop()\fR (see above) and freeing up the accept \s-1BIO\s0 after the initial connection. .PP -If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is +If the underlying accept socket is non-blocking and \fBBIO_do_accept()\fR is called to await an incoming connection it is possible for -\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens +\&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens then it is an indication that an accept attempt would block: the application should take appropriate action to wait until the underlying socket has accepted a connection and retry the call. .PP -\&\fIBIO_set_accept_port()\fR, \fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, -\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and -\&\fIBIO_do_accept()\fR are macros. +\&\fBBIO_set_accept_port()\fR, \fBBIO_get_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, +\&\fBBIO_set_accept_bios()\fR, \fBBIO_set_bind_mode()\fR, \fBBIO_get_bind_mode()\fR and +\&\fBBIO_do_accept()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index 103f3b3ffc3..a3653c32e97 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_s_bio 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -166,7 +170,7 @@ BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink +\&\fBBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink BIOs where data written to either half of the pair is buffered and can be read from the other half. Both halves must usually by handled by the same application thread since no locking is done on the internal data structures. @@ -179,47 +183,47 @@ One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under applica can be used when the application wishes to use a non standard transport for \&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. .PP -Calls to \fIBIO_read()\fR will read data from the buffer or request a retry if no +Calls to \fBBIO_read()\fR will read data from the buffer or request a retry if no data is available. .PP -Calls to \fIBIO_write()\fR will place data in the buffer or request a retry if the +Calls to \fBBIO_write()\fR will place data in the buffer or request a retry if the buffer is full. .PP -The standard calls \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR can be used to +The standard calls \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR can be used to determine the amount of pending data in the read or write buffer. .PP -\&\fIBIO_reset()\fR clears any data in the write buffer. +\&\fBBIO_reset()\fR clears any data in the write buffer. .PP -\&\fIBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. +\&\fBBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. .PP -\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing +\&\fBBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing up any half of the pair will automatically destroy the association. .PP -\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further +\&\fBBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other half of the pair will return any pending data or \s-1EOF\s0 when all pending data has been read. .PP -\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. +\&\fBBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. If the size is not initialized a default value is used. This is currently 17K, sufficient for a maximum size \s-1TLS\s0 record. .PP -\&\fIBIO_get_write_buf_size()\fR returns the size of the write buffer. +\&\fBBIO_get_write_buf_size()\fR returns the size of the write buffer. .PP -\&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and -\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR +\&\fBBIO_new_bio_pair()\fR combines the calls to \fBBIO_new()\fR, \fBBIO_make_bio_pair()\fR and +\&\fBBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is -zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether +zero then the default size is used. \fBBIO_new_bio_pair()\fR does not check whether \&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten, -\&\fIBIO_free()\fR is not called. +\&\fBBIO_free()\fR is not called. .PP -\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum +\&\fBBIO_get_write_guarantee()\fR and \fBBIO_ctrl_get_write_guarantee()\fR return the maximum length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this -value will return a value from \fIBIO_write()\fR less than the amount requested or if the -buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a function -whereas \fIBIO_get_write_guarantee()\fR is a macro. +value will return a value from \fBBIO_write()\fR less than the amount requested or if the +buffer is full request a retry. \fBBIO_ctrl_get_write_guarantee()\fR is a function +whereas \fBBIO_get_write_guarantee()\fR is a macro. .PP -\&\fIBIO_get_read_request()\fR and \fIBIO_ctrl_get_read_request()\fR return the +\&\fBBIO_get_read_request()\fR and \fBBIO_ctrl_get_read_request()\fR return the amount of data requested, or the buffer size if it is less, if the last read attempt at the other half of the \s-1BIO\s0 pair failed due to an empty buffer. This can be used to determine how much data should be @@ -228,35 +232,35 @@ in \s-1TLS/SSL\s0 applications where the amount of data read is usually meaningful rather than just a buffer size. After a successful read this call will return zero. It also will return zero once new data has been written satisfying the read request or part of it. -Note that \fIBIO_get_read_request()\fR never returns an amount larger -than that returned by \fIBIO_get_write_guarantee()\fR. +Note that \fBBIO_get_read_request()\fR never returns an amount larger +than that returned by \fBBIO_get_write_guarantee()\fR. .PP -\&\fIBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by -\&\fIBIO_get_read_request()\fR to zero. +\&\fBBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by +\&\fBBIO_get_read_request()\fR to zero. .SH "NOTES" .IX Header "NOTES" Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit -freed due to a \fIBIO_free_all()\fR or \fISSL_free()\fR call the other half needs to be freed. +freed due to a \fBBIO_free_all()\fR or \fBSSL_free()\fR call the other half needs to be freed. .PP When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to -flush any data in the write buffer. This can be done by calling \fIBIO_pending()\fR +flush any data in the write buffer. This can be done by calling \fBBIO_pending()\fR on the other half of the pair and, if any data is pending, reading it and sending it to the underlying transport. This must be done before any normal processing -(such as calling \fIselect()\fR ) due to a request and \fIBIO_should_read()\fR being true. +(such as calling \fBselect()\fR ) due to a request and \fBBIO_should_read()\fR being true. .PP To see why this is important consider a case where a request is sent using -\&\fIBIO_write()\fR and a response read with \fIBIO_read()\fR, this can occur during an -\&\s-1TLS/SSL\s0 handshake for example. \fIBIO_write()\fR will succeed and place data in the write -buffer. \fIBIO_read()\fR will initially fail and \fIBIO_should_read()\fR will be true. If +\&\fBBIO_write()\fR and a response read with \fBBIO_read()\fR, this can occur during an +\&\s-1TLS/SSL\s0 handshake for example. \fBBIO_write()\fR will succeed and place data in the write +buffer. \fBBIO_read()\fR will initially fail and \fBBIO_should_read()\fR will be true. If the application then waits for data to be available on the underlying transport before flushing the write buffer it will never succeed because the request was never sent! .PP -\&\fIBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been +\&\fBBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been shutdown. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in +\&\fBBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in \&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. .PP @@ -264,7 +268,7 @@ locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more informat .SH "EXAMPLE" .IX Header "EXAMPLE" The \s-1BIO\s0 pair can be used to have full control over the network access of an -application. The application can call \fIselect()\fR on the socket as required +application. The application can call \fBselect()\fR on the socket as required without having to go through the SSL-interface. .PP .Vb 6 @@ -296,18 +300,18 @@ connection, it behaves non-blocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer. .PP -Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 -and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to +Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transfered to the network. Use \fBBIO_ctrl_get_read_request()\fR to find out, how many bytes must be written into the buffer before the -\&\fISSL_operation()\fR can successfully be continued. +\&\fBSSL_operation()\fR can successfully be continued. .SH "WARNING" .IX Header "WARNING" -As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0 +As the data is buffered, \fBSSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0 condition, but there is still data in the write buffer. An application must -not rely on the error value of \fISSL_operation()\fR but must assure that the +not rely on the error value of \fBSSL_operation()\fR but must assure that the write buffer is always flushed first. Otherwise a deadlock may occur as the peer might be waiting for the data before being able to continue. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), -\&\fIBIO_should_retry\fR\|(3), \fIBIO_read\fR\|(3) +\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(3), \fBbio\fR\|(3), +\&\fBBIO_should_retry\fR\|(3), \fBBIO_read\fR\|(3) diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index 6d38e4cb4ba..097e418d62a 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_s_connect 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,7 +167,7 @@ BIO_set_nbio, BIO_do_connect \- connect BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper +\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket connection routines. .PP Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data @@ -175,60 +179,60 @@ on the underlying connection. If no connection is established and the port and hostname (see below) is set up properly then a connection is established first. .PP -Connect BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR. +Connect BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. .PP If the close flag is set on a connect \s-1BIO\s0 then any active connection is shutdown and the socket closed when the \s-1BIO\s0 is freed. .PP -Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 will close any active +Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active connection and reset the \s-1BIO\s0 into a state where it can connect to the same host again. .PP -\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 +\&\fBBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP -\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. +\&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. The hostname can be an \s-1IP\s0 address. The hostname can also include the port in the form hostname:port . It is also acceptable to use the form \*(L"hostname/any/other/path\*(R" or \*(L"hostname:port/any/other/path\*(R". .PP -\&\fIBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the +\&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the numerical form or a string such as \*(L"http\*(R". A string will be looked -up first using \fIgetservbyname()\fR on the host platform but if that +up first using \fBgetservbyname()\fR on the host platform but if that fails a standard table of port names will be used. Currently the list is http, telnet, socks, https, ssl, ftp, gopher and wais. .PP -\&\fIBIO_set_conn_ip()\fR sets the \s-1IP\s0 address to \fBip\fR using binary form, +\&\fBBIO_set_conn_ip()\fR sets the \s-1IP\s0 address to \fBip\fR using binary form, that is four bytes specifying the \s-1IP\s0 address in big-endian form. .PP -\&\fIBIO_set_conn_int_port()\fR sets the port using \fBport\fR. \fBport\fR should +\&\fBBIO_set_conn_int_port()\fR sets the port using \fBport\fR. \fBport\fR should be of type (int *). .PP -\&\fIBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or +\&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or \&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. This return value is an internal pointer which should not be modified. .PP -\&\fIBIO_get_conn_port()\fR returns the port as a string. +\&\fBBIO_get_conn_port()\fR returns the port as a string. .PP -\&\fIBIO_get_conn_ip()\fR returns the \s-1IP\s0 address in binary form. +\&\fBBIO_get_conn_ip()\fR returns the \s-1IP\s0 address in binary form. .PP -\&\fIBIO_get_conn_int_port()\fR returns the port as an int. +\&\fBBIO_get_conn_int_port()\fR returns the port as an int. .PP -\&\fIBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is +\&\fBBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O -is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR +is set. Blocking I/O is the default. The call to \fBBIO_set_nbio()\fR should be made before the connection is established because non blocking I/O is set during the connect process. .PP -\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into +\&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. .PP -\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 +\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the -call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs +call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs to determine if the call should be retried. .SH "NOTES" .IX Header "NOTES" @@ -237,58 +241,58 @@ I/O call is caused by an error condition, although a zero return will normally mean that the connection was closed. .PP If the port name is supplied as part of the host name then this will -override any value set with \fIBIO_set_conn_port()\fR. This may be undesirable +override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable if the application does not wish to allow connection to arbitrary ports. This can be avoided by checking for the presence of the ':' character in the passed hostname and either indicating an error or truncating the string at that point. .PP -The values returned by \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR, -\&\fIBIO_get_conn_ip()\fR and \fIBIO_get_conn_int_port()\fR are updated when a +The values returned by \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_port()\fR, +\&\fBBIO_get_conn_ip()\fR and \fBBIO_get_conn_int_port()\fR are updated when a connection attempt is made. Before any connection attempt the values returned are those set by the application itself. .PP -Applications do not have to call \fIBIO_do_connect()\fR but may wish to do +Applications do not have to call \fBBIO_do_connect()\fR but may wish to do so to separate the connection process from other I/O processing. .PP If non blocking I/O is set then retries will be requested as appropriate. .PP -It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also -possible for \fIBIO_should_io_special()\fR to be true during the initial +It addition to \fBBIO_should_read()\fR and \fBBIO_should_write()\fR it is also +possible for \fBBIO_should_io_special()\fR to be true during the initial connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call. .PP -\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR, -\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR, -\&\fIBIO_get_conn_ip()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_nbio()\fR and -\&\fIBIO_do_connect()\fR are macros. +\&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_set_conn_ip()\fR, +\&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_port()\fR, +\&\fBBIO_get_conn_ip()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_nbio()\fR and +\&\fBBIO_do_connect()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. +\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. .PP -\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not +\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not been initialized. .PP -\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR and -\&\fIBIO_set_conn_int_port()\fR always return 1. +\&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_set_conn_ip()\fR and +\&\fBBIO_set_conn_int_port()\fR always return 1. .PP -\&\fIBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 is +\&\fBBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 is none was set. .PP -\&\fIBIO_get_conn_port()\fR returns a string representing the connected +\&\fBBIO_get_conn_port()\fR returns a string representing the connected port or \s-1NULL\s0 if not set. .PP -\&\fIBIO_get_conn_ip()\fR returns a pointer to the connected \s-1IP\s0 address in +\&\fBBIO_get_conn_ip()\fR returns a pointer to the connected \s-1IP\s0 address in binary form or all zeros if not set. .PP -\&\fIBIO_get_conn_int_port()\fR returns the connected port or 0 if none was +\&\fBBIO_get_conn_int_port()\fR returns the connected port or 0 if none was set. .PP -\&\fIBIO_set_nbio()\fR always returns 1. +\&\fBBIO_set_nbio()\fR always returns 1. .PP -\&\fIBIO_do_connect()\fR returns 1 if the connection was successfully +\&\fBBIO_do_connect()\fR returns 1 if the connection was successfully established and 0 or \-1 if the connection failed. .SH "EXAMPLE" .IX Header "EXAMPLE" diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index d6a4d7d2bd6..bd5d003089b 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_s_fd 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,56 +154,56 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper -round the platforms file descriptor routines such as \fIread()\fR and \fIwrite()\fR. +\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper +round the platforms file descriptor routines such as \fBread()\fR and \fBwrite()\fR. .PP -\&\fIBIO_read()\fR and \fIBIO_write()\fR read or write the underlying descriptor. -\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not. +\&\fBBIO_read()\fR and \fBBIO_write()\fR read or write the underlying descriptor. +\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. .PP -If the close flag is set then then \fIclose()\fR is called on the underlying +If the close flag is set then then \fBclose()\fR is called on the underlying file descriptor when the \s-1BIO\s0 is freed. .PP -\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file +\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file using lseek(fd, 0, 0). .PP -\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file using lseek(fd, ofs, 0). .PP -\&\fIBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1). +\&\fBBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1). .PP -\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +\&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close flag to \fBc\fR. .PP -\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also +\&\fBBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also returns the file descriptor. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP -\&\fIBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. +\&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. .SH "NOTES" .IX Header "NOTES" -The behaviour of \fIBIO_read()\fR and \fIBIO_write()\fR depends on the behavior of the -platforms \fIread()\fR and \fIwrite()\fR calls on the descriptor. If the underlying +The behaviour of \fBBIO_read()\fR and \fBBIO_write()\fR depends on the behavior of the +platforms \fBread()\fR and \fBwrite()\fR calls on the descriptor. If the underlying file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the -manner described in the \fIBIO_read\fR\|(3) and \fIBIO_should_retry\fR\|(3) +manner described in the \fBBIO_read\fR\|(3) and \fBBIO_should_retry\fR\|(3) manual pages. .PP File descriptor BIOs should not be used for socket I/O. Use socket BIOs instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. +\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. .PP -\&\fIBIO_reset()\fR returns zero for success and \-1 if an error occurred. -\&\fIBIO_seek()\fR and \fIBIO_tell()\fR return the current file position or \-1 -if an error occurred. These values reflect the underlying \fIlseek()\fR +\&\fBBIO_reset()\fR returns zero for success and \-1 if an error occurred. +\&\fBBIO_seek()\fR and \fBBIO_tell()\fR return the current file position or \-1 +if an error occurred. These values reflect the underlying \fBlseek()\fR behaviour. .PP -\&\fIBIO_set_fd()\fR always returns 1. +\&\fBBIO_set_fd()\fR always returns 1. .PP -\&\fIBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not +\&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not been initialized. .PP -\&\fIBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +\&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error occurred. .SH "EXAMPLE" .IX Header "EXAMPLE" @@ -213,8 +217,8 @@ This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3), -\&\fIBIO_reset\fR\|(3), \fIBIO_read\fR\|(3), -\&\fIBIO_write\fR\|(3), \fIBIO_puts\fR\|(3), -\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3), -\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3) +\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), +\&\fBBIO_reset\fR\|(3), \fBBIO_read\fR\|(3), +\&\fBBIO_write\fR\|(3), \fBBIO_puts\fR\|(3), +\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), +\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index c7b4d5b6480..8389a70fc12 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_s_file 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,48 +161,48 @@ BIO_rw_filename \- FILE bio .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it +\&\fBBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it is a wrapper round the stdio \s-1FILE\s0 structure and it is a source/sink \s-1BIO.\s0 .PP -Calls to \fIBIO_read()\fR and \fIBIO_write()\fR read and write data to the -underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs. +Calls to \fBBIO_read()\fR and \fBBIO_write()\fR read and write data to the +underlying stream. \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported on file BIOs. .PP -\&\fIBIO_flush()\fR on a file \s-1BIO\s0 calls the \fIfflush()\fR function on the wrapped +\&\fBBIO_flush()\fR on a file \s-1BIO\s0 calls the \fBfflush()\fR function on the wrapped stream. .PP -\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file +\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file using fseek(stream, 0, 0). .PP -\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file using fseek(stream, ofs, 0). .PP -\&\fIBIO_eof()\fR calls \fIfeof()\fR. +\&\fBBIO_eof()\fR calls \fBfeof()\fR. .PP -Setting the \s-1BIO_CLOSE\s0 flag calls \fIfclose()\fR on the stream when the \s-1BIO\s0 +Setting the \s-1BIO_CLOSE\s0 flag calls \fBfclose()\fR on the stream when the \s-1BIO\s0 is freed. .PP -\&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning -of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0 +\&\fBBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning +of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The \s-1BIO_CLOSE\s0 flag is set on the returned \s-1BIO.\s0 .PP -\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: +\&\fBBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: \&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying stream to text mode, default is binary: this only has any effect under Win32). .PP -\&\fIBIO_set_fp()\fR set the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same -meaning as in \fIBIO_new_fp()\fR, it is a macro. +\&\fBBIO_set_fp()\fR set the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same +meaning as in \fBBIO_new_fp()\fR, it is a macro. .PP -\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. +\&\fBBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. .PP -\&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes +\&\fBBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes from the start of file. .PP -\&\fIBIO_tell()\fR returns the value of the position pointer. +\&\fBBIO_tell()\fR returns the value of the position pointer. .PP -\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and -\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for +\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and +\&\fBBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for reading, writing, append or read write respectively. .SH "NOTES" .IX Header "NOTES" @@ -253,32 +257,32 @@ Alternative technique: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_file()\fR returns the file \s-1BIO\s0 method. +\&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method. .PP -\&\fIBIO_new_file()\fR and \fIBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error +\&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error occurred. .PP -\&\fIBIO_set_fp()\fR and \fIBIO_get_fp()\fR return 1 for success or 0 for failure +\&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or 0 for failure (although the current implementation never return 0). .PP -\&\fIBIO_seek()\fR returns the same value as the underlying \fIfseek()\fR function: +\&\fBBIO_seek()\fR returns the same value as the underlying \fBfseek()\fR function: 0 for success or \-1 for failure. .PP -\&\fIBIO_tell()\fR returns the current file position. +\&\fBBIO_tell()\fR returns the current file position. .PP -\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and -\&\fIBIO_rw_filename()\fR return 1 for success or 0 for failure. +\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and +\&\fBBIO_rw_filename()\fR return 1 for success or 0 for failure. .SH "BUGS" .IX Header "BUGS" -\&\fIBIO_reset()\fR and \fIBIO_seek()\fR are implemented using \fIfseek()\fR on the underlying -stream. The return value for \fIfseek()\fR is 0 for success or \-1 if an error +\&\fBBIO_reset()\fR and \fBBIO_seek()\fR are implemented using \fBfseek()\fR on the underlying +stream. The return value for \fBfseek()\fR is 0 for success or \-1 if an error occurred this differs from other types of \s-1BIO\s0 which will typically return 1 for success and a non positive value if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3), -\&\fIBIO_reset\fR\|(3), \fIBIO_flush\fR\|(3), -\&\fIBIO_read\fR\|(3), -\&\fIBIO_write\fR\|(3), \fIBIO_puts\fR\|(3), -\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3), -\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3) +\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), +\&\fBBIO_reset\fR\|(3), \fBBIO_flush\fR\|(3), +\&\fBBIO_read\fR\|(3), +\&\fBBIO_write\fR\|(3), \fBBIO_puts\fR\|(3), +\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), +\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index 7f8673dbae5..628dd298bd7 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_s_mem 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +157,7 @@ BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_mem()\fR return the memory \s-1BIO\s0 method function. +\&\fBBIO_s_mem()\fR return the memory \s-1BIO\s0 method function. .PP A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended @@ -163,37 +167,37 @@ Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from the \s-1BIO.\s0 .PP -Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR. +Memory BIOs support \fBBIO_gets()\fR and \fBBIO_puts()\fR. .PP If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying \&\s-1BUF_MEM\s0 structure is also freed. .PP -Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it. On a +Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it. On a read only \s-1BIO\s0 it restores the \s-1BIO\s0 to its original state and the read only data can be read again. .PP -\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 +\&\fBBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 .PP -\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored. +\&\fBBIO_ctrl_pending()\fR returns the number of bytes currently stored. .PP -\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is +\&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non zero then it will return \fBv\fR when it is empty and it will set the read retry flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal positive return value \fBv\fR should be set to a negative value, typically \-1. .PP -\&\fIBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data +\&\fBBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro. .PP -\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the +\&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 It is a macro. .PP -\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is +\&\fBBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is a macro. .PP -\&\fIBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, +\&\fBBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and as a result cannot be written to. This is useful when some data needs to be diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index 093e7e1dc64..471e294afbc 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_s_null 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ BIO_s_null \- null data sink .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to +\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to the null sink is discarded, reads return \s-1EOF.\s0 .SH "NOTES" .IX Header "NOTES" @@ -161,7 +165,7 @@ Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can by adding a null sink \s-1BIO\s0 to the end of the chain .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. +\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index 049131f926e..3aa7e842584 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_s_socket 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,22 +154,22 @@ BIO_s_socket, BIO_new_socket \- socket BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper +\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper round the platform's socket routines. .PP -\&\fIBIO_read()\fR and \fIBIO_write()\fR read or write the underlying socket. -\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not. +\&\fBBIO_read()\fR and \fBBIO_write()\fR read or write the underlying socket. +\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. .PP If the close flag is set then the socket is shut down and closed when the \s-1BIO\s0 is freed. .PP -\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +\&\fBBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close flag to \fBclose_flag\fR. .PP -\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL,\s0 it also +\&\fBBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL,\s0 it also returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP -\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. +\&\fBBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. .SH "NOTES" .IX Header "NOTES" Socket BIOs also support any relevant functionality of file descriptor @@ -176,17 +180,17 @@ platforms sockets are not file descriptors and use distinct I/O routines, Windows is one such platform. Any code mixing the two will not work on all platforms. .PP -\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are macros. +\&\fBBIO_set_fd()\fR and \fBBIO_get_fd()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. +\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. .PP -\&\fIBIO_set_fd()\fR always returns 1. +\&\fBBIO_set_fd()\fR always returns 1. .PP -\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not been +\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not been initialized. .PP -\&\fIBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +\&\fBBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index 9cdc7471e7c..6fdab620337 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_set_callback 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,20 +159,20 @@ BIO_debug_callback \- BIO callback functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_set_callback()\fR and \fIBIO_get_callback()\fR set and retrieve the \s-1BIO\s0 callback, +\&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the \s-1BIO\s0 callback, they are both macros. The callback is called during most high level \s-1BIO\s0 operations. It can be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its operation. .PP -\&\fIBIO_set_callback_arg()\fR and \fIBIO_get_callback_arg()\fR are macros which can be +\&\fBBIO_set_callback_arg()\fR and \fBBIO_get_callback_arg()\fR are macros which can be used to set and retrieve an argument for use in the callback. .PP -\&\fIBIO_debug_callback()\fR is a standard debugging callback which prints +\&\fBBIO_debug_callback()\fR is a standard debugging callback which prints out information relating to each \s-1BIO\s0 operation. If the callback argument is set if is interpreted as a \s-1BIO\s0 to send the information to, otherwise stderr is used. .PP -\&\fIcallback()\fR is the callback function itself. The meaning of each +\&\fBcallback()\fR is the callback function itself. The meaning of each argument is described below. .PP The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR. @@ -222,7 +226,7 @@ callback(b,BIO_CB_CTRL,parg,cmd,larg,1L) is called before the call and callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after. .SH "EXAMPLE" .IX Header "EXAMPLE" -The \fIBIO_debug_callback()\fR function is a good example, its source is +The \fBBIO_debug_callback()\fR function is a good example, its source is in crypto/bio/bio_cb.c .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index 8c8541d42d9..2f3729a6d04 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BIO_should_retry 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,42 +165,42 @@ BIO_get_retry_BIO, BIO_get_retry_reason \- BIO retry functions .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions determine why a \s-1BIO\s0 is not able to read or write data. -They will typically be called after a failed \fIBIO_read()\fR or \fIBIO_write()\fR +They will typically be called after a failed \fBBIO_read()\fR or \fBBIO_write()\fR call. .PP -\&\fIBIO_should_retry()\fR is true if the call that produced this condition +\&\fBBIO_should_retry()\fR is true if the call that produced this condition should then be retried at a later time. .PP -If \fIBIO_should_retry()\fR is false then the cause is an error condition. +If \fBBIO_should_retry()\fR is false then the cause is an error condition. .PP -\&\fIBIO_should_read()\fR is true if the cause of the condition is that a \s-1BIO\s0 +\&\fBBIO_should_read()\fR is true if the cause of the condition is that a \s-1BIO\s0 needs to read data. .PP -\&\fIBIO_should_write()\fR is true if the cause of the condition is that a \s-1BIO\s0 +\&\fBBIO_should_write()\fR is true if the cause of the condition is that a \s-1BIO\s0 needs to read data. .PP -\&\fIBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a +\&\fBBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a reason other than reading or writing is the cause of the condition. .PP -\&\fIBIO_retry_type()\fR returns a mask of the cause of a retry condition +\&\fBBIO_retry_type()\fR returns a mask of the cause of a retry condition consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, \&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of these. .PP -\&\fIBIO_get_retry_BIO()\fR determines the precise reason for the special +\&\fBBIO_get_retry_BIO()\fR determines the precise reason for the special condition, it returns the \s-1BIO\s0 that caused this condition and if \&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of the reason code and the action that should be taken depends on the type of \s-1BIO\s0 that resulted in this condition. .PP -\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if -passed the relevant \s-1BIO,\s0 for example as returned by \fIBIO_get_retry_BIO()\fR. +\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition if +passed the relevant \s-1BIO,\s0 for example as returned by \fBBIO_get_retry_BIO()\fR. .SH "NOTES" .IX Header "NOTES" -If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" +If \fBBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 -operation. For example if a call to \fIBIO_read()\fR on a socket \s-1BIO\s0 returns -0 and \fIBIO_should_retry()\fR is false then the cause will be that the +operation. For example if a call to \fBBIO_read()\fR on a socket \s-1BIO\s0 returns +0 and \fBBIO_should_retry()\fR is false then the cause will be that the connection closed. A similar condition on a file \s-1BIO\s0 will mean that it has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on the error queue. For more details see the individual \s-1BIO\s0 type manual @@ -205,12 +209,12 @@ pages. If the underlying I/O structure is in a blocking mode almost all current \&\s-1BIO\s0 types will not request a retry, because the underlying I/O calls will not. If the application knows that the \s-1BIO\s0 type will never -signal a retry then it need not call \fIBIO_should_retry()\fR after a failed +signal a retry then it need not call \fBBIO_should_retry()\fR after a failed \&\s-1BIO I/O\s0 call. This is typically done with file BIOs. .PP \&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a retry even if the underlying I/O structure is blocking, if a handshake -occurs during a call to \fIBIO_read()\fR. An application can retry the failed +occurs during a call to \fBBIO_read()\fR. An application can retry the failed call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 on the underlying \s-1SSL\s0 structure. .PP @@ -220,10 +224,10 @@ repeatedly until data can be processed or is available. An application will normally wait until the necessary condition is satisfied. How this is done depends on the underlying I/O structure. .PP -For example if the cause is ultimately a socket and \fIBIO_should_read()\fR -is true then a call to \fIselect()\fR may be made to wait until data is +For example if the cause is ultimately a socket and \fBBIO_should_read()\fR +is true then a call to \fBselect()\fR may be made to wait until data is available and then retry the \s-1BIO\s0 operation. By combining the retry -conditions of several non blocking BIOs in a single \fIselect()\fR call +conditions of several non blocking BIOs in a single \fBselect()\fR call it is possible to service several BIOs in a single thread, though the performance may be poor if \s-1SSL\s0 BIOs are present because long delays can occur during the initial handshake process. @@ -231,7 +235,7 @@ can occur during the initial handshake process. It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O structure cannot process or return any data. This depends on the behaviour of the platforms I/O functions. This is often not desirable: one solution -is to use non blocking I/O and use a timeout on the \fIselect()\fR (or +is to use non blocking I/O and use a timeout on the \fBselect()\fR (or equivalent) call. .SH "BUGS" .IX Header "BUGS" diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3 index 5c1e39e0c4e..44ba2843a05 100644 --- a/secure/lib/libcrypto/man/BN_BLINDING_new.3 +++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_new 3" -.TH BN_BLINDING_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_BLINDING_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,65 +174,65 @@ functions. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies +\&\fBBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. .PP -\&\fIBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. +\&\fBBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. .PP -\&\fIBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring +\&\fBBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring the \fBA\fR and \fBAi\fR or, after specific number of uses and if the necessary parameters are set, by re-creating the blinding parameters. .PP -\&\fIBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. +\&\fBBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among -several threads). \fIBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the +several threads). \fBBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as the inverse blinding. .PP -\&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper -functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR +\&\fBBN_BLINDING_convert()\fR and \fBBN_BLINDING_invert()\fR are wrapper +functions for \fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR with \fBr\fR set to \s-1NULL.\s0 .PP -\&\fIBN_BLINDING_thread_id()\fR provides access to the \fB\s-1CRYPTO_THREADID\s0\fR +\&\fBBN_BLINDING_thread_id()\fR provides access to the \fB\s-1CRYPTO_THREADID\s0\fR object within the \fB\s-1BN_BLINDING\s0\fR structure. This is to help users provide proper locking if needed for multi-threaded use. The \*(L"thread id\*(R" object of a newly allocated \fB\s-1BN_BLINDING\s0\fR structure is -initialised to the thread id in which \fIBN_BLINDING_new()\fR was called. +initialised to the thread id in which \fBBN_BLINDING_new()\fR was called. .PP -\&\fIBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently +\&\fBBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and \&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently 32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. -\&\fIBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. +\&\fBBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. .PP -\&\fIBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters +\&\fBBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and \&\fBm_ctx\fR can be used to pass special functions for exponentiation -(normally \fIBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). +(normally \fBBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure +\&\fBBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure or \s-1NULL\s0 in case of an error. .PP -\&\fIBN_BLINDING_update()\fR, \fIBN_BLINDING_convert()\fR, \fIBN_BLINDING_invert()\fR, -\&\fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR return 1 on +\&\fBBN_BLINDING_update()\fR, \fBBN_BLINDING_convert()\fR, \fBBN_BLINDING_invert()\fR, +\&\fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR return 1 on success and 0 if an error occurred. .PP -\&\fIBN_BLINDING_thread_id()\fR returns a pointer to the thread id object +\&\fBBN_BLINDING_thread_id()\fR returns a pointer to the thread id object within a \fB\s-1BN_BLINDING\s0\fR object. .PP -\&\fIBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags +\&\fBBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags (a \fBunsigned long\fR value). .PP -\&\fIBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR +\&\fBBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR parameters or \s-1NULL\s0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3) +\&\fBbn\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" BN_BLINDING_thread_id was first introduced in OpenSSL 1.0.0, and it diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index 7555277e34e..0052b80674d 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_CTX_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,29 +162,29 @@ library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fR is rather expensive when used in conjunction with repeated subroutine calls, the \fB\s-1BN_CTX\s0\fR structure is used. .PP -\&\fIBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR +\&\fBBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure. .PP -\&\fIBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR, and if it was -created by \fIBN_CTX_new()\fR, also the structure itself. -If \fIBN_CTX_start\fR\|(3) has been used on the \fB\s-1BN_CTX\s0\fR, -\&\fIBN_CTX_end\fR\|(3) must be called before the \fB\s-1BN_CTX\s0\fR -may be freed by \fIBN_CTX_free()\fR. +\&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR, and if it was +created by \fBBN_CTX_new()\fR, also the structure itself. +If \fBBN_CTX_start\fR\|(3) has been used on the \fB\s-1BN_CTX\s0\fR, +\&\fBBN_CTX_end\fR\|(3) must be called before the \fB\s-1BN_CTX\s0\fR +may be freed by \fBBN_CTX_free()\fR. .PP -\&\fIBN_CTX_init()\fR (deprecated) initializes an existing uninitialized \fB\s-1BN_CTX\s0\fR. -This should not be used for new programs. Use \fIBN_CTX_new()\fR instead. +\&\fBBN_CTX_init()\fR (deprecated) initializes an existing uninitialized \fB\s-1BN_CTX\s0\fR. +This should not be used for new programs. Use \fBBN_CTX_new()\fR instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_CTX_new()\fR returns a pointer to the \fB\s-1BN_CTX\s0\fR. If the allocation fails, +\&\fBBN_CTX_new()\fR returns a pointer to the \fB\s-1BN_CTX\s0\fR. If the allocation fails, it returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .PP -\&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values. +\&\fBBN_CTX_init()\fR and \fBBN_CTX_free()\fR have no return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), -\&\fIBN_CTX_start\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_start\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_CTX_new()\fR and \fIBN_CTX_free()\fR are available in all versions on SSLeay -and OpenSSL. \fIBN_CTX_init()\fR was added in SSLeay 0.9.1b. +\&\fBBN_CTX_new()\fR and \fBBN_CTX_free()\fR are available in all versions on SSLeay +and OpenSSL. \fBBN_CTX_init()\fR was added in SSLeay 0.9.1b. diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index 539ca79758a..9312c2e39cf 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_CTX_start 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,30 +154,30 @@ BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from -a \fB\s-1BN_CTX\s0\fR (which can been created by using \fIBN_CTX_new\fR\|(3)) +a \fB\s-1BN_CTX\s0\fR (which can been created by using \fBBN_CTX_new\fR\|(3)) in order to save the overhead of repeatedly creating and freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. .PP -A function must call \fIBN_CTX_start()\fR first. Then, \fIBN_CTX_get()\fR may be -called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fIBN_CTX_get()\fR +A function must call \fBBN_CTX_start()\fR first. Then, \fBBN_CTX_get()\fR may be +called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fBBN_CTX_get()\fR calls must be made before calling any other functions that use the \&\fBctx\fR as an argument. .PP -Finally, \fIBN_CTX_end()\fR must be called before returning from the function. -When \fIBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from -\&\fIBN_CTX_get()\fR become invalid. +Finally, \fBBN_CTX_end()\fR must be called before returning from the function. +When \fBBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from +\&\fBBN_CTX_get()\fR become invalid. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_CTX_start()\fR and \fIBN_CTX_end()\fR return no values. +\&\fBBN_CTX_start()\fR and \fBBN_CTX_end()\fR return no values. .PP -\&\fIBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. -Once \fIBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR +\&\fBBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. +Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR as well, so it is sufficient to check the return value of the last -\&\fIBN_CTX_get()\fR call. In case of an error, an error code is set, which -can be obtained by \fIERR_get_error\fR\|(3). +\&\fBBN_CTX_get()\fR call. In case of an error, an error code is set, which +can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBN_CTX_new\fR\|(3) +\&\fBBN_CTX_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_CTX_start()\fR, \fIBN_CTX_get()\fR and \fIBN_CTX_end()\fR were added in OpenSSL 0.9.5. +\&\fBBN_CTX_start()\fR, \fBBN_CTX_get()\fR and \fBBN_CTX_end()\fR were added in OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index d1e81415376..df52b694de3 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_add 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -178,62 +182,62 @@ arithmetic operations on BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fBBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. .PP -\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +\&\fBBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). .PP -\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fBBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. -For multiplication by powers of 2, use \fIBN_lshift\fR\|(3). +For multiplication by powers of 2, use \fBBN_lshift\fR\|(3). .PP -\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR +\&\fBBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. This function is faster than BN_mul(r,a,a). .PP -\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the +\&\fBBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. The result is rounded towards zero; thus if \fIa\fR is negative, the remainder will be zero or negative. -For division by powers of 2, use \fIBN_rshift\fR\|(3). +For division by powers of 2, use \fBBN_rshift\fR\|(3). .PP -\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +\&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. .PP -\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +\&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative remainder in \fIr\fR. .PP -\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +\&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative result in \fIr\fR. .PP -\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the +\&\fBBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the non-negative result in \fIr\fR. .PP -\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +\&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for repeated computations using the same modulus, see -\&\fIBN_mod_mul_montgomery\fR\|(3) and -\&\fIBN_mod_mul_reciprocal\fR\|(3). +\&\fBBN_mod_mul_montgomery\fR\|(3) and +\&\fBBN_mod_mul_reciprocal\fR\|(3). .PP -\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the +\&\fBBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the result in \fIr\fR. .PP -\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR +\&\fBBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR (\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of -\&\fIBN_mul()\fR. +\&\fBBN_mul()\fR. .PP -\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % -m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. Do not call this +\&\fBBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % +m\*(C'\fR). This function uses less time and space than \fBBN_exp()\fR. Do not call this function when \fBm\fR is even and any of the parameters have the \&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set. .PP -\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and +\&\fBBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \&\fIb\fR. .PP For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for -temporary variables; see \fIBN_CTX_new\fR\|(3). +temporary variables; see \fBBN_CTX_new\fR\|(3). .PP Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from the arguments. @@ -241,16 +245,16 @@ the arguments. .IX Header "RETURN VALUES" For all functions, 1 is returned for success, 0 on error. The return value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_CTX_new\fR\|(3), -\&\fIBN_add_word\fR\|(3), \fIBN_set_bit\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_CTX_new\fR\|(3), +\&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_sqr()\fR, \fIBN_div()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR, -\&\fIBN_mod_exp()\fR and \fIBN_gcd()\fR are available in all versions of SSLeay and -OpenSSL. The \fIctx\fR argument to \fIBN_mul()\fR was added in SSLeay -0.9.1b. \fIBN_exp()\fR appeared in SSLeay 0.9.0. -\&\fIBN_nnmod()\fR, \fIBN_mod_add()\fR, \fIBN_mod_sub()\fR, and \fIBN_mod_sqr()\fR were added in +\&\fBBN_add()\fR, \fBBN_sub()\fR, \fBBN_sqr()\fR, \fBBN_div()\fR, \fBBN_mod()\fR, \fBBN_mod_mul()\fR, +\&\fBBN_mod_exp()\fR and \fBBN_gcd()\fR are available in all versions of SSLeay and +OpenSSL. The \fIctx\fR argument to \fBBN_mul()\fR was added in SSLeay +0.9.1b. \fBBN_exp()\fR appeared in SSLeay 0.9.0. +\&\fBBN_nnmod()\fR, \fBBN_mod_add()\fR, \fBBN_mod_sub()\fR, and \fBBN_mod_sqr()\fR were added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index 4d6ac0cb13b..8e6a1f99341 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_add_word 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,32 +162,32 @@ These functions perform arithmetic operations on BIGNUMs with unsigned integers. They are much more efficient than the normal \s-1BIGNUM\s0 arithmetic operations. .PP -\&\fIBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). +\&\fBBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). .PP -\&\fIBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). +\&\fBBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). .PP -\&\fIBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). +\&\fBBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). .PP -\&\fIBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. +\&\fBBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. .PP -\&\fIBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). +\&\fBBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). .PP -For \fIBN_div_word()\fR and \fIBN_mod_word()\fR, \fBw\fR must not be 0. +For \fBBN_div_word()\fR and \fBBN_mod_word()\fR, \fBw\fR must not be 0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_add_word()\fR, \fIBN_sub_word()\fR and \fIBN_mul_word()\fR return 1 for success, 0 -on error. The error codes can be obtained by \fIERR_get_error\fR\|(3). +\&\fBBN_add_word()\fR, \fBBN_sub_word()\fR and \fBBN_mul_word()\fR return 1 for success, 0 +on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP -\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR on success and +\&\fBBN_mod_word()\fR and \fBBN_div_word()\fR return \fBa\fR%\fBw\fR on success and \&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of -SSLeay and OpenSSL. \fIBN_div_word()\fR was added in SSLeay 0.8, and -\&\fIBN_sub_word()\fR and \fIBN_mul_word()\fR in SSLeay 0.9.0. +\&\fBBN_add_word()\fR and \fBBN_mod_word()\fR are available in all versions of +SSLeay and OpenSSL. \fBBN_div_word()\fR was added in SSLeay 0.8, and +\&\fBBN_sub_word()\fR and \fBBN_mul_word()\fR in SSLeay 0.9.0. .PP -Before 0.9.8a the return value for \fIBN_div_word()\fR and \fIBN_mod_word()\fR +Before 0.9.8a the return value for \fBBN_div_word()\fR and \fBBN_mod_word()\fR in case of an error was 0. diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index 0a6da59b029..935b9d27b6f 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_bn2bin 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,69 +162,69 @@ BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form +\&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of memory. .PP -\&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length +\&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length \&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is \&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. .PP -\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the hexadecimal and decimal encoding of \fBa\fR respectively. For negative numbers, the string is prefaced with a leading '\-'. The string must be -freed later using \fIOPENSSL_free()\fR. +freed later using \fBOPENSSL_free()\fR. .PP -\&\fIBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number +\&\fBBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new \&\fB\s-1BIGNUM\s0\fR is created. If \fBa\fR is \s-1NULL,\s0 it only computes the number's length in hexadecimal digits. If the string starts with '\-', the number is negative. A \*(L"negative zero\*(R" is converted to zero. -\&\fIBN_dec2bn()\fR is the same using the decimal system. +\&\fBBN_dec2bn()\fR is the same using the decimal system. .PP -\&\fIBN_print()\fR and \fIBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, +\&\fBBN_print()\fR and \fBBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR \&\fBfp\fR. .PP -\&\fIBN_bn2mpi()\fR and \fIBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format +\&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format that consists of the number's length in bytes represented as a 4\-byte big-endian number, and the number itself in big-endian format, where the most significant bit signals a negative number (the representation of numbers with the \s-1MSB\s0 set is prefixed with null byte). .PP -\&\fIBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR +\&\fBBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR must be large enough to hold the result. The size can be determined by calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). .PP -\&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to +\&\fBBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR if \fBret\fR is \s-1NULL.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. -\&\fIBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. +\&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. +\&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. .PP -\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 -on error. \fIBN_hex2bn()\fR and \fIBN_dec2bn()\fR return the number of characters +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 +on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters used in parsing, or 0 on error, in which case no new \fB\s-1BIGNUM\s0\fR will be created. .PP -\&\fIBN_print_fp()\fR and \fIBN_print()\fR return 1 on success, 0 on write errors. +\&\fBBN_print_fp()\fR and \fBBN_print()\fR return 1 on success, 0 on write errors. .PP -\&\fIBN_bn2mpi()\fR returns the length of the representation. \fIBN_mpi2bn()\fR +\&\fBBN_bn2mpi()\fR returns the length of the representation. \fBBN_mpi2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_zero\fR\|(3), -\&\fIASN1_INTEGER_to_BN\fR\|(3), -\&\fIBN_num_bytes\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_zero\fR\|(3), +\&\fBASN1_INTEGER_to_BN\fR\|(3), +\&\fBBN_num_bytes\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_bn2bin()\fR, \fIBN_bin2bn()\fR, \fIBN_print_fp()\fR and \fIBN_print()\fR are available +\&\fBBN_bn2bin()\fR, \fBBN_bin2bn()\fR, \fBBN_print_fp()\fR and \fBBN_print()\fR are available in all versions of SSLeay and OpenSSL. .PP -\&\fIBN_bn2hex()\fR, \fIBN_bn2dec()\fR, \fIBN_hex2bn()\fR, \fIBN_dec2bn()\fR, \fIBN_bn2mpi()\fR and -\&\fIBN_mpi2bn()\fR were added in SSLeay 0.9.0. +\&\fBBN_bn2hex()\fR, \fBBN_bn2dec()\fR, \fBBN_hex2bn()\fR, \fBBN_dec2bn()\fR, \fBBN_bn2mpi()\fR and +\&\fBBN_mpi2bn()\fR were added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index d8051bbea1c..f89d4652ed8 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_cmp 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,26 +155,26 @@ BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparis .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fIBN_ucmp()\fR compares their +\&\fBBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fBBN_ucmp()\fR compares their absolute values. .PP -\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR test if \fBa\fR equals 0, 1, -or \fBw\fR respectively. \fIBN_is_odd()\fR tests if a is odd. +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR and \fBBN_is_word()\fR test if \fBa\fR equals 0, 1, +or \fBw\fR respectively. \fBBN_is_odd()\fR tests if a is odd. .PP -\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR, \fIBN_is_word()\fR and \fIBN_is_odd()\fR are macros. +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR and \fBBN_is_odd()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if -\&\fBa\fR > \fBb\fR. \fIBN_ucmp()\fR is the same using the absolute values +\&\fBBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if +\&\fBa\fR > \fBb\fR. \fBBN_ucmp()\fR is the same using the absolute values of \fBa\fR and \fBb\fR. .PP -\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR \fIBN_is_word()\fR and \fIBN_is_odd()\fR return 1 if +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR \fBBN_is_word()\fR and \fBBN_is_odd()\fR return 1 if the condition is true, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3) +\&\fBbn\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_cmp()\fR, \fIBN_ucmp()\fR, \fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR are +\&\fBBN_cmp()\fR, \fBBN_ucmp()\fR, \fBBN_is_zero()\fR, \fBBN_is_one()\fR and \fBBN_is_word()\fR are available in all versions of SSLeay and OpenSSL. -\&\fIBN_is_odd()\fR was added in SSLeay 0.8. +\&\fBBN_is_odd()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index ccc03a133eb..47149dea4cf 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_copy 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,16 +151,16 @@ BN_copy, BN_dup \- copy BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fIBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR +\&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR containing the value \fBfrom\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fIBN_dup()\fR returns +\&\fBBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fBBN_dup()\fR returns the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained -by \fIERR_get_error\fR\|(3). +by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL. +\&\fBBN_copy()\fR and \fBBN_dup()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index b9ef91a5d9c..c5ce714e2c9 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_generate_prime 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,7 +177,7 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_generate_prime_ex()\fR generates a pseudo-random prime number of +\&\fBBN_generate_prime_ex()\fR generates a pseudo-random prime number of bit length \fBbits\fR. If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. .PP @@ -197,21 +201,21 @@ generator. If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so that (p\-1)/2 is also prime). .PP -The \s-1PRNG\s0 must be seeded prior to calling \fIBN_generate_prime_ex()\fR. +The \s-1PRNG\s0 must be seeded prior to calling \fBBN_generate_prime_ex()\fR. The prime number generation has a negligible error probability. .PP -\&\fIBN_is_prime_ex()\fR and \fIBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is +\&\fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is prime. The following tests are performed until one of them shows that \&\fBp\fR is composite; if \fBp\fR passes all these tests, it is considered prime. .PP -\&\fIBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR, +\&\fBBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR, first attempts trial division by a number of small primes; if no divisors are found by this test and \fBcb\fR is not \fB\s-1NULL\s0\fR, \&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. If \fBdo_trial_division == 0\fR, this test is skipped. .PP -Both \fIBN_is_prime_ex()\fR and \fIBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin +Both \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin probabilistic primality test with \fBnchecks\fR iterations. If \&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that yields a false positive rate of at most 2^\-64 for random input. @@ -256,24 +260,24 @@ deprecated and can be compared to BN_is_prime_ex and BN_is_prime_fasttest_ex respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_generate_prime_ex()\fR return 1 on success or 0 on error. +\&\fBBN_generate_prime_ex()\fR return 1 on success or 0 on error. .PP -\&\fIBN_is_prime_ex()\fR, \fIBN_is_prime_fasttest_ex()\fR, \fIBN_is_prime()\fR and -\&\fIBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is +\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR and +\&\fBBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is prime with an error probability of less than 0.25^\fBnchecks\fR, and \&\-1 on error. .PP -\&\fIBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. +\&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. .PP Callback functions should return 1 on success or 0 on error. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR -were added in SSLeay 0.9.0. The \fBret\fR argument to \fIBN_generate_prime()\fR +The \fBcb_arg\fR arguments to \fBBN_generate_prime()\fR and to \fBBN_is_prime()\fR +were added in SSLeay 0.9.0. The \fBret\fR argument to \fBBN_generate_prime()\fR was added in SSLeay 0.9.1. -\&\fIBN_is_prime_fasttest()\fR was added in OpenSSL 0.9.5. +\&\fBBN_is_prime_fasttest()\fR was added in OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index fd9b7d2534a..45a894cc351 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_mod_inverse 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ BN_mod_inverse \- compute inverse modulo n .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR +\&\fBBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. .PP @@ -154,11 +158,11 @@ a new \fB\s-1BIGNUM\s0\fR is created. variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and -\&\s-1NULL\s0 on error. The error codes can be obtained by \fIERR_get_error\fR\|(3). +\&\fBBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and +\&\s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL. +\&\fBBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index f58556c3c0a..50a0dd96472 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,27 +166,27 @@ BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions implement Montgomery multiplication. They are used -automatically when \fIBN_mod_exp\fR\|(3) is called with suitable input, +automatically when \fBBN_mod_exp\fR\|(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus. .PP -\&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. -\&\fIBN_MONT_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_MONT_CTX\s0\fR. +\&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. +\&\fBBN_MONT_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_MONT_CTX\s0\fR. .PP -\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR +\&\fBBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR by precomputing its inverse and a value R. .PP -\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. +\&\fBBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. .PP -\&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if -it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself. +\&\fBBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if +it was created by \fBBN_MONT_CTX_new()\fR, also the structure itself. .PP -\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places +\&\fBBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places the result in \fIr\fR. .PP -\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. +\&\fBBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. .PP -\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. +\&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. Note that \fIa\fR must be non-negative and smaller than the modulus. .PP For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for @@ -203,28 +207,28 @@ The \fB\s-1BN_MONT_CTX\s0\fR structure is defined as follows: \& } BN_MONT_CTX; .Ve .PP -\&\fIBN_to_montgomery()\fR is a macro. +\&\fBBN_to_montgomery()\fR is a macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 +\&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 on error. .PP -\&\fIBN_MONT_CTX_init()\fR and \fIBN_MONT_CTX_free()\fR have no return values. +\&\fBBN_MONT_CTX_init()\fR and \fBBN_MONT_CTX_free()\fR have no return values. .PP For the other functions, 1 is returned for success, 0 on error. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "WARNING" .IX Header "WARNING" The inputs must be reduced modulo \fBm\fR, otherwise the result will be outside the expected range. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), -\&\fIBN_CTX_new\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_MONT_CTX_new()\fR, \fIBN_MONT_CTX_free()\fR, \fIBN_MONT_CTX_set()\fR, -\&\fIBN_mod_mul_montgomery()\fR, \fIBN_from_montgomery()\fR and \fIBN_to_montgomery()\fR +\&\fBBN_MONT_CTX_new()\fR, \fBBN_MONT_CTX_free()\fR, \fBBN_MONT_CTX_set()\fR, +\&\fBBN_mod_mul_montgomery()\fR, \fBBN_from_montgomery()\fR and \fBBN_to_montgomery()\fR are available in all versions of SSLeay and OpenSSL. .PP -\&\fIBN_MONT_CTX_init()\fR and \fIBN_MONT_CTX_copy()\fR were added in SSLeay 0.9.1b. +\&\fBBN_MONT_CTX_init()\fR and \fBBN_MONT_CTX_copy()\fR were added in SSLeay 0.9.1b. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index c66a093991a..21d146e1f9a 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,24 +161,24 @@ reciprocal .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_mod_mul_reciprocal()\fR can be used to perform an efficient -\&\fIBN_mod_mul\fR\|(3) operation when the operation will be performed +\&\fBBN_mod_mul_reciprocal()\fR can be used to perform an efficient +\&\fBBN_mod_mul\fR\|(3) operation when the operation will be performed repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. .PP -\&\fIBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. -\&\fIBN_RECP_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_RECP\s0\fR. +\&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. +\&\fBBN_RECP_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_RECP\s0\fR. .PP -\&\fIBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it -was created by \fIBN_RECP_CTX_new()\fR, also the structure itself. +\&\fBBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it +was created by \fBBN_RECP_CTX_new()\fR, also the structure itself. .PP -\&\fIBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing +\&\fBBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing 1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an integer. The result and the number of bits it was shifted left will later be stored in \fBrecp\fR. .PP -\&\fIBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient +\&\fBBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient in \fBdv\fR and the remainder in \fBrem\fR. .PP The \fB\s-1BN_RECP_CTX\s0\fR structure is defined as follows: @@ -193,19 +197,19 @@ The \fB\s-1BN_RECP_CTX\s0\fR structure is defined as follows: It cannot be shared between threads. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 +\&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 on error. .PP -\&\fIBN_RECP_CTX_init()\fR and \fIBN_RECP_CTX_free()\fR have no return values. +\&\fBBN_RECP_CTX_init()\fR and \fBBN_RECP_CTX_free()\fR have no return values. .PP For the other functions, 1 is returned for success, 0 on error. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), -\&\fIBN_CTX_new\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fB\s-1BN_RECP_CTX\s0\fR was added in SSLeay 0.9.0. Before that, the function -\&\fIBN_reciprocal()\fR was used instead, and the \fIBN_mod_mul_reciprocal()\fR +\&\fBBN_reciprocal()\fR was used instead, and the \fBBN_mod_mul_reciprocal()\fR arguments were different. diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 0e71ab7b981..e84a1ea3896 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,31 +157,31 @@ BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. \fIBN_init()\fR +\&\fBBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. \fBBN_init()\fR initializes an existing uninitialized \fB\s-1BIGNUM\s0\fR. .PP -\&\fIBN_clear()\fR is used to destroy sensitive data such as keys when they +\&\fBBN_clear()\fR is used to destroy sensitive data such as keys when they are no longer needed. It erases the memory used by \fBa\fR and sets it to the value 0. .PP -\&\fIBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created -by \fIBN_new()\fR, also the structure itself. \fIBN_clear_free()\fR additionally +\&\fBBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created +by \fBBN_new()\fR, also the structure itself. \fBBN_clear_free()\fR additionally overwrites the data before the memory is returned to the system. If \fBa\fR is \s-1NULL,\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_new()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. +\&\fBBN_new()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. If the allocation fails, it returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained -by \fIERR_get_error\fR\|(3). +by \fBERR_get_error\fR\|(3). .PP -\&\fIBN_init()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR have no return +\&\fBBN_init()\fR, \fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR have no return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in -all versions on SSLeay and OpenSSL. \fIBN_init()\fR was added in SSLeay +\&\fBBN_new()\fR, \fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR are available in +all versions on SSLeay and OpenSSL. \fBBN_init()\fR was added in SSLeay 0.9.1b. diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index d4ad6e4d7eb..cf197ae0d27 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_num_bytes 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,36 +153,36 @@ BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. +\&\fBBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. .PP -\&\fIBN_num_bits_word()\fR returns the number of significant bits in a word. +\&\fBBN_num_bits_word()\fR returns the number of significant bits in a word. If we take 0x00000432 as an example, it returns 11, not 16, not 32. Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. .PP -\&\fIBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, -following the same principle as \fIBN_num_bits_word()\fR. +\&\fBBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, +following the same principle as \fBBN_num_bits_word()\fR. .PP -\&\fIBN_num_bytes()\fR is a macro. +\&\fBBN_num_bytes()\fR is a macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The size. .SH "NOTES" .IX Header "NOTES" -Some have tried using \fIBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, +Some have tried using \fBBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, \&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with the number of bits they expected (something like 512, 1024, 2048, \&...). This is because generating a number with some specific number of bits doesn't always set the highest bits, thereby making the number of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key -size\*(R" of such a key, either use functions like \fIRSA_size()\fR, \fIDH_size()\fR -and \fIDSA_size()\fR, or use \fIBN_num_bytes()\fR and multiply with 8 (although +size\*(R" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR +and \fBDSA_size()\fR, or use \fBBN_num_bytes()\fR and multiply with 8 (although there's no real guarantee that will match the \*(L"key size\*(R", just a lot more probability). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIDH_size\fR\|(3), \fIDSA_size\fR\|(3), -\&\fIRSA_size\fR\|(3) +\&\fBbn\fR\|(3), \fBDH_size\fR\|(3), \fBDSA_size\fR\|(3), +\&\fBRSA_size\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_num_bytes()\fR, \fIBN_num_bits()\fR and \fIBN_num_bits_word()\fR are available in +\&\fBBN_num_bytes()\fR, \fBBN_num_bits()\fR and \fBBN_num_bits_word()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index d74c71f0119..49835bb3656 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_rand 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +155,7 @@ BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range \- generate pseudo\ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_rand()\fR generates a cryptographically strong pseudo-random number of +\&\fBBN_rand()\fR generates a cryptographically strong pseudo-random number of \&\fBbits\fR in length and stores it in \fBrnd\fR. If \fBbits\fR is less than zero, or too small to accomodate the requirements specified by the \fBtop\fR and \fBbottom\fR @@ -164,28 +168,28 @@ numbers will always have 2*\fBbits\fR length. If \fBbottom\fR is true, the number will be odd. The value of \fBbits\fR must be zero or greater. If \fBbits\fR is 1 then \fBtop\fR cannot also be 1. .PP -\&\fIBN_pseudo_rand()\fR does the same, but pseudo-random numbers generated by +\&\fBBN_pseudo_rand()\fR does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc. .PP -\&\fIBN_rand_range()\fR generates a cryptographically strong pseudo-random +\&\fBBN_rand_range()\fR generates a cryptographically strong pseudo-random number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR. -\&\fIBN_pseudo_rand_range()\fR does the same, but is based on \fIBN_pseudo_rand()\fR, +\&\fBBN_pseudo_rand_range()\fR does the same, but is based on \fBBN_pseudo_rand()\fR, and hence numbers generated by it are not necessarily unpredictable. .PP -The \s-1PRNG\s0 must be seeded prior to calling \fIBN_rand()\fR or \fIBN_rand_range()\fR. +The \s-1PRNG\s0 must be seeded prior to calling \fBBN_rand()\fR or \fBBN_rand_range()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions return 1 on success, 0 on error. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), -\&\fIRAND_add\fR\|(3), \fIRAND_bytes\fR\|(3) +\&\fBbn\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3), +\&\fBRAND_add\fR\|(3), \fBRAND_bytes\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_rand()\fR is available in all versions of SSLeay and OpenSSL. -\&\fIBN_pseudo_rand()\fR was added in OpenSSL 0.9.5. The \fBtop\fR == \-1 case -and the function \fIBN_rand_range()\fR were added in OpenSSL 0.9.6a. -\&\fIBN_pseudo_rand_range()\fR was added in OpenSSL 0.9.6c. +\&\fBBN_rand()\fR is available in all versions of SSLeay and OpenSSL. +\&\fBBN_pseudo_rand()\fR was added in OpenSSL 0.9.5. The \fBtop\fR == \-1 case +and the function \fBBN_rand_range()\fR were added in OpenSSL 0.9.6a. +\&\fBBN_pseudo_rand_range()\fR was added in OpenSSL 0.9.6c. diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index 6f8b6831a5f..dc9d7b73bd3 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_set_bit 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,38 +161,38 @@ BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<>n)\*(C'\fR). An error occurs if \fBa\fR already is shorter than \fBn\fR bits. .PP -\&\fIBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in -\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_lshift1()\fR shifts +\&\fBBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_lshift1()\fR shifts \&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). .PP -\&\fIBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in -\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_rshift1()\fR shifts +\&\fBBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_rshift1()\fR shifts \&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). .PP For the shift functions, \fBr\fR and \fBa\fR may be the same variable. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. +\&\fBBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. .PP All other functions return 1 for success, 0 on error. The error codes -can be obtained by \fIERR_get_error\fR\|(3). +can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIBN_num_bytes\fR\|(3), \fIBN_add\fR\|(3) +\&\fBbn\fR\|(3), \fBBN_num_bytes\fR\|(3), \fBBN_add\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_set_bit()\fR, \fIBN_clear_bit()\fR, \fIBN_is_bit_set()\fR, \fIBN_mask_bits()\fR, -\&\fIBN_lshift()\fR, \fIBN_lshift1()\fR, \fIBN_rshift()\fR, and \fIBN_rshift1()\fR are available +\&\fBBN_set_bit()\fR, \fBBN_clear_bit()\fR, \fBBN_is_bit_set()\fR, \fBBN_mask_bits()\fR, +\&\fBBN_lshift()\fR, \fBBN_lshift1()\fR, \fBBN_rshift()\fR, and \fBBN_rshift1()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 index 6971ce1be2b..f2b96aa68e6 100644 --- a/secure/lib/libcrypto/man/BN_swap.3 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_swap 3" -.TH BN_swap 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_swap 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,9 +149,9 @@ BN_swap \- exchange BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. +\&\fBBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. .PP -\&\fIbn\fR\|(3) +\&\fBbn\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" BN_swap was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index 374041e1137..7e3db12c465 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH BN_zero 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,35 +159,35 @@ operations \&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimied for the most efficient implementation on the local platform. .PP -\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR set \fBa\fR to the values 0, 1 and -\&\fBw\fR respectively. \fIBN_zero()\fR and \fIBN_one()\fR are macros. +\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR set \fBa\fR to the values 0, 1 and +\&\fBw\fR respectively. \fBBN_zero()\fR and \fBBN_one()\fR are macros. .PP -\&\fIBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant +\&\fBBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant is useful for use in comparisons and assignment. .PP -\&\fIBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. +\&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot +\&\fBBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot be represented as a \fB\s-1BN_ULONG\s0\fR. .PP -\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR return 1 on success, 0 otherwise. -\&\fIBN_value_one()\fR returns the constant. +\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR return 1 on success, 0 otherwise. +\&\fBBN_value_one()\fR returns the constant. .SH "BUGS" .IX Header "BUGS" If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide -with the error condition returned by \fIBN_get_word()\fR which uses that +with the error condition returned by \fBBN_get_word()\fR which uses that as an error value. .PP \&\fB\s-1BN_ULONG\s0\fR should probably be a typedef. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIBN_bn2bin\fR\|(3) +\&\fBbn\fR\|(3), \fBBN_bn2bin\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR are available in all versions of -SSLeay and OpenSSL. \fIBN_value_one()\fR and \fIBN_get_word()\fR were added in +\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR are available in all versions of +SSLeay and OpenSSL. \fBBN_value_one()\fR and \fBBN_get_word()\fR were added in SSLeay 0.8. .PP -\&\fIBN_value_one()\fR was changed to return a true const \s-1BIGNUM\s0 * in OpenSSL +\&\fBBN_value_one()\fR was changed to return a true const \s-1BIGNUM\s0 * in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3 index f9e15ff5880..c111605ec24 100644 --- a/secure/lib/libcrypto/man/CMS_add0_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add0_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add0_cert 3" -.TH CMS_add0_cert 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_add0_cert 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,12 +155,12 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_add0_cert()\fR and \fICMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. +\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. must be of type signed data or enveloped data. .PP -\&\fICMS_get1_certs()\fR returns all certificates in \fBcms\fR. +\&\fBCMS_get1_certs()\fR returns all certificates in \fBcms\fR. .PP -\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR +\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fBCMS_get1_crls()\fR returns any CRLs in \fBcms\fR. .SH "NOTES" .IX Header "NOTES" @@ -167,26 +171,26 @@ For signed data certificates and CRLs are added to the \fBcertificates\fR and \&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to \&\fBOriginatorInfo\fR. .PP -As the \fB0\fR implies \fICMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it -must not be freed up after the call as opposed to \fICMS_add1_cert()\fR where \fBcert\fR +As the \fB0\fR implies \fBCMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it +must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fBcert\fR must be freed up. .PP The same certificate or \s-1CRL\s0 must not be added to the same cms structure more than once. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR and \fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR return +\&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return 1 for success and 0 for failure. .PP -\&\fICMS_get1_certs()\fR and \fICMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs +\&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur in practice is if the \fBcms\fR type is invalid. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fICMS_sign\fR\|(3), -\&\fICMS_encrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR, \fICMS_get1_certs()\fR, \fICMS_add0_crl()\fR -and \fICMS_get1_crls()\fR were all first added to OpenSSL 0.9.8 +\&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR, \fBCMS_get1_certs()\fR, \fBCMS_add0_crl()\fR +and \fBCMS_get1_crls()\fR were all first added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 index c74917838ac..39841d1ee81 100644 --- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add1_recipient_cert 3" -.TH CMS_add1_recipient_cert 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_add1_recipient_cert 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,20 +153,20 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped +\&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped data structure \fBcms\fR as a KeyTransRecipientInfo structure. .PP -\&\fICMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using +\&\fBCMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped data structure \fBcms\fR as a KEKRecipientInfo structure. .PP The CMS_ContentInfo structure should be obtained from an initial call to -\&\fICMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. +\&\fBCMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. .SH "NOTES" .IX Header "NOTES" The main purpose of this function is to provide finer control over a \s-1CMS\s0 -enveloped data structure where the simpler \fICMS_encrypt()\fR function defaults are +enveloped data structure where the simpler \fBCMS_encrypt()\fR function defaults are not appropriate. For example if one or more KEKRecipientInfo structures need to be added. New attributes can also be added using the returned CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. @@ -178,14 +182,14 @@ If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be consistent with \fBkeylen\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR return an internal +\&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR return an internal pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3), -\&\fICMS_final\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3), +\&\fBCMS_final\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR were added to OpenSSL +\&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR were added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3 index 10b38feec56..2374f4ec747 100644 --- a/secure/lib/libcrypto/man/CMS_add1_signer.3 +++ b/secure/lib/libcrypto/man/CMS_add1_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add1_signer 3" -.TH CMS_add1_signer 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_add1_signer 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,12 +153,12 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +\&\fBCMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData structure \fBcms\fR. .PP The CMS_ContentInfo structure should be obtained from an initial call to -\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a +\&\fBCMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a valid CMS_ContentInfo SignedData structure. .PP If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public @@ -162,15 +166,15 @@ key algorithm will be used. .PP Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo structure is not complete and must be finalized either by streaming (if -applicable) or a call to \fICMS_final()\fR. +applicable) or a call to \fBCMS_final()\fR. .PP -The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo +The \fBCMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags are both set. .SH "NOTES" .IX Header "NOTES" -The main purpose of \fICMS_add1_signer()\fR is to provide finer control -over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults +The main purpose of \fBCMS_add1_signer()\fR is to provide finer control +over a \s-1CMS\s0 signed data structure where the simpler \fBCMS_sign()\fR function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. New attributes can also be added using the returned CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the @@ -187,7 +191,7 @@ flag is set. .PP If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the CMS_SignerInfo structure will not be finalized so additional attributes -can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is +can be added. In this case an explicit call to \fBCMS_SignerInfo_sign()\fR is needed to finalize it. .PP If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the @@ -213,17 +217,17 @@ bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bi If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is not loaded. .PP -\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo structure just added, this can be used to set additional attributes before it is finalized. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_final\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_final\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_add1_signer()\fR was added to OpenSSL 0.9.8 +\&\fBCMS_add1_signer()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3 index c51158e41b0..c2d9a1f69db 100644 --- a/secure/lib/libcrypto/man/CMS_compress.3 +++ b/secure/lib/libcrypto/man/CMS_compress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_compress 3" -.TH CMS_compress 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_compress 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ CMS_compress \- create a CMS CompressedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR +\&\fBCMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR is the compression algorithm to use or \fBNID_undef\fR to use the default algorithm (zlib compression). \fBin\fR is the content to be compressed. \&\fBflags\fR is an optional set of flags. @@ -154,7 +158,7 @@ algorithm (zlib compression). \fBin\fR is the content to be compressed. The only currently supported compression algorithm is zlib using the \s-1NID\s0 NID_zlib_compression. .PP -If zlib support is not compiled into OpenSSL then \fICMS_compress()\fR will return +If zlib support is not compiled into OpenSSL then \fBCMS_compress()\fR will return an error. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are @@ -171,7 +175,7 @@ returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\f .PP The compressed data is included in the CMS_ContentInfo structure, unless \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in -practice and is not supported by \fISMIME_write_CMS()\fR. +practice and is not supported by \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is @@ -179,21 +183,21 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP -Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, -\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fIBIO_new_CMS()\fR. +\&\fBBIO_new_CMS()\fR. .PP Additional compression parameters such as the zlib compression level cannot currently be set. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_uncompress\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_uncompress\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_compress()\fR was added to OpenSSL 0.9.8 +\&\fBCMS_compress()\fR was added to OpenSSL 0.9.8 The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3 index 7c598177cc6..42d14a06dba 100644 --- a/secure/lib/libcrypto/man/CMS_decrypt.3 +++ b/secure/lib/libcrypto/man/CMS_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_decrypt 3" -.TH CMS_decrypt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_decrypt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData +\&\fBCMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. @@ -156,7 +160,7 @@ The \fBdcont\fR parameter is used in the rare case where the encrypted content is detached. It will normally be set to \s-1NULL.\s0 .SH "NOTES" .IX Header "NOTES" -\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this +\&\fBOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this function or errors about unknown algorithms will occur. .PP Although the recipients certificate is not needed to decrypt the data it is @@ -168,7 +172,7 @@ is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on \&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or not. If no recipient succeeds then a random symmetric key is used to decrypt the content: this will typically output garbage and may (but is not guaranteed -to) ultimately return a padding error only. If \fICMS_decrypt()\fR just returned an +to) ultimately return a padding error only. If \fBCMS_decrypt()\fR just returned an error when all recipient encrypted keys failed to decrypt an attacker could use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set then the above behaviour is modified and an error \fBis\fR returned if no @@ -179,11 +183,11 @@ open to attack. .PP It is possible to determine the correct recipient key by other means (for example looking them up in a database) and setting them in the \s-1CMS\s0 structure -in advance using the \s-1CMS\s0 utility functions such as \fICMS_set1_pkey()\fR. In this +in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR. In this case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0 .PP -To process KEKRecipientInfo types \fICMS_set1_key()\fR or \fICMS_RecipientInfo_set0_key()\fR -and \fICMS_ReceipientInfo_decrypt()\fR should be called before \fICMS_decrypt()\fR and +To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR +and \fBCMS_ReceipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and \&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0 .PP The following flags can be passed in the \fBflags\fR parameter. @@ -193,15 +197,15 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_decrypt()\fR returns either 1 for success or 0 for failure. -The error can be obtained from \fIERR_get_error\fR\|(3) +\&\fBCMS_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The lack of single pass processing and the need to hold all data in memory as -mentioned in \fICMS_verify()\fR also applies to \fICMS_decrypt()\fR. +mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decrypt()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_decrypt()\fR was added to OpenSSL 0.9.8 +\&\fBCMS_decrypt()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3 index 4f62999cb3f..358ea0d271c 100644 --- a/secure/lib/libcrypto/man/CMS_encrypt.3 +++ b/secure/lib/libcrypto/man/CMS_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_encrypt 3" -.TH CMS_encrypt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_encrypt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR +\&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR is a list of recipient certificates. \fBin\fR is the content to be encrypted. \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. .SH "NOTES" @@ -155,7 +159,7 @@ is a list of recipient certificates. \fBin\fR is the content to be encrypted. Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this function. .PP -\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because most clients will support it. .PP The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of @@ -164,7 +168,7 @@ its parameters. Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to -\&\fICMS_encrypt()\fR. +\&\fBCMS_encrypt()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP @@ -191,7 +195,7 @@ finalization. .PP The data being encrypted is included in the CMS_ContentInfo structure, unless \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in -practice and is not supported by \fISMIME_write_CMS()\fR. +practice and is not supported by \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is @@ -199,25 +203,25 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP -Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, -\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fIBIO_new_CMS()\fR. +\&\fBBIO_new_CMS()\fR. .PP The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR -and \fICMS_add0_recipient_key()\fR. +and \fBCMS_add0_recipient_key()\fR. .PP The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients -added later using \fICMS_add1_recipient_cert()\fR or \fICMS_add0_recipient_key()\fR. +added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_decrypt()\fR was added to OpenSSL 0.9.8 +\&\fBCMS_decrypt()\fR was added to OpenSSL 0.9.8 The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3 index 8a24886f693..aa7e7aea5da 100644 --- a/secure/lib/libcrypto/man/CMS_final.3 +++ b/secure/lib/libcrypto/man/CMS_final.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_final 3" -.TH CMS_final 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_final 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_final()\fR finalises the structure \fBcms\fR. It's purpose is to perform any +\&\fBCMS_final()\fR finalises the structure \fBcms\fR. It's purpose is to perform any operations necessary on \fBcms\fR (digest computation for example) and set the appropriate fields. The parameter \fBdata\fR contains the content to be processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after @@ -160,11 +164,11 @@ should only be used when streaming is not performed because the streaming I/O functions perform finalisation operations internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_final()\fR returns 1 for success or 0 for failure. +\&\fBCMS_final()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_encrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_final()\fR was added to OpenSSL 0.9.8 +\&\fBCMS_final()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 index 714e74fb7da..4d0f1f26ee6 100644 --- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_RecipientInfos 3" -.TH CMS_get0_RecipientInfos 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_get0_RecipientInfos 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,27 +161,27 @@ CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_sig .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fICMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo +The function \fBCMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo structures associated with a \s-1CMS\s0 EnvelopedData structure. .PP -\&\fICMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. +\&\fBCMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0 .PP -\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient +\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in \&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. .PP -\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the +\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 It returns zero if the comparison is successful and non zero if not. .PP -\&\fICMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with +\&\fBCMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type \&\s-1CMS_RECIPINFO_TRANS.\s0 .PP -\&\fICMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the +\&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any of the remaining parameters can be \s-1NULL\s0 if the application is not interested in the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written @@ -187,61 +191,61 @@ present is written to \fBpdate\fR, if the \fBother\fR field is present the compo \&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and \&\fBpothertype\fR. .PP -\&\fICMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR +\&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_KEK.\s0 It returns zero if the comparison is successful and non zero if not. .PP -\&\fICMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length +\&\fBCMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length \&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type \&\s-1CMS_RECIPINFO_KEK.\s0 .PP -\&\fICMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure +\&\fBCMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure \&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure first. .PP -\&\fICMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure +\&\fBCMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure \&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure first and the content encryption key must be available: for example by a -previous call to \fICMS_RecipientInfo_decrypt()\fR. +previous call to \fBCMS_RecipientInfo_decrypt()\fR. .SH "NOTES" .IX Header "NOTES" The main purpose of these functions is to enable an application to lookup recipient keys using any appropriate technique when the simpler method -of \fICMS_decrypt()\fR is not appropriate. +of \fBCMS_decrypt()\fR is not appropriate. .PP In typical usage and application will retrieve all CMS_RecipientInfo structures -using \fICMS_get0_RecipientInfos()\fR and check the type of each using -\&\fICMS_RecpientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure +using \fBCMS_get0_RecipientInfos()\fR and check the type of each using +\&\fBCMS_RecpientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure can be ignored or its key identifier data retrieved using an appropriate function. Then if the corresponding secret or private key can be obtained by any appropriate means it can then associated with the structure and -\&\fICMS_RecpientInfo_decrypt()\fR called. If successful \fICMS_decrypt()\fR can be called +\&\fBCMS_RecpientInfo_decrypt()\fR called. If successful \fBCMS_decrypt()\fR can be called with a \s-1NULL\s0 key to decrypt the enveloped content. .PP -The \fICMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an +The \fBCMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an existing enveloped data structure. Typically an application will first decrypt an appropriate CMS_RecipientInfo structure to make the content encrypt key available, it will then add a new recipient using a function such as -\&\fICMS_add1_recipient_cert()\fR and finally encrypt the content encryption key -using \fICMS_RecipientInfo_encrypt()\fR. +\&\fBCMS_add1_recipient_cert()\fR and finally encrypt the content encryption key +using \fBCMS_RecipientInfo_encrypt()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if +\&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if an error occurs. .PP -\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR, \fICMS_RecipientInfo_set0_pkey()\fR, -\&\fICMS_RecipientInfo_kekri_get0_id()\fR, \fICMS_RecipientInfo_set0_key()\fR and -\&\fICMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. -\&\fICMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. +\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR, \fBCMS_RecipientInfo_set0_pkey()\fR, +\&\fBCMS_RecipientInfo_kekri_get0_id()\fR, \fBCMS_RecipientInfo_set0_key()\fR and +\&\fBCMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. +\&\fBCMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. .PP -\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR and \fICMS_RecipientInfo_kekri_cmp()\fR return 0 +\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR and \fBCMS_RecipientInfo_kekri_cmp()\fR return 0 for a successful comparison and non zero otherwise. .PP -Any error can be obtained from \fIERR_get_error\fR\|(3). +Any error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 index 87a7f0b57cd..54246bf1051 100644 --- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_SignerInfos 3" -.TH CMS_get0_SignerInfos 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_get0_SignerInfos 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,59 +154,59 @@ CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signatu .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fICMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures +The function \fBCMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures associated with a \s-1CMS\s0 signedData structure. .PP -\&\fICMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier +\&\fBCMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. .PP -\&\fICMS_SignerInfo_get0_signature()\fR retrieves the signature associated with +\&\fBCMS_SignerInfo_get0_signature()\fR retrieves the signature associated with \&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned corresponds to the internal signature value if \fBsi\fR so it may be read or modified. .PP -\&\fICMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer +\&\fBCMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer identifier \fBsi\fR. It returns zero if the comparison is successful and non zero if not. .PP -\&\fICMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to +\&\fBCMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to \&\fBsigner\fR. .SH "NOTES" .IX Header "NOTES" The main purpose of these functions is to enable an application to lookup signers certificates using any appropriate technique when the simpler method -of \fICMS_verify()\fR is not appropriate. +of \fBCMS_verify()\fR is not appropriate. .PP In typical usage and application will retrieve all CMS_SignerInfo structures -using \fICMS_get0_SignerInfo()\fR and retrieve the identifier information using +using \fBCMS_get0_SignerInfo()\fR and retrieve the identifier information using \&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means (or return and error if it cannot be found) and set it using -\&\fICMS_SignerInfo_set1_signer_cert()\fR. +\&\fBCMS_SignerInfo_set1_signer_cert()\fR. .PP -Once all signer certificates have been set \fICMS_verify()\fR can be used. +Once all signer certificates have been set \fBCMS_verify()\fR can be used. .PP -Although \fICMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if +Although \fBCMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if there are no signers this is not a problem in practice because the only error which can occur is if the \fBcms\fR structure is not of type signedData due to application error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there +\&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there are no signers or an error occurs. .PP -\&\fICMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. +\&\fBCMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. .PP -\&\fICMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non +\&\fBCMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non zero otherwise. .PP -\&\fICMS_SignerInfo_set1_signer_cert()\fR does not return a value. +\&\fBCMS_SignerInfo_set1_signer_cert()\fR does not return a value. .PP -Any error can be obtained from \fIERR_get_error\fR\|(3) +Any error can be obtained from \fBERR_get_error\fR\|(3) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3 index 9b86e1338d4..6b658497cf9 100644 --- a/secure/lib/libcrypto/man/CMS_get0_type.3 +++ b/secure/lib/libcrypto/man/CMS_get0_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_type 3" -.TH CMS_get0_type 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_get0_type 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,29 +154,29 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as +\&\fBCMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as and \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value. .PP -\&\fICMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo +\&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo structure. It should be called with \s-1CMS\s0 functions with the \fB\s-1CMS_PARTIAL\s0\fR flag and \fBbefore\fR the structure is finalised, otherwise the results are undefined. .PP -\&\s-1ASN1_OBJECT\s0 *\fICMS_get0_eContentType()\fR returns a pointer to the embedded +\&\s-1ASN1_OBJECT\s0 *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded content type. .PP -\&\fICMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer +\&\fBCMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer containing the embedded content. .SH "NOTES" .IX Header "NOTES" -As the \fB0\fR implies \fICMS_get0_type()\fR, \fICMS_get0_eContentType()\fR and -\&\fICMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. -\&\fICMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up +As the \fB0\fR implies \fBCMS_get0_type()\fR, \fBCMS_get0_eContentType()\fR and +\&\fBCMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. +\&\fBCMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up after use. .PP The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value -using \fIOBJ_obj2nid()\fR. For the currently supported content types the following +using \fBOBJ_obj2nid()\fR. For the currently supported content types the following values are returned: .PP .Vb 6 @@ -184,7 +188,7 @@ values are returned: \& NID_pkcs7_enveloped .Ve .PP -The return value of \fICMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR +The return value of \fBCMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR content pointer. That means that for example: .PP .Vb 1 @@ -197,14 +201,14 @@ using this function. Applications usually will not need to modify the embedded content as it is normally set by higher level functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_get0_type()\fR and \fICMS_get0_eContentType()\fR return and \s-1ASN1_OBJECT\s0 structure. +\&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return and \s-1ASN1_OBJECT\s0 structure. .PP -\&\fICMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The -error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBCMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The +error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_get0_type()\fR, \fICMS_set1_eContentType()\fR and \fICMS_get0_eContentType()\fR were all +\&\fBCMS_get0_type()\fR, \fBCMS_set1_eContentType()\fR and \fBCMS_get0_eContentType()\fR were all first added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 index 34b50298444..e62018f506e 100644 --- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 +++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get1_ReceiptRequest 3" -.TH CMS_get1_ReceiptRequest 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_get1_ReceiptRequest 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +154,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The +\&\fBCMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The \&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0 the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of @@ -158,13 +162,13 @@ the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBr option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the \&\fBreceiptsTo\fR field value. .PP -The \fICMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR +The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR to SignerInfo structure \fBsi\fR. .PP -int \fICMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if +int \fBCMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if any is found it is decoded and written to \fBprr\fR. .PP -\&\fICMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. +\&\fBCMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR @@ -175,24 +179,24 @@ For more details of the meaning of the fields see \s-1RFC2634.\s0 .PP The contents of a signed receipt should only be considered meaningful if the corresponding CMS_ContentInfo structure can be successfully verified using -\&\fICMS_verify()\fR. +\&\fBCMS_verify()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or +\&\fBCMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or \&\s-1NULL\s0 if an error occurred. .PP -\&\fICMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. +\&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. .PP -\&\fICMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and +\&\fBCMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and decoded. It returns 0 if a signed receipt request is not present and \-1 if it is present but malformed. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_sign_receipt\fR\|(3), \fICMS_verify\fR\|(3) -\&\fICMS_verify_receipt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3) +\&\fBCMS_verify_receipt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_ReceiptRequest_create0()\fR, \fICMS_add1_ReceiptRequest()\fR, -\&\fICMS_get1_ReceiptRequest()\fR and \fICMS_ReceiptRequest_get0_values()\fR were added to +\&\fBCMS_ReceiptRequest_create0()\fR, \fBCMS_add1_ReceiptRequest()\fR, +\&\fBCMS_get1_ReceiptRequest()\fR and \fBCMS_ReceiptRequest_get0_values()\fR were added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3 index 9922f49176e..6c74f5dae25 100644 --- a/secure/lib/libcrypto/man/CMS_sign.3 +++ b/secure/lib/libcrypto/man/CMS_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign 3" -.TH CMS_sign 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_sign 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is +\&\fBCMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding private key. \&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). Any or all of @@ -213,10 +217,10 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP -Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, -\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fIBIO_new_CMS()\fR. +\&\fBBIO_new_CMS()\fR. .PP If a signer is specified it will use the default digest for the signing algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. @@ -224,26 +228,26 @@ algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is output. .PP -The function \fICMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be +The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be suitable for many purposes. For finer control of the output format the \&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the \&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the -function \fICMS_sign_add1_signer()\fR, non default digests can be used and custom -attributes added. \fB\f(BICMS_final()\fB\fR must then be called to finalize the +function \fBCMS_sign_add1_signer()\fR, non default digests can be used and custom +attributes added. \fB\fBCMS_final()\fB\fR must then be called to finalize the structure if streaming is not enabled. .SH "BUGS" .IX Header "BUGS" Some attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBCMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_sign()\fR was added to OpenSSL 0.9.8 +\&\fBCMS_sign()\fR was added to OpenSSL 0.9.8 .PP The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, it is supported for embedded data in OpenSSL 1.0.0 and later. diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3 index a71101b1379..248db1b518f 100644 --- a/secure/lib/libcrypto/man/CMS_sign_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign_receipt 3" -.TH CMS_sign_receipt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_sign_receipt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is +\&\fBCMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is the \fBCMS_SignerInfo\fR structure containing the signed receipt request. \&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding private key. \fBcerts\fR is an optional additional set of certificates to include @@ -156,19 +160,19 @@ in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). \&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -This functions behaves in a similar way to \fICMS_sign()\fR except the flag values +This functions behaves in a similar way to \fBCMS_sign()\fR except the flag values \&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not supported since they do not make sense in the context of signed receipts. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if -an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if +an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fICMS_verify_receipt\fR\|(3), -\&\fICMS_sign\fR\|(3) +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_verify_receipt\fR\|(3), +\&\fBCMS_sign\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_sign_receipt()\fR was added to OpenSSL 0.9.8 +\&\fBCMS_sign_receipt()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3 index 94ca7aa6403..d9d5a840093 100644 --- a/secure/lib/libcrypto/man/CMS_uncompress.3 +++ b/secure/lib/libcrypto/man/CMS_uncompress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_uncompress 3" -.TH CMS_uncompress 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_uncompress 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 +\&\fBCMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. .PP @@ -158,7 +162,7 @@ is detached. It will normally be set to \s-1NULL.\s0 The only currently supported compression algorithm is zlib: if the structure indicates the use of any other algorithm an error is returned. .PP -If zlib support is not compiled into OpenSSL then \fICMS_uncompress()\fR will always +If zlib support is not compiled into OpenSSL then \fBCMS_uncompress()\fR will always return an error. .PP The following flags can be passed in the \fBflags\fR parameter. @@ -168,15 +172,15 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can -be obtained from \fIERR_get_error\fR\|(3) +\&\fBCMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can +be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The lack of single pass processing and the need to hold all data in memory as -mentioned in \fICMS_verify()\fR also applies to \fICMS_decompress()\fR. +mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_compress\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_compress\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_uncompress()\fR was added to OpenSSL 0.9.8 +\&\fBCMS_uncompress()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3 index ed52dcc02a3..9e56831249b 100644 --- a/secure/lib/libcrypto/man/CMS_verify.3 +++ b/secure/lib/libcrypto/man/CMS_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify 3" -.TH CMS_verify 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_verify 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo +\&\fBCMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo structure to verify. \fBcerts\fR is a set of certificates in which to search for the signing certificate(s). \fBstore\fR is a trusted certificate store used for chain verification. \fBindata\fR is the detached content if the content is not @@ -156,8 +160,8 @@ present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL. \&\fBflags\fR is an optional set of flags, which can be used to modify the verify operation. .PP -\&\fICMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must -be called after a successful \fICMS_verify()\fR operation. +\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must +be called after a successful \fBCMS_verify()\fR operation. .SH "VERIFY PROCESS" .IX Header "VERIFY PROCESS" Normally the verify process proceeds as follows. @@ -229,12 +233,12 @@ signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_verify()\fR returns 1 for a successful verification and zero if an error +\&\fBCMS_verify()\fR returns 1 for a successful verification and zero if an error occurred. .PP -\&\fICMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. +\&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. .PP -The error can be obtained from \fIERR_get_error\fR\|(3) +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The trusted certificate store is not searched for the signing certificate, @@ -245,7 +249,7 @@ The lack of single pass processing means that the signed content must all be held in memory if it is not detached. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_verify()\fR was added to OpenSSL 0.9.8 +\&\fBCMS_verify()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3 index cd983674826..8911c991320 100644 --- a/secure/lib/libcrypto/man/CMS_verify_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify_receipt 3" -.TH CMS_verify_receipt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS_verify_receipt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed +\&\fBCMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed receipt to verify. \fBocms\fR is the original SignedData structure containing the receipt request. \fBcerts\fR is a set of certificates in which to search for the signing certificate. \fBstore\fR is a trusted certificate store (used for chain @@ -157,20 +161,20 @@ verification). operation. .SH "NOTES" .IX Header "NOTES" -This functions behaves in a similar way to \fICMS_verify()\fR except the flag values +This functions behaves in a similar way to \fBCMS_verify()\fR except the flag values \&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not supported since they do not make sense in the context of signed receipts. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_verify_receipt()\fR returns 1 for a successful verification and zero if an +\&\fBCMS_verify_receipt()\fR returns 1 for a successful verification and zero if an error occurred. .PP -The error can be obtained from \fIERR_get_error\fR\|(3) +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), -\&\fICMS_sign_receipt\fR\|(3), -\&\fICMS_verify\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign_receipt\fR\|(3), +\&\fBCMS_verify\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_verify_receipt()\fR was added to OpenSSL 0.9.8 +\&\fBCMS_verify_receipt()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3 index f3ae69fde74..9985d04f67c 100644 --- a/secure/lib/libcrypto/man/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/CONF_modules_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_free 3" -.TH CONF_modules_free 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CONF_modules_free 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,27 +154,27 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICONF_modules_free()\fR closes down and frees up all memory allocated by all +\&\fBCONF_modules_free()\fR closes down and frees up all memory allocated by all configuration modules. .PP -\&\fICONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler +\&\fBCONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler to free up any configuration that module may have performed. .PP -\&\fICONF_modules_unload()\fR finishes and unloads configuration modules. If +\&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If \&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If \&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded. .SH "NOTES" .IX Header "NOTES" -Normally applications will only call \fICONF_modules_free()\fR at application to +Normally applications will only call \fBCONF_modules_free()\fR at application to tidy up any configuration performed. .SH "RETURN VALUE" .IX Header "RETURN VALUE" None of the functions return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIconf\fR\|(5), \fIOPENSSL_config\fR\|(3), -\&\fICONF_modules_load_file\fR\|(3) +\&\fBconf\fR\|(5), \fBOPENSSL_config\fR\|(3), +\&\fBCONF_modules_load_file\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICONF_modules_free()\fR, \fICONF_modules_unload()\fR, and \fICONF_modules_finish()\fR +\&\fBCONF_modules_free()\fR, \fBCONF_modules_unload()\fR, and \fBCONF_modules_finish()\fR first appeared in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3 index 61a8cf00e46..5bb5c6cc0db 100644 --- a/secure/lib/libcrypto/man/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_load_file 3" -.TH CONF_modules_load_file 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CONF_modules_load_file 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,13 +154,13 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fICONF_modules_load_file()\fR configures OpenSSL using file +The function \fBCONF_modules_load_file()\fR configures OpenSSL using file \&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0 the standard OpenSSL configuration file is used. If \fBappname\fR is \&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used. The behaviour can be cutomized using \fBflags\fR. .PP -\&\fICONF_modules_load()\fR is idential to \fICONF_modules_load_file()\fR except it +\&\fBCONF_modules_load()\fR is idential to \fBCONF_modules_load_file()\fR except it reads configuration information from \fBcnf\fR. .SH "NOTES" .IX Header "NOTES" @@ -172,7 +176,7 @@ Normally any modules errors will add error information to the error queue. If If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is disabled. .PP -\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fICONF_load_modules_file()\fR +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fBCONF_load_modules_file()\fR ignore missing configuration files. Normally a missing configuration file return an error. .PP @@ -180,12 +184,12 @@ return an error. default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. .PP Applications should call these functions after loading builtin modules using -\&\fIOPENSSL_load_builtin_modules()\fR, any ENGINEs for example using -\&\fIENGINE_load_builtin_engines()\fR, any algorithms for example -\&\fIOPENSSL_add_all_algorithms()\fR and (if the application uses libssl) -\&\fISSL_library_init()\fR. +\&\fBOPENSSL_load_builtin_modules()\fR, any ENGINEs for example using +\&\fBENGINE_load_builtin_engines()\fR, any algorithms for example +\&\fBOPENSSL_add_all_algorithms()\fR and (if the application uses libssl) +\&\fBSSL_library_init()\fR. .PP -By using \fICONF_modules_load_file()\fR with appropriate flags an application can +By using \fBCONF_modules_load_file()\fR with appropriate flags an application can customise application configuration to best suit its needs. In some cases the use of a configuration file is optional and its absence is not an error: in this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. @@ -195,7 +199,7 @@ applications. For example in some cases an error may simply print out a warning message and the application continue. In other cases an application might consider a configuration file error as fatal and exit immediately. .PP -Applications can use the \fICONF_modules_load()\fR function if they wish to load a +Applications can use the \fBCONF_modules_load()\fR function if they wish to load a configuration file themselves and have finer control over how errors are treated. .SH "EXAMPLES" @@ -266,8 +270,8 @@ failure. If module errors are not ignored the return code will reflect the return value of the failing module (this will always be zero or negative). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIconf\fR\|(5), \fIOPENSSL_config\fR\|(3), -\&\fICONF_free\fR\|(3), \fIerr\fR\|(3) +\&\fBconf\fR\|(5), \fBOPENSSL_config\fR\|(3), +\&\fBCONF_free\fR\|(3), \fBerr\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" CONF_modules_load_file and CONF_modules_load first appeared in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 index 9fa783393e0..7924eb7e0de 100644 --- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,30 +156,30 @@ These functions are used internally by OpenSSL to manipulate application specific data attached to a specific structure. .PP These functions should only be used by applications to manipulate -\&\fB\s-1CRYPTO_EX_DATA\s0\fR structures passed to the \fB\f(BInew_func()\fB\fR, \fB\f(BIfree_func()\fB\fR and -\&\fB\f(BIdup_func()\fB\fR callbacks: as passed to \fB\f(BIRSA_get_ex_new_index()\fB\fR for example. +\&\fB\s-1CRYPTO_EX_DATA\s0\fR structures passed to the \fB\fBnew_func()\fB\fR, \fB\fBfree_func()\fB\fR and +\&\fB\fBdup_func()\fB\fR callbacks: as passed to \fB\fBRSA_get_ex_new_index()\fB\fR for example. .PP -\&\fB\f(BICRYPTO_set_ex_data()\fB\fR is used to set application specific data, the data is +\&\fB\fBCRYPTO_set_ex_data()\fB\fR is used to set application specific data, the data is supplied in the \fBarg\fR parameter and its precise meaning is up to the application. .PP -\&\fB\f(BICRYPTO_get_ex_data()\fB\fR is used to retrieve application specific data. The data +\&\fB\fBCRYPTO_get_ex_data()\fB\fR is used to retrieve application specific data. The data is returned to the application, this will be the same value as supplied to -a previous \fB\f(BICRYPTO_set_ex_data()\fB\fR call. +a previous \fB\fBCRYPTO_set_ex_data()\fB\fR call. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fB\f(BICRYPTO_set_ex_data()\fB\fR returns 1 on success or 0 on failure. +\&\fB\fBCRYPTO_set_ex_data()\fB\fR returns 1 on success or 0 on failure. .PP -\&\fB\f(BICRYPTO_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also +\&\fB\fBCRYPTO_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also be valid application data but currently it can only fail if given an invalid \fBidx\fR parameter. .PP -On failure an error code can be obtained from \fIERR_get_error\fR\|(3). +On failure an error code can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRSA_get_ex_new_index\fR\|(3), -\&\fIDSA_get_ex_new_index\fR\|(3), -\&\fIDH_get_ex_new_index\fR\|(3) +\&\fBRSA_get_ex_new_index\fR\|(3), +\&\fBDSA_get_ex_new_index\fR\|(3), +\&\fBDH_get_ex_new_index\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fICRYPTO_set_ex_data()\fR and \fICRYPTO_get_ex_data()\fR have been available since SSLeay 0.9.0. +\&\fBCRYPTO_set_ex_data()\fR and \fBCRYPTO_get_ex_data()\fR have been available since SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index d713790077d..e8e1c766b31 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DH_generate_key 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,32 +151,32 @@ DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_generate_key()\fR performs the first step of a Diffie-Hellman key +\&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key exchange by generating private and public \s-1DH\s0 values. By calling -\&\fIDH_compute_key()\fR, these are combined with the other party's public +\&\fBDH_compute_key()\fR, these are combined with the other party's public value to compute the shared key. .PP -\&\fIDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters +\&\fBDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters \&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value unless \fBdh\->priv_key\fR is already set, and computes the corresponding public value \fBdh\->pub_key\fR, which can then be published. .PP -\&\fIDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value +\&\fBDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDH_generate_key()\fR returns 1 on success, 0 otherwise. +\&\fBDH_generate_key()\fR returns 1 on success, 0 otherwise. .PP -\&\fIDH_compute_key()\fR returns the size of the shared secret on success, \-1 +\&\fBDH_compute_key()\fR returns the size of the shared secret on success, \-1 on error. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIDH_size\fR\|(3) +\&\fBdh\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3), \fBDH_size\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions +\&\fBDH_generate_key()\fR and \fBDH_compute_key()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index 7156bbe640a..b4e26cc956e 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DH_generate_parameters 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,22 +159,22 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can +\&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR structure. The pseudo-random number generator must be -seeded prior to calling \fIDH_generate_parameters()\fR. +seeded prior to calling \fBDH_generate_parameters()\fR. .PP \&\fBprime_len\fR is the length in bits of the safe prime to be generated. \&\fBgenerator\fR is a small number > 1, typically 2 or 5. .PP A callback function may be used to provide feedback about the progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be -called as described in \fIBN_generate_prime\fR\|(3) while a random prime +called as described in \fBBN_generate_prime\fR\|(3) while a random prime number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR -is called. See \fIBN_generate_prime\fR\|(3) for information on -the \fIBN_GENCB_call()\fR function. +is called. See \fBBN_generate_prime\fR\|(3) for information on +the \fBBN_GENCB_call()\fR function. .PP -\&\fIDH_check()\fR validates Diffie-Hellman parameters. It checks that \fBp\fR is +\&\fBDH_check()\fR validates Diffie-Hellman parameters. It checks that \fBp\fR is a safe prime, and that \fBg\fR is a suitable generator. In the case of an error, the bit flags \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0 or \&\s-1DH_NOT_SUITABLE_GENERATOR\s0 are set in \fB*codes\fR. @@ -178,19 +182,19 @@ error, the bit flags \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0 or checked, i.e. it does not equal 2 or 5. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDH_generate_parameters_ex()\fR and \fIDH_check()\fR return 1 if the check could be +\&\fBDH_generate_parameters_ex()\fR and \fBDH_check()\fR return 1 if the check could be performed, 0 otherwise. .PP -\&\fIDH_generate_parameters()\fR (deprecated) returns a pointer to the \s-1DH\s0 structure, or +\&\fBDH_generate_parameters()\fR (deprecated) returns a pointer to the \s-1DH\s0 structure, or \&\s-1NULL\s0 if the parameter generation fails. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" -\&\fIDH_generate_parameters_ex()\fR and \fIDH_generate_parameters()\fR may run for several +\&\fBDH_generate_parameters_ex()\fR and \fBDH_generate_parameters()\fR may run for several hours before finding a suitable prime. .PP -The parameters generated by \fIDH_generate_parameters_ex()\fR and \fIDH_generate_parameters()\fR +The parameters generated by \fBDH_generate_parameters_ex()\fR and \fBDH_generate_parameters()\fR are not to be used in signature schemes. .SH "BUGS" .IX Header "BUGS" @@ -198,12 +202,12 @@ If \fBgenerator\fR is not 2 or 5, \fBdh\->g\fR=\fBgenerator\fR is not a usable generator. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), -\&\fIDH_free\fR\|(3) +\&\fBdh\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3), +\&\fBDH_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL. -The \fBcb_arg\fR argument to \fIDH_generate_parameters()\fR was added in SSLeay 0.9.0. +\&\fBDH_check()\fR is available in all versions of SSLeay and OpenSSL. +The \fBcb_arg\fR argument to \fBDH_generate_parameters()\fR was added in SSLeay 0.9.0. .PP In versions before OpenSSL 0.9.5, \s-1DH_CHECK_P_NOT_STRONG_PRIME\s0 is used instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME.\s0 diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 index 9ea13d78f8a..b3bfedcebda 100644 --- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DH_get_ex_new_index 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,12 +158,12 @@ DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific .IX Header "DESCRIPTION" These functions handle application specific data in \s-1DH\s0 structures. Their usage is identical to that of -\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR -as described in \fIRSA_get_ex_new_index\fR\|(3). +\&\fBRSA_get_ex_new_index()\fR, \fBRSA_set_ex_data()\fR and \fBRSA_get_ex_data()\fR +as described in \fBRSA_get_ex_new_index\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRSA_get_ex_new_index\fR\|(3), \fIdh\fR\|(3) +\&\fBRSA_get_ex_new_index\fR\|(3), \fBdh\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDH_get_ex_new_index()\fR, \fIDH_set_ex_data()\fR and \fIDH_get_ex_data()\fR are +\&\fBDH_get_ex_new_index()\fR, \fBDH_set_ex_data()\fR and \fBDH_get_ex_data()\fR are available since OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index ea9297ecb92..6d967b7482c 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DH_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,22 +151,22 @@ DH_new, DH_free \- allocate and free DH objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +\&\fBDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. .PP -\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are +\&\fBDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are erased before the memory is returned to the system. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns +If the allocation fails, \fBDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIDH_free()\fR returns no value. +\&\fBDH_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIDH_generate_parameters\fR\|(3), -\&\fIDH_generate_key\fR\|(3) +\&\fBdh\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDH_generate_parameters\fR\|(3), +\&\fBDH_generate_key\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDH_new()\fR and \fIDH_free()\fR are available in all versions of SSLeay and OpenSSL. +\&\fBDH_new()\fR and \fBDH_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index fa3a188722e..3cf27afef49 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DH_set_method 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,17 +166,17 @@ important information about how these \s-1DH API\s0 functions are affected by th of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as -returned by \fIDH_OpenSSL()\fR. +returned by \fBDH_OpenSSL()\fR. .PP -\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +\&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1DH,\s0 so this function is no longer recommended. .PP -\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 +\&\fBDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP -\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. +\&\fBDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 @@ -180,10 +184,10 @@ implementations (eg. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 for the key can have unexpected results. .PP -\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will +\&\fBDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by -\&\fIDH_set_default_method()\fR is used. +\&\fBDH_set_default_method()\fR is used. .SH "THE DH_METHOD STRUCTURE" .IX Header "THE DH_METHOD STRUCTURE" .Vb 4 @@ -217,17 +221,17 @@ operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDH_OpenSSL()\fR and \fIDH_get_default_method()\fR return pointers to the respective +\&\fBDH_OpenSSL()\fR and \fBDH_get_default_method()\fR return pointers to the respective \&\fB\s-1DH_METHOD\s0\fRs. .PP -\&\fIDH_set_default_method()\fR returns no value. +\&\fBDH_set_default_method()\fR returns no value. .PP -\&\fIDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +\&\fBDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous method was supplied by an \s-1ENGINE\s0). .PP -\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by -\&\fIERR_get_error\fR\|(3) if the allocation fails. Otherwise it +\&\fBDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +\&\fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "NOTES" .IX Header "NOTES" @@ -235,20 +239,20 @@ As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE API\s0 function, that will override any \s-1DH\s0 defaults set using the \s-1DH API\s0 (ie. -\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way +\&\fBDH_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way to control default implementations for use in \s-1DH\s0 and other cryptographic algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdh\fR\|(3), \fIDH_new\fR\|(3) +\&\fBdh\fR\|(3), \fBDH_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDH_set_default_method()\fR, \fIDH_get_default_method()\fR, \fIDH_set_method()\fR, -\&\fIDH_new_method()\fR and \fIDH_OpenSSL()\fR were added in OpenSSL 0.9.4. +\&\fBDH_set_default_method()\fR, \fBDH_get_default_method()\fR, \fBDH_set_method()\fR, +\&\fBDH_new_method()\fR and \fBDH_OpenSSL()\fR were added in OpenSSL 0.9.4. .PP -\&\fIDH_set_default_openssl_method()\fR and \fIDH_get_default_openssl_method()\fR replaced -\&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and -\&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than +\&\fBDH_set_default_openssl_method()\fR and \fBDH_get_default_openssl_method()\fR replaced +\&\fBDH_set_default_method()\fR and \fBDH_get_default_method()\fR respectively, and +\&\fBDH_set_method()\fR and \fBDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than \&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this change was reversed, and behaviour of the other functions resembled more closely diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index bb20ee0319c..ccb8d7ca770 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DH_size 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ DH_size \- get Diffie\-Hellman prime size .IX Header "DESCRIPTION" This function returns the Diffie-Hellman size in bytes. It can be used to determine how much memory must be allocated for the shared secret -computed by \fIDH_compute_key()\fR. +computed by \fBDH_compute_key()\fR. .PP \&\fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. .SH "RETURN VALUE" @@ -155,7 +159,7 @@ computed by \fIDH_compute_key()\fR. The size in bytes. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdh\fR\|(3), \fIDH_generate_key\fR\|(3) +\&\fBdh\fR\|(3), \fBDH_generate_key\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDH_size()\fR is available in all versions of SSLeay and OpenSSL. +\&\fBDH_size()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index 8b148b31085..6a2e1909313 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA_SIG_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,22 +151,22 @@ DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_SIG_new()\fR allocates and initializes a \fB\s-1DSA_SIG\s0\fR structure. +\&\fBDSA_SIG_new()\fR allocates and initializes a \fB\s-1DSA_SIG\s0\fR structure. .PP -\&\fIDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The +\&\fBDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The values are erased before the memory is returned to the system. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an +If the allocation fails, \fBDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by -\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer +\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIDSA_SIG_free()\fR returns no value. +\&\fBDSA_SIG_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIDSA_do_sign\fR\|(3) +\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDSA_do_sign\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3. +\&\fBDSA_SIG_new()\fR and \fBDSA_SIG_free()\fR were added in OpenSSL 0.9.3. diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index 6c85d28f889..b9b90c4571d 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA_do_sign 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,28 +152,28 @@ DSA_do_sign, DSA_do_verify \- raw DSA signature operations .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message +\&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a newly allocated \fB\s-1DSA_SIG\s0\fR structure. .PP -\&\fIDSA_sign_setup\fR\|(3) may be used to precompute part +\&\fBDSA_sign_setup\fR\|(3) may be used to precompute part of the signing operation for each signature in case signature generation is time-critical. .PP -\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given +\&\fBDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fIDSA_do_verify()\fR +\&\fBDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fBDSA_do_verify()\fR returns 1 for a valid signature, 0 for an incorrect signature and \-1 on error. The error codes can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), -\&\fIDSA_SIG_new\fR\|(3), -\&\fIDSA_sign\fR\|(3) +\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3), +\&\fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_do_sign()\fR and \fIDSA_do_verify()\fR were added in OpenSSL 0.9.3. +\&\fBDSA_do_sign()\fR and \fBDSA_do_verify()\fR were added in OpenSSL 0.9.3. diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index bacaec1be9b..a377d32256d 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA_dup_DH 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,19 +149,19 @@ DSA_dup_DH \- create a DH structure out of DSA structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q +\&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q is lost during that conversion, but the resulting \s-1DH\s0 parameters contain its length. .SH "RETURN VALUE" .IX Header "RETURN VALUE" -\&\fIDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The -error codes can be obtained by \fIERR_get_error\fR\|(3). +\&\fBDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The +error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTE" .IX Header "NOTE" Be careful to avoid small subgroup attacks when using this. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdh\fR\|(3), \fIdsa\fR\|(3), \fIERR_get_error\fR\|(3) +\&\fBdh\fR\|(3), \fBdsa\fR\|(3), \fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4. +\&\fBDSA_dup_DH()\fR was added in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index 1f5328b4623..e1ddf6ecd94 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA_generate_key 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,18 +149,18 @@ DSA_generate_key \- generate DSA key pair .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates +\&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. .PP -The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR. +The \s-1PRNG\s0 must be seeded prior to calling \fBDSA_generate_key()\fR. .SH "RETURN VALUE" .IX Header "RETURN VALUE" -\&\fIDSA_generate_key()\fR returns 1 on success, 0 otherwise. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +\&\fBDSA_generate_key()\fR returns 1 on success, 0 otherwise. +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), -\&\fIDSA_generate_parameters\fR\|(3) +\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3), +\&\fBDSA_generate_parameters\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_generate_key()\fR is available since SSLeay 0.8. +\&\fBDSA_generate_key()\fR is available since SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index c40a5760eb4..5d3a2fa7554 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA_generate_parameters 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +159,7 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_generate_parameters_ex()\fR generates primes p and q and a generator g +\&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. .PP \&\fBbits\fR is the length of the prime to be generated; the \s-1DSS\s0 allows a @@ -166,7 +170,7 @@ generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random seed is chosen. .PP -\&\fIDSA_generate_parameters_ex()\fR places the iteration count in +\&\fBDSA_generate_parameters_ex()\fR places the iteration count in *\fBcounter_ret\fR and a counter used for finding a generator in *\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. .PP @@ -174,7 +178,7 @@ A callback function may be used to provide feedback about the progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be called as shown below. For information on the \s-1BN_GENCB\s0 structure and the BN_GENCB_call function discussed below, refer to -\&\fIBN_generate_prime\fR\|(3). +\&\fBBN_generate_prime\fR\|(3). .IP "\(bu" 4 When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called (m is 0 for the first candidate). @@ -203,31 +207,31 @@ When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called. .IP "\(bu" 4 When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called. .PP -\&\fIDSA_generate_parameters()\fR (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no \fBdsa\fR parameter is passed and +\&\fBDSA_generate_parameters()\fR (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no \fBdsa\fR parameter is passed and instead a newly allocated \fB\s-1DSA\s0\fR structure is returned. Additionally \*(L"old style\*(R" callbacks are used instead of the newer \s-1BN_GENCB\s0 based approach. -Refer to \fIBN_generate_prime\fR\|(3) for further information. +Refer to \fBBN_generate_prime\fR\|(3) for further information. .SH "RETURN VALUE" .IX Header "RETURN VALUE" -\&\fIDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. +\&\fBDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. .PP -\&\fIDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure, or +\&\fBDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure, or \&\fB\s-1NULL\s0\fR if the parameter generation fails. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" Seed lengths > 20 are not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), -\&\fIDSA_free\fR\|(3), \fIBN_generate_prime\fR\|(3) +\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3), +\&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_generate_parameters()\fR appeared in SSLeay 0.8. The \fBcb_arg\fR +\&\fBDSA_generate_parameters()\fR appeared in SSLeay 0.8. The \fBcb_arg\fR argument was added in SSLeay 0.9.0. In versions up to OpenSSL 0.9.4, \fBcallback(1, ...)\fR was called in the inner loop of the Miller-Rabin test whenever it reached the squaring step (the parameters to \fBcallback\fR did not reveal how many witnesses had been tested); since OpenSSL 0.9.5, \fBcallback(1, ...)\fR -is called as in \fIBN_is_prime\fR\|(3), i.e. once for each witness. +is called as in \fBBN_is_prime\fR\|(3), i.e. once for each witness. diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 index 58d56667ba7..f74bc127618 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA_get_ex_new_index 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,12 +158,12 @@ DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specif .IX Header "DESCRIPTION" These functions handle application specific data in \s-1DSA\s0 structures. Their usage is identical to that of -\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR -as described in \fIRSA_get_ex_new_index\fR\|(3). +\&\fBRSA_get_ex_new_index()\fR, \fBRSA_set_ex_data()\fR and \fBRSA_get_ex_data()\fR +as described in \fBRSA_get_ex_new_index\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRSA_get_ex_new_index\fR\|(3), \fIdsa\fR\|(3) +\&\fBRSA_get_ex_new_index\fR\|(3), \fBdsa\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_get_ex_new_index()\fR, \fIDSA_set_ex_data()\fR and \fIDSA_get_ex_data()\fR are +\&\fBDSA_get_ex_new_index()\fR, \fBDSA_set_ex_data()\fR and \fBDSA_get_ex_data()\fR are available since OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index 3a04d4dc6f4..70038587e30 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,24 +151,24 @@ DSA_new, DSA_free \- allocate and free DSA objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to +\&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to calling DSA_new_method(\s-1NULL\s0). .PP -\&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are +\&\fBDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are erased before the memory is returned to the system. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +If the allocation fails, \fBDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by -\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer +\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIDSA_free()\fR returns no value. +\&\fBDSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIDSA_generate_parameters\fR\|(3), -\&\fIDSA_generate_key\fR\|(3) +\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDSA_generate_parameters\fR\|(3), +\&\fBDSA_generate_key\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_new()\fR and \fIDSA_free()\fR are available in all versions of SSLeay and OpenSSL. +\&\fBDSA_new()\fR and \fBDSA_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index 067a57c1b16..92baeb730b0 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA_set_method 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,18 +166,18 @@ important information about how these \s-1DSA API\s0 functions are affected by t of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, -as returned by \fIDSA_OpenSSL()\fR. +as returned by \fBDSA_OpenSSL()\fR. .PP -\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +\&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1DSA,\s0 so this function is no longer recommended. .PP -\&\fIDSA_get_default_method()\fR returns a pointer to the current default +\&\fBDSA_get_default_method()\fR returns a pointer to the current default \&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP -\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key \&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1DSA\s0 keys that only @@ -182,10 +186,10 @@ that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected results. .PP -\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR +\&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 -controlled by \fIDSA_set_default_method()\fR is used. +controlled by \fBDSA_set_default_method()\fR is used. .SH "THE DSA_METHOD STRUCTURE" .IX Header "THE DSA_METHOD STRUCTURE" struct @@ -231,17 +235,17 @@ struct .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective +\&\fBDSA_OpenSSL()\fR and \fBDSA_get_default_method()\fR return pointers to the respective \&\fB\s-1DSA_METHOD\s0\fRs. .PP -\&\fIDSA_set_default_method()\fR returns no value. +\&\fBDSA_set_default_method()\fR returns no value. .PP -\&\fIDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +\&\fBDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous method was supplied by an \s-1ENGINE\s0). .PP -\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be -obtained by \fIERR_get_error\fR\|(3) if the allocation +\&\fBDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be +obtained by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "NOTES" .IX Header "NOTES" @@ -249,20 +253,20 @@ As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE API\s0 function, that will override any \s-1DSA\s0 defaults set using the \s-1DSA API\s0 (ie. -\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way +\&\fBDSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way to control default implementations for use in \s-1DSA\s0 and other cryptographic algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(3), \fIDSA_new\fR\|(3) +\&\fBdsa\fR\|(3), \fBDSA_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_set_default_method()\fR, \fIDSA_get_default_method()\fR, \fIDSA_set_method()\fR, -\&\fIDSA_new_method()\fR and \fIDSA_OpenSSL()\fR were added in OpenSSL 0.9.4. +\&\fBDSA_set_default_method()\fR, \fBDSA_get_default_method()\fR, \fBDSA_set_method()\fR, +\&\fBDSA_new_method()\fR and \fBDSA_OpenSSL()\fR were added in OpenSSL 0.9.4. .PP -\&\fIDSA_set_default_openssl_method()\fR and \fIDSA_get_default_openssl_method()\fR replaced -\&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and -\&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than +\&\fBDSA_set_default_openssl_method()\fR and \fBDSA_get_default_openssl_method()\fR replaced +\&\fBDSA_set_default_method()\fR and \fBDSA_get_default_method()\fR respectively, and +\&\fBDSA_set_method()\fR and \fBDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than \&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this change was reversed, and behaviour of the other functions resembled more closely diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index bef97e6a4bf..77cabf89037 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA_sign 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,46 +156,46 @@ DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message +\&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 encoding at \fBsigret\fR. The length of the signature is places in *\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. .PP -\&\fIDSA_sign_setup()\fR may be used to precompute part of the signing +\&\fBDSA_sign_setup()\fR may be used to precompute part of the signing operation in case signature generation is time-critical. It expects \&\fBdsa\fR to contain \s-1DSA\s0 parameters. It places the precomputed values in newly allocated \fB\s-1BIGNUM\s0\fRs at *\fBkinvp\fR and *\fBrp\fR, after freeing the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL.\s0 These values may -be passed to \fIDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR. +be passed to \fBDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR. \&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL.\s0 -The precomputed values from \fIDSA_sign_setup()\fR \fB\s-1MUST NOT\s0 be used\fR for +The precomputed values from \fBDSA_sign_setup()\fR \fB\s-1MUST NOT\s0 be used\fR for more than one signature: using the same \fBdsa\->kinv\fR and \&\fBdsa\->r\fR pair twice under the same private key on different plaintexts will result in permanently exposing the \s-1DSA\s0 private key. .PP -\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +\&\fBDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR matches a given message digest \fBdgst\fR of size \fBlen\fR. \&\fBdsa\fR is the signer's public key. .PP The \fBtype\fR parameter is ignored. .PP -The \s-1PRNG\s0 must be seeded before \fIDSA_sign()\fR (or \fIDSA_sign_setup()\fR) +The \s-1PRNG\s0 must be seeded before \fBDSA_sign()\fR (or \fBDSA_sign_setup()\fR) is called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_sign()\fR and \fIDSA_sign_setup()\fR return 1 on success, 0 on error. -\&\fIDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect +\&\fBDSA_sign()\fR and \fBDSA_sign_setup()\fR return 1 on success, 0 on error. +\&\fBDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect signature and \-1 on error. The error codes can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), -\&\fIDSA_do_sign\fR\|(3) +\&\fBdsa\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3), +\&\fBDSA_do_sign\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_sign()\fR and \fIDSA_verify()\fR are available in all versions of SSLeay. -\&\fIDSA_sign_setup()\fR was added in SSLeay 0.8. +\&\fBDSA_sign()\fR and \fBDSA_verify()\fR are available in all versions of SSLeay. +\&\fBDSA_sign_setup()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index 564a2fed0e7..9d4e3364f66 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA_size 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +159,7 @@ for a \s-1DSA\s0 signature. The size in bytes. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(3), \fIDSA_sign\fR\|(3) +\&\fBdsa\fR\|(3), \fBDSA_sign\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_size()\fR is available in all versions of SSLeay and OpenSSL. +\&\fBDSA_size()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/EC_GFp_simple_method.3 index 71508b2eaaf..f2eb32c8b84 100644 --- a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 +++ b/secure/lib/libcrypto/man/EC_GFp_simple_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_GFp_simple_method 3" -.TH EC_GFp_simple_method 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EC_GFp_simple_method 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +159,7 @@ EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_me .SH "DESCRIPTION" .IX Header "DESCRIPTION" The Elliptic Curve library provides a number of different implementations through a single common interface. -When constructing a curve using EC_GROUP_new (see \fIEC_GROUP_new\fR\|(3)) an +When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an implementation method must be provided. The functions described here all return a const pointer to an \&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation type for the form of curve selected is used. @@ -164,9 +168,9 @@ For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_meth .PP For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the -use of montgomery multiplication (see \fIBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method +use of montgomery multiplication (see \fBBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through -EC_GROUP_new_by_curve_name as described in \fIEC_GROUP_new\fR\|(3)). +EC_GROUP_new_by_curve_name as described in \fBEC_GROUP_new\fR\|(3)). .PP The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these @@ -183,7 +187,7 @@ All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fId2i_ECPKParameters\fR\|(3), -\&\fIBN_mod_mul_montgomery\fR\|(3) +\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3), +\&\fBBN_mod_mul_montgomery\fR\|(3) diff --git a/secure/lib/libcrypto/man/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/EC_GROUP_copy.3 index 539e1e72edc..ad8dd1fb834 100644 --- a/secure/lib/libcrypto/man/EC_GROUP_copy.3 +++ b/secure/lib/libcrypto/man/EC_GROUP_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_GROUP_copy 3" -.TH EC_GROUP_copy 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EC_GROUP_copy 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -199,7 +203,7 @@ The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided with the respective order and cofactors for the \fBgroup\fR. .PP The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the \s-1NID\s0 for the curve respectively -(see \fIEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name +(see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name will return 0. .PP The asn1_flag value on a curve is used to determine whether there is a specific \s-1ASN1 OID\s0 to describe the curve or not. @@ -299,6 +303,6 @@ EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasi trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) diff --git a/secure/lib/libcrypto/man/EC_GROUP_new.3 b/secure/lib/libcrypto/man/EC_GROUP_new.3 index 498a7f36b94..0aacf217ba3 100644 --- a/secure/lib/libcrypto/man/EC_GROUP_new.3 +++ b/secure/lib/libcrypto/man/EC_GROUP_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_GROUP_new 3" -.TH EC_GROUP_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EC_GROUP_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,7 +178,7 @@ Operations in a binary field are performed relative to an \fBirreducible polynom use a trinomial or a pentanomial for this parameter. .PP A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by \fBmeth\fR (see -\&\fIEC_GFp_simple_method\fR\|(3)). It is then necessary to call either EC_GROUP_set_curve_GFp or +\&\fBEC_GFp_simple_method\fR\|(3)). It is then necessary to call either EC_GROUP_set_curve_GFp or EC_GROUP_set_curve_GF2m as appropriate to create a curve defined over Fp or over F2^m respectively. .PP EC_GROUP_set_curve_GFp sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR for a curve over Fp stored in \fBgroup\fR. @@ -221,6 +225,6 @@ EC_get_builtin_curves returns the number of builtin curves that are available. EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) diff --git a/secure/lib/libcrypto/man/EC_KEY_new.3 b/secure/lib/libcrypto/man/EC_KEY_new.3 index 7cdf1a58267..ed82051be55 100644 --- a/secure/lib/libcrypto/man/EC_KEY_new.3 +++ b/secure/lib/libcrypto/man/EC_KEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_KEY_new 3" -.TH EC_KEY_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EC_KEY_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +179,7 @@ An \s-1EC_KEY\s0 represents a public key and (optionaly) an associated private k The reference count for the newly created \s-1EC_KEY\s0 is initially set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling EC_KEY_set_group. .PP -Alternatively a new \s-1EC_KEY\s0 can be constructed by calling EC_KEY_new_by_curve_name and supplying the nid of the associated curve. Refer to \fIEC_GROUP_new\fR\|(3) for a description of curve names. This function simply wraps calls to EC_KEY_new and +Alternatively a new \s-1EC_KEY\s0 can be constructed by calling EC_KEY_new_by_curve_name and supplying the nid of the associated curve. Refer to \fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply wraps calls to EC_KEY_new and EC_GROUP_new_by_curve_name. .PP Calling EC_KEY_free decrements the reference count for the \s-1EC_KEY\s0 object, and if it has dropped to zero then frees the memory associated @@ -201,16 +205,16 @@ on the key to confirm that it is valid. The functions EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, and EC_KEY_set_public_key get and set the \s-1EC_GROUP\s0 object, the private key and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. .PP The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the \fBkey\fR. For a description -of point_conversion_forms please refer to \fIEC_POINT_new\fR\|(3). +of point_conversion_forms please refer to \fBEC_POINT_new\fR\|(3). .PP EC_KEY_insert_key_method_data and EC_KEY_get_key_method_data enable the caller to associate arbitrary additional data specific to the elliptic curve scheme being used with the \s-1EC_KEY\s0 object. This data is treated as a \*(L"black box\*(R" by the ec library. The data to be stored by EC_KEY_insert_key_method_data is provided in the \fBdata\fR parameter, which must have associated functions for duplicating, freeing and \*(L"clear_freeing\*(R" the data item. If a subsequent EC_KEY_get_key_method_data call is issued, the functions for duplicating, freeing and \*(L"clear_freeing\*(R" the data item must be provided again, and they must be the same as they were when the data item was inserted. .PP EC_KEY_set_flags sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 object. Any flags that are already set are left set. The currently defined standard flags are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH\s0 and is defined in ecdh.h. EC_KEY_get_flags returns the current flags that are set for this \s-1EC_KEY.\s0 EC_KEY_clear_flags clears the flags indicated by the \fBflags\fR parameter. All other flags are left in their existing state. .PP -EC_KEY_set_asn1_flag sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object (if set). Refer to \fIEC_GROUP_copy\fR\|(3) for further information on the asn1_flag. +EC_KEY_set_asn1_flag sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object (if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the asn1_flag. .PP -EC_KEY_precompute_mult stores multiples of the underlying \s-1EC_GROUP\s0 generator for faster point multiplication. See also \fIEC_POINT_add\fR\|(3). +EC_KEY_precompute_mult stores multiples of the underlying \s-1EC_GROUP\s0 generator for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" EC_KEY_new, EC_KEY_new_by_curve_name and EC_KEY_dup return a pointer to the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. @@ -228,8 +232,8 @@ EC_KEY_get0_private_key returns the private key associated with the \s-1EC_KEY.\ EC_KEY_get_conv_form return the point_conversion_form for the \s-1EC_KEY.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), -\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3), -\&\fIEC_POINT_add\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), -\&\fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3) diff --git a/secure/lib/libcrypto/man/EC_POINT_add.3 b/secure/lib/libcrypto/man/EC_POINT_add.3 index 21d20fee3ac..0387dda0a3f 100644 --- a/secure/lib/libcrypto/man/EC_POINT_add.3 +++ b/secure/lib/libcrypto/man/EC_POINT_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_POINT_add 3" -.TH EC_POINT_add 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EC_POINT_add 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -178,7 +182,7 @@ EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR \&\fBn\fR may be \s-1NULL.\s0 .PP The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst -EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fIEC_GROUP_copy\fR\|(3) for information +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fBEC_GROUP_copy\fR\|(3) for information about the generator. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -194,6 +198,6 @@ EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on err EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) diff --git a/secure/lib/libcrypto/man/EC_POINT_new.3 b/secure/lib/libcrypto/man/EC_POINT_new.3 index f4a49e34fba..5ccc13be97d 100644 --- a/secure/lib/libcrypto/man/EC_POINT_new.3 +++ b/secure/lib/libcrypto/man/EC_POINT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC_POINT_new 3" -.TH EC_POINT_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EC_POINT_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -228,7 +232,7 @@ The function EC_POINT_point2oct must be supplied with a buffer long enough to st octets stored. Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but will still return the required buffer length. .PP The function EC_POINT_point2hex will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free -this memory with a subsequent call to \fIOPENSSL_free()\fR. +this memory with a subsequent call to \fBOPENSSL_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" EC_POINT_new and EC_POINT_dup return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 on error. @@ -251,6 +255,6 @@ EC_POINT_point2hex returns a pointer to the hex string, or \s-1NULL\s0 on error. EC_POINT_hex2point returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index 656272add4e..a573bf5b890 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERR_GET_LIB 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,9 +154,9 @@ reason code .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The error code returned by \fIERR_get_error()\fR consists of a library -number, function code and reason code. \s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR -and \s-1\fIERR_GET_REASON\s0()\fR can be used to extract these. +The error code returned by \fBERR_get_error()\fR consists of a library +number, function code and reason code. \s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR +and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these. .PP The library number and function code describe where the error occurred, the reason code is the information about what went wrong. @@ -166,14 +170,14 @@ reasons. unique. However, when checking for sub-library specific reason codes, be sure to also compare the library number. .PP -\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are macros. +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The library number, function code and reason code respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3) +\&\fBerr\fR\|(3), \fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are available in +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index 670d562b4ef..59913b020c4 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERR_clear_error 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,13 +149,13 @@ ERR_clear_error \- clear the error queue .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_clear_error()\fR empties the current thread's error queue. +\&\fBERR_clear_error()\fR empties the current thread's error queue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_clear_error()\fR has no return value. +\&\fBERR_clear_error()\fR has no return value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3) +\&\fBerr\fR\|(3), \fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_clear_error()\fR is available in all versions of SSLeay and OpenSSL. +\&\fBERR_clear_error()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index ad7dd8376ec..5de76e643e5 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERR_error_string 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,14 +156,14 @@ error message .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_error_string()\fR generates a human-readable string representing the +\&\fBERR_error_string()\fR generates a human-readable string representing the error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 120 bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a static buffer. -\&\fIERR_error_string_n()\fR is a variant of \fIERR_error_string()\fR that writes +\&\fBERR_error_string_n()\fR is a variant of \fBERR_error_string()\fR that writes at most \fIlen\fR characters (including the terminating 0) and truncates the string if necessary. -For \fIERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. +For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. .PP The string will have the following format: .PP @@ -170,34 +174,34 @@ The string will have the following format: \&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR, \&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text. .PP -\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and -\&\fIERR_reason_error_string()\fR return the library name, function +\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and +\&\fBERR_reason_error_string()\fR return the library name, function name and reason string respectively. .PP The OpenSSL error strings should be loaded by calling -\&\fIERR_load_crypto_strings\fR\|(3) or, for \s-1SSL\s0 -applications, \fISSL_load_error_strings\fR\|(3) +\&\fBERR_load_crypto_strings\fR\|(3) or, for \s-1SSL\s0 +applications, \fBSSL_load_error_strings\fR\|(3) first. If there is no text string registered for the given error code, the error string will contain the numeric code. .PP -\&\fIERR_print_errors\fR\|(3) can be used to print +\&\fBERR_print_errors\fR\|(3) can be used to print all error codes currently in the queue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_error_string()\fR returns a pointer to a static buffer containing the +\&\fBERR_error_string()\fR returns a pointer to a static buffer containing the string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. .PP -\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and -\&\fIERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if +\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and +\&\fBERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if none is registered for the error code. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIERR_load_crypto_strings\fR\|(3), -\&\fISSL_load_error_strings\fR\|(3) -\&\fIERR_print_errors\fR\|(3) +\&\fBerr\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBERR_load_crypto_strings\fR\|(3), +\&\fBSSL_load_error_strings\fR\|(3) +\&\fBERR_print_errors\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_error_string()\fR is available in all versions of SSLeay and OpenSSL. -\&\fIERR_error_string_n()\fR was added in OpenSSL 0.9.6. +\&\fBERR_error_string()\fR is available in all versions of SSLeay and OpenSSL. +\&\fBERR_error_string_n()\fR was added in OpenSSL 0.9.6. diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index 9c6d217825d..29a5fb7ea64 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERR_get_error 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,47 +165,47 @@ ERR_peek_last_error_line_data \- obtain error code and data .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_get_error()\fR returns the earliest error code from the thread's error +\&\fBERR_get_error()\fR returns the earliest error code from the thread's error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return. .PP -\&\fIERR_peek_error()\fR returns the earliest error code from the thread's +\&\fBERR_peek_error()\fR returns the earliest error code from the thread's error queue without modifying it. .PP -\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's +\&\fBERR_peek_last_error()\fR returns the latest error code from the thread's error queue without modifying it. .PP -See \s-1\fIERR_GET_LIB\s0\fR\|(3) for obtaining information about +See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining information about location and reason of the error, and -\&\fIERR_error_string\fR\|(3) for human-readable error +\&\fBERR_error_string\fR\|(3) for human-readable error messages. .PP -\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and -\&\fIERR_peek_last_error_line()\fR are the same as the above, but they +\&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and +\&\fBERR_peek_last_error_line()\fR are the same as the above, but they additionally store the file name and line number where the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. .PP -\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and -\&\fIERR_peek_last_error_line_data()\fR store additional data and flags +\&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and +\&\fBERR_peek_last_error_line_data()\fR store additional data and flags associated with the error code in *\fBdata\fR and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. .PP An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers -returned by these functions) with \fIOPENSSL_free()\fR as freeing is handled +returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled automatically by the error library. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The error code, or 0 if there is no error in the queue. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3), -\&\s-1\fIERR_GET_LIB\s0\fR\|(3) +\&\fBerr\fR\|(3), \fBERR_error_string\fR\|(3), +\&\s-1\fBERR_GET_LIB\s0\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_get_error()\fR, \fIERR_peek_error()\fR, \fIERR_get_error_line()\fR and -\&\fIERR_peek_error_line()\fR are available in all versions of SSLeay and -OpenSSL. \fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR +\&\fBERR_get_error()\fR, \fBERR_peek_error()\fR, \fBERR_get_error_line()\fR and +\&\fBERR_peek_error_line()\fR are available in all versions of SSLeay and +OpenSSL. \fBERR_get_error_line_data()\fR and \fBERR_peek_error_line_data()\fR were added in SSLeay 0.9.0. -\&\fIERR_peek_last_error()\fR, \fIERR_peek_last_error_line()\fR and -\&\fIERR_peek_last_error_line_data()\fR were added in OpenSSL 0.9.7. +\&\fBERR_peek_last_error()\fR, \fBERR_peek_last_error_line()\fR and +\&\fBERR_peek_last_error_line_data()\fR were added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index e37bdf0e3f9..fabf1cc497f 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERR_load_crypto_strings 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,24 +155,24 @@ load and free error strings .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_load_crypto_strings()\fR registers the error strings for all -\&\fBlibcrypto\fR functions. \fISSL_load_error_strings()\fR does the same, +\&\fBERR_load_crypto_strings()\fR registers the error strings for all +\&\fBlibcrypto\fR functions. \fBSSL_load_error_strings()\fR does the same, but also registers the \fBlibssl\fR error strings. .PP One of these functions should be called before generating textual error messages. However, this is not required when memory usage is an issue. .PP -\&\fIERR_free_strings()\fR frees all previously loaded error strings. +\&\fBERR_free_strings()\fR frees all previously loaded error strings. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR and -\&\fIERR_free_strings()\fR return no values. +\&\fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR and +\&\fBERR_free_strings()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3) +\&\fBerr\fR\|(3), \fBERR_error_string\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_load_error_strings()\fR, \fISSL_load_error_strings()\fR and -\&\fIERR_free_strings()\fR are available in all versions of SSLeay and +\&\fBERR_load_error_strings()\fR, \fBSSL_load_error_strings()\fR and +\&\fBERR_free_strings()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index 5a5d9fcb57e..644095d1f58 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERR_load_strings 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +154,7 @@ arbitrary error strings .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_load_strings()\fR registers error strings for library number \fBlib\fR. +\&\fBERR_load_strings()\fR registers error strings for library number \fBlib\fR. .PP \&\fBstr\fR is an array of error string data: .PP @@ -164,21 +168,21 @@ arbitrary error strings .PP The error code is generated from the library number and a function and reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). -\&\s-1\fIERR_PACK\s0()\fR is a macro. +\&\s-1\fBERR_PACK\s0()\fR is a macro. .PP The last entry in the array is {0,0}. .PP -\&\fIERR_get_next_error_library()\fR can be used to assign library numbers +\&\fBERR_get_next_error_library()\fR can be used to assign library numbers to user libraries at runtime. .SH "RETURN VALUE" .IX Header "RETURN VALUE" -\&\fIERR_load_strings()\fR returns no value. \s-1\fIERR_PACK\s0()\fR return the error code. -\&\fIERR_get_next_error_library()\fR returns a new library number. +\&\fBERR_load_strings()\fR returns no value. \s-1\fBERR_PACK\s0()\fR return the error code. +\&\fBERR_get_next_error_library()\fR returns a new library number. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_load_strings\fR\|(3) +\&\fBerr\fR\|(3), \fBERR_load_strings\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_load_error_strings()\fR and \s-1\fIERR_PACK\s0()\fR are available in all versions -of SSLeay and OpenSSL. \fIERR_get_next_error_library()\fR was added in +\&\fBERR_load_error_strings()\fR and \s-1\fBERR_PACK\s0()\fR are available in all versions +of SSLeay and OpenSSL. \fBERR_get_next_error_library()\fR was added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index eadfbfeef28..c6aef538699 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERR_print_errors 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,11 +150,11 @@ ERR_print_errors, ERR_print_errors_fp \- print error messages .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_print_errors()\fR is a convenience function that prints the error +\&\fBERR_print_errors()\fR is a convenience function that prints the error strings for all errors that OpenSSL has recorded to \fBbp\fR, thus emptying the error queue. .PP -\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a +\&\fBERR_print_errors_fp()\fR is the same, except that the output goes to a \&\fB\s-1FILE\s0\fR. .PP The error strings will have the following format: @@ -167,14 +171,14 @@ If there is no text string registered for the given error code, the error string will contain the numeric code. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values. +\&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIERR_load_crypto_strings\fR\|(3), -\&\fISSL_load_error_strings\fR\|(3) +\&\fBerr\fR\|(3), \fBERR_error_string\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBERR_load_crypto_strings\fR\|(3), +\&\fBSSL_load_error_strings\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR +\&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index 354c6ea6504..8c49584da4b 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERR_put_error 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,25 +152,25 @@ ERR_put_error, ERR_add_error_data \- record an error .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_put_error()\fR adds an error code to the thread's error queue. It +\&\fBERR_put_error()\fR adds an error code to the thread's error queue. It signals that the error of reason code \fBreason\fR occurred in function \&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. This function is usually called by a macro. .PP -\&\fIERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string +\&\fBERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string arguments with the error code added last. .PP -\&\fIERR_load_strings\fR\|(3) can be used to register +\&\fBERR_load_strings\fR\|(3) can be used to register error strings so that the application can a generate human-readable error messages for the error code. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_put_error()\fR and \fIERR_add_error_data()\fR return +\&\fBERR_put_error()\fR and \fBERR_add_error_data()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_load_strings\fR\|(3) +\&\fBerr\fR\|(3), \fBERR_load_strings\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_put_error()\fR is available in all versions of SSLeay and OpenSSL. -\&\fIERR_add_error_data()\fR was added in SSLeay 0.9.0. +\&\fBERR_put_error()\fR is available in all versions of SSLeay and OpenSSL. +\&\fBERR_add_error_data()\fR was added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index 12730d652ff..9cadca591ea 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERR_remove_state 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +155,7 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_remove_thread_state()\fR frees the error queue associated with thread \fBtid\fR. +\&\fBERR_remove_thread_state()\fR frees the error queue associated with thread \fBtid\fR. If \fBtid\fR == \fB\s-1NULL\s0\fR, the current thread will have its error queue removed. .PP Since error queue data structures are allocated automatically for new @@ -164,12 +168,12 @@ by unsigned long values any argument to this function is ignored. Calling ERR_remove_state is equivalent to \fBERR_remove_thread_state(\s-1NULL\s0)\fR. .SH "RETURN VALUE" .IX Header "RETURN VALUE" -ERR_remove_thread_state and \fIERR_remove_state()\fR return no value. +ERR_remove_thread_state and \fBERR_remove_state()\fR return no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3) +\&\fBerr\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_remove_state()\fR is available in all versions of SSLeay and OpenSSL. It +\&\fBERR_remove_state()\fR is available in all versions of SSLeay and OpenSSL. It was deprecated in OpenSSL 1.0.0 when ERR_remove_thread_state was introduced and thread IDs were introduced to identify threads instead of 'unsigned long'. diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3 index e0e5dc7e77f..7257af9fa72 100644 --- a/secure/lib/libcrypto/man/ERR_set_mark.3 +++ b/secure/lib/libcrypto/man/ERR_set_mark.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_set_mark 3" -.TH ERR_set_mark 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERR_set_mark 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,20 +151,20 @@ ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_set_mark()\fR sets a mark on the current topmost error record if there +\&\fBERR_set_mark()\fR sets a mark on the current topmost error record if there is one. .PP -\&\fIERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. +\&\fBERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. The mark is then removed. If there is no mark, the whole stack is removed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. +\&\fBERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. .PP -\&\fIERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which +\&\fBERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which implies that the stack became empty, otherwise 1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3) +\&\fBerr\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_set_mark()\fR and \fIERR_pop_to_mark()\fR were added in OpenSSL 0.9.8. +\&\fBERR_set_mark()\fR and \fBERR_pop_to_mark()\fR were added in OpenSSL 0.9.8. diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 index 6c68b49e190..605e4032306 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_BytesToKey 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +152,7 @@ EVP_BytesToKey \- password based encryption routine .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is +\&\fBEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. The \fBsalt\fR parameter is used as a salt in the derivation: it should point to an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing @@ -187,13 +191,13 @@ The initial bytes are used for the key and the subsequent bytes for the \s-1IV.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If \fBdata\fR is \s-1NULL,\s0 then \fIEVP_BytesToKey()\fR returns the number of bytes +If \fBdata\fR is \s-1NULL,\s0 then \fBEVP_BytesToKey()\fR returns the number of bytes needed to store the derived key. -Otherwise, \fIEVP_BytesToKey()\fR returns the size of the derived key in bytes, +Otherwise, \fBEVP_BytesToKey()\fR returns the size of the derived key in bytes, or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIrand\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3) +\&\fBevp\fR\|(3), \fBrand\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index ed6e7ea095a..a7c07105884 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_DigestInit 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,105 +206,105 @@ EVP digest routines .IX Header "DESCRIPTION" The \s-1EVP\s0 digest routines are a high level interface to message digests. .PP -\&\fIEVP_MD_CTX_init()\fR initializes digest context \fBctx\fR. +\&\fBEVP_MD_CTX_init()\fR initializes digest context \fBctx\fR. .PP -\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context. +\&\fBEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context. .PP -\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest +\&\fBEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest \&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this -function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR. +function. \fBtype\fR will typically be supplied by a functionsuch as \fBEVP_sha1()\fR. If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. .PP -\&\fIEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fBEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This function can be called several times on the same \fBctx\fR to hash additional data. .PP -\&\fIEVP_DigestFinal_ex()\fR retrieves the digest value from \fBctx\fR and places +\&\fBEVP_DigestFinal_ex()\fR retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at \fBs\fR, at most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. -After calling \fIEVP_DigestFinal_ex()\fR no additional calls to \fIEVP_DigestUpdate()\fR -can be made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new +After calling \fBEVP_DigestFinal_ex()\fR no additional calls to \fBEVP_DigestUpdate()\fR +can be made, but \fBEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. .PP -\&\fIEVP_MD_CTX_cleanup()\fR cleans up digest context \fBctx\fR, it should be called +\&\fBEVP_MD_CTX_cleanup()\fR cleans up digest context \fBctx\fR, it should be called after a digest context is no longer needed. .PP -\&\fIEVP_MD_CTX_destroy()\fR cleans up digest context \fBctx\fR and frees up the +\&\fBEVP_MD_CTX_destroy()\fR cleans up digest context \fBctx\fR and frees up the space allocated to it, it should be called only on a context created -using \fIEVP_MD_CTX_create()\fR. +using \fBEVP_MD_CTX_create()\fR. .PP -\&\fIEVP_MD_CTX_copy_ex()\fR can be used to copy the message digest state from +\&\fBEVP_MD_CTX_copy_ex()\fR can be used to copy the message digest state from \&\fBin\fR to \fBout\fR. This is useful if large amounts of data are to be hashed which only differ in the last few bytes. \fBout\fR must be initialized before calling this function. .PP -\&\fIEVP_DigestInit()\fR behaves in the same way as \fIEVP_DigestInit_ex()\fR except +\&\fBEVP_DigestInit()\fR behaves in the same way as \fBEVP_DigestInit_ex()\fR except the passed context \fBctx\fR does not have to be initialized, and it always uses the default digest implementation. .PP -\&\fIEVP_DigestFinal()\fR is similar to \fIEVP_DigestFinal_ex()\fR except the digest +\&\fBEVP_DigestFinal()\fR is similar to \fBEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is automatically cleaned up. .PP -\&\fIEVP_MD_CTX_copy()\fR is similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination +\&\fBEVP_MD_CTX_copy()\fR is similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \&\fBout\fR does not have to be initialized. .PP -\&\fIEVP_MD_size()\fR and \fIEVP_MD_CTX_size()\fR return the size of the message digest +\&\fBEVP_MD_size()\fR and \fBEVP_MD_CTX_size()\fR return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. .PP -\&\fIEVP_MD_block_size()\fR and \fIEVP_MD_CTX_block_size()\fR return the block size of the +\&\fBEVP_MD_block_size()\fR and \fBEVP_MD_CTX_block_size()\fR return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure. .PP -\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 +\&\fBEVP_MD_type()\fR and \fBEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure. -For example EVP_MD_type(\fIEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is +For example EVP_MD_type(\fBEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. .PP -\&\fIEVP_MD_CTX_md()\fR returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed +\&\fBEVP_MD_CTX_md()\fR returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \&\fB\s-1EVP_MD_CTX\s0\fR. .PP -\&\fIEVP_MD_pkey_type()\fR returns the \s-1NID\s0 of the public key signing algorithm associated -with this digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will +\&\fBEVP_MD_pkey_type()\fR returns the \s-1NID\s0 of the public key signing algorithm associated +with this digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return \fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. .PP -\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_sha224()\fR, \fIEVP_sha256()\fR, -\&\fIEVP_sha384()\fR, \fIEVP_sha512()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return \fB\s-1EVP_MD\s0\fR +\&\fBEVP_md2()\fR, \fBEVP_md5()\fR, \fBEVP_sha()\fR, \fBEVP_sha1()\fR, \fBEVP_sha224()\fR, \fBEVP_sha256()\fR, +\&\fBEVP_sha384()\fR, \fBEVP_sha512()\fR, \fBEVP_mdc2()\fR and \fBEVP_ripemd160()\fR return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2\s0 and \s-1RIPEMD160\s0 digest algorithms respectively. .PP -\&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest +\&\fBEVP_dss()\fR and \fBEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are however retained for compatibility. .PP -\&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it +\&\fBEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero length. .PP -\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR +\&\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR return an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \s-1NID\s0 or an \s-1ASN1_OBJECT\s0 structure respectively. The digest table must be initialized -using, for example, \fIOpenSSL_add_all_digests()\fR for these functions to work. +using, for example, \fBOpenSSL_add_all_digests()\fR for these functions to work. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal_ex()\fR return 1 for +\&\fBEVP_DigestInit_ex()\fR, \fBEVP_DigestUpdate()\fR and \fBEVP_DigestFinal_ex()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure. +\&\fBEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure. .PP -\&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the +\&\fBEVP_MD_type()\fR, \fBEVP_MD_pkey_type()\fR and \fBEVP_MD_type()\fR return the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none exists. .PP -\&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size()\fR and -\&\fIEVP_MD_CTX_block_size()\fR return the digest or block size in bytes. +\&\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_size()\fR and +\&\fBEVP_MD_CTX_block_size()\fR return the digest or block size in bytes. .PP -\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_dss()\fR, -\&\fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return pointers to the +\&\fBEVP_md_null()\fR, \fBEVP_md2()\fR, \fBEVP_md5()\fR, \fBEVP_sha()\fR, \fBEVP_sha1()\fR, \fBEVP_dss()\fR, +\&\fBEVP_dss1()\fR, \fBEVP_mdc2()\fR and \fBEVP_ripemd160()\fR return pointers to the corresponding \s-1EVP_MD\s0 structures. .PP -\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR +\&\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR return either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. .SH "NOTES" .IX Header "NOTES" @@ -311,13 +315,13 @@ transparent to the digest used and much more flexible. New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256.\s0 The other digest algorithms are still in common use. .PP -For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be +For most applications the \fBimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be set to \s-1NULL\s0 to use the default digest implementation. .PP -The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are +The functions \fBEVP_DigestInit()\fR, \fBEVP_DigestFinal()\fR and \fBEVP_MD_CTX_copy()\fR are obsolete but are retained to maintain compatibility with existing code. New -applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and -\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context +applications should use \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestFinal_ex()\fR and +\&\fBEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. .PP @@ -333,7 +337,7 @@ Stack allocation of \s-1EVP_MD_CTX\s0 structures is common, for example: .PP This will cause binary compatibility issues if the size of \s-1EVP_MD_CTX\s0 structure changes (this will only happen with a major release of OpenSSL). -Applications wishing to avoid this should use \fIEVP_MD_CTX_create()\fR instead: +Applications wishing to avoid this should use \fBEVP_MD_CTX_create()\fR instead: .PP .Vb 2 \& EVP_MD_CTX *mctx; @@ -390,24 +394,24 @@ digest name passed on the command line. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdgst\fR\|(1), -\&\fIevp\fR\|(3) +\&\fBdgst\fR\|(1), +\&\fBevp\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are +\&\fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR and \fBEVP_DigestFinal()\fR are available in all versions of SSLeay and OpenSSL. .PP -\&\fIEVP_MD_CTX_init()\fR, \fIEVP_MD_CTX_create()\fR, \fIEVP_MD_CTX_copy_ex()\fR, -\&\fIEVP_MD_CTX_cleanup()\fR, \fIEVP_MD_CTX_destroy()\fR, \fIEVP_DigestInit_ex()\fR -and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7. +\&\fBEVP_MD_CTX_init()\fR, \fBEVP_MD_CTX_create()\fR, \fBEVP_MD_CTX_copy_ex()\fR, +\&\fBEVP_MD_CTX_cleanup()\fR, \fBEVP_MD_CTX_destroy()\fR, \fBEVP_DigestInit_ex()\fR +and \fBEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7. .PP -\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, -\&\fIEVP_dss()\fR, \fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR were +\&\fBEVP_md_null()\fR, \fBEVP_md2()\fR, \fBEVP_md5()\fR, \fBEVP_sha()\fR, \fBEVP_sha1()\fR, +\&\fBEVP_dss()\fR, \fBEVP_dss1()\fR, \fBEVP_mdc2()\fR and \fBEVP_ripemd160()\fR were changed to return truly const \s-1EVP_MD\s0 * in OpenSSL 0.9.7. .PP The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0; there is no need to -use \fIEVP_dss1()\fR any more. +later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0; there is no need to +use \fBEVP_dss1()\fR any more. .PP OpenSSL 1.0 and later does not include the \s-1MD2\s0 digest algorithm in the default configuration due to its security weaknesses. diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 index 91cfb1c4c59..e97ddd2e52f 100644 --- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestSignInit 3" -.TH EVP_DigestSignInit 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_DigestSignInit 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,21 +154,21 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal \- EVP signing fun .IX Header "DESCRIPTION" The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from +\&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from \&\s-1ENGINE\s0 \fBimpl\fR and private key \fBpkey\fR. \fBctx\fR must be initialized with -\&\fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the +\&\fBEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the \&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can be used to set alternative signing options. Note that any existing value in \&\fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed directly by the application (it will be freed automatically when the \s-1EVP_MD_CTX\s0 is freed). The digest \fBtype\fR may be \s-1NULL\s0 if the signing algorithm supports it. .PP -\&\fIEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fBEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the signature context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. This function is currently implemented usig a macro. .PP -\&\fIEVP_DigestSignFinal()\fR signs the data in \fBctx\fR places the signature in \fBsig\fR. +\&\fBEVP_DigestSignFinal()\fR signs the data in \fBctx\fR places the signature in \fBsig\fR. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the \&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer, if the @@ -172,12 +176,12 @@ call is successful the signature is written to \fBsig\fR and the amount of data written to \fBsiglen\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_DigestSignInit()\fR \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignaFinal()\fR return +\&\fBEVP_DigestSignInit()\fR \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignaFinal()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .PP -The error codes can be obtained from \fIERR_get_error\fR\|(3). +The error codes can be obtained from \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in @@ -185,33 +189,33 @@ preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP In previous versions of OpenSSL there was a link between message digest types -and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and the use of clone digest is now discouraged. .PP For some key types and parameters the random number generator must be seeded or the operation will fail. .PP -The call to \fIEVP_DigestSignFinal()\fR internally finalizes a copy of the digest -context. This means that calls to \fIEVP_DigestSignUpdate()\fR and -\&\fIEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. +The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the digest +context. This means that calls to \fBEVP_DigestSignUpdate()\fR and +\&\fBEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. .PP Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak +be cleaned up after use by calling \fBEVP_MD_CTX_cleanup()\fR or a memory leak will occur. .PP -The use of \fIEVP_PKEY_size()\fR with these functions is discouraged because some +The use of \fBEVP_PKEY_size()\fR with these functions is discouraged because some signature operations may have a signature length which depends on the -parameters set. As a result \fIEVP_PKEY_size()\fR would have to return a value +parameters set. As a result \fBEVP_PKEY_size()\fR would have to return a value which indicates the maximum possible signature for any set of parameters. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_DigestVerifyInit\fR\|(3), -\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3), -\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3), -\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), -\&\fIsha\fR\|(3), \fIdgst\fR\|(1) +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), \fBerr\fR\|(3), +\&\fBevp\fR\|(3), \fBhmac\fR\|(3), \fBmd2\fR\|(3), +\&\fBmd5\fR\|(3), \fBmdc2\fR\|(3), \fBripemd\fR\|(3), +\&\fBsha\fR\|(3), \fBdgst\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR +\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 index 1c063d77111..a6ce6df843f 100644 --- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestVerifyInit 3" -.TH EVP_DigestVerifyInit 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_DigestVerifyInit 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,35 +154,35 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal \- EVP signa .IX Header "DESCRIPTION" The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest +\&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest \&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized -with \fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the +with \fBEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the \&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this can be used to set alternative verification options. Note that any existing value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed directly by the application (it will be freed automatically when the \&\s-1EVP_MD_CTX\s0 is freed). .PP -\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. This function is currently implemented using a macro. .PP -\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in +\&\fBEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in \&\fBsig\fR of length \fBsiglen\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0 +\&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyUpdate()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .PP -\&\fIEVP_DigestVerifyFinal()\fR returns 1 for success; any other value indicates +\&\fBEVP_DigestVerifyFinal()\fR returns 1 for success; any other value indicates failure. A return value of zero indicates that the signature did not verify successfully (that is, tbs did not match the original data or the signature had an invalid form), while other values indicate a more serious error (and sometimes also indicate an invalid signature form). .PP -The error codes can be obtained from \fIERR_get_error\fR\|(3). +The error codes can be obtained from \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in @@ -186,28 +190,28 @@ preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP In previous versions of OpenSSL there was a link between message digest types -and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and the use of clone digest is now discouraged. .PP For some key types and parameters the random number generator must be seeded or the operation will fail. .PP -The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest -context. This means that \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can +The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest +context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called later to digest and verify additional data. .PP Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak +be cleaned up after use by calling \fBEVP_MD_CTX_cleanup()\fR or a memory leak will occur. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_DigestSignInit\fR\|(3), -\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3), -\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3), -\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), -\&\fIsha\fR\|(3), \fIdgst\fR\|(1) +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), \fBerr\fR\|(3), +\&\fBevp\fR\|(3), \fBhmac\fR\|(3), \fBmd2\fR\|(3), +\&\fBmd5\fR\|(3), \fBmdc2\fR\|(3), \fBripemd\fR\|(3), +\&\fBsha\fR\|(3), \fBdgst\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR +\&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/EVP_EncodeInit.3 index b781bbb562a..e6badc3fd64 100644 --- a/secure/lib/libcrypto/man/EVP_EncodeInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncodeInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_EncodeInit 3" -.TH EVP_EncodeInit 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_EncodeInit 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,31 +178,31 @@ bytes of input. If the data length is not divisible by 3 then a full 4 bytes is still output for the final 1 or 2 bytes of input. Similarly a newline character will also be output. .PP -\&\fIEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. +\&\fBEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. .PP -\&\fIEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by +\&\fBEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by \&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full blocks of data (48 bytes) will be immediately processed and output by this function. Any remainder is held in the \fBctx\fR object and will be processed by a -subsequent call to \fIEVP_EncodeUpdate()\fR or \fIEVP_EncodeFinal()\fR. To calculate the +subsequent call to \fBEVP_EncodeUpdate()\fR or \fBEVP_EncodeFinal()\fR. To calculate the required size of the output buffer add together the value of \fBinl\fR with the amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore any remainder). This gives the number of blocks of data that will be processed. Ensure the output buffer contains 65 bytes of storage for each block, plus an -additional byte for a \s-1NUL\s0 terminator. \fIEVP_EncodeUpdate()\fR may be called +additional byte for a \s-1NUL\s0 terminator. \fBEVP_EncodeUpdate()\fR may be called repeatedly to process large amounts of input data. In the event of an error -\&\fIEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0. +\&\fBEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0. .PP -\&\fIEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will +\&\fBEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will process any partial block of data remaining in the \fBctx\fR object. The output data will be stored in \fBout\fR and the length of the data written will be stored in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is sufficiently large to accommodate the output data which will never be more than 65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total). .PP -\&\fIEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length +\&\fBEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length \&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always @@ -207,16 +211,16 @@ example if 16 bytes of input data is provided then 24 bytes of encoded data is created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function. .PP -\&\fIEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. +\&\fBEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. .PP -\&\fIEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed +\&\fBEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the buffer at \fBout\fR is sufficiently large to accommodate the output data. This function will attempt to decode as much data as possible in 4 byte chunks. Any whitespace, newline or carriage return characters are ignored. Any partial chunk of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in -the \fBctx\fR object and processed by a subsequent call to \fIEVP_DecodeUpdate()\fR. If +the \fBctx\fR object and processed by a subsequent call to \fBEVP_DecodeUpdate()\fR. If any illegal base 64 characters are encountered or if the base 64 padding character \*(L"=\*(R" is encountered in the middle of the data then the function returns \&\-1 to indicate an error. A return value of 0 or 1 indicates successful @@ -227,12 +231,12 @@ every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and line feeds), 3 bytes of binary output data will be produced (or less at the end of the data where the padding character \*(L"=\*(R" has been used). .PP -\&\fIEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there +\&\fBEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there is any unprocessed data still in \fBctx\fR then the input data must not have been a multiple of 4 and therefore an error has occurred. The function will return \-1 in this case. Otherwise the function returns 1 on success. .PP -\&\fIEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data +\&\fBEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0 characters. After such trimming the length of the data in \fBf\fR must be divisbile @@ -242,15 +246,15 @@ always 3 bytes for every 4 input bytes. This function will return the length of the data decoded or \-1 on error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 +\&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 terminator. .PP -\&\fIEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned +\&\fBEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned then no more non-padding base 64 characters are expected. .PP -\&\fIEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. +\&\fBEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. .PP -\&\fIEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. +\&\fBEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3) +\&\fBevp\fR\|(3) diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index 4c7d4e9b38e..dcd5c47ea54 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_EncryptInit 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -242,12 +246,12 @@ EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256 The \s-1EVP\s0 cipher routines are a high level interface to certain symmetric ciphers. .PP -\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR. +\&\fBEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR. .PP -\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption +\&\fBEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this function. \fBtype\fR is normally supplied -by a function such as \fIEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the +by a function such as \fBEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the default implementation is used. \fBkey\fR is the symmetric key to use and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes used for the key and \s-1IV\s0 depends on the cipher. It is possible to set @@ -256,7 +260,7 @@ the remaining parameters in subsequent calls, all of which have \fBtype\fR set to \s-1NULL.\s0 This is done when the default cipher parameters are not appropriate. .PP -\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and +\&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and writes the encrypted version to \fBout\fR. This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: @@ -264,170 +268,170 @@ as a result the amount of data written may be anything from zero bytes to (inl + cipher_block_size \- 1) so \fBout\fR should contain sufficient room. The actual number of bytes written is placed in \fBoutl\fR. .PP -If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts +If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts the \*(L"final\*(R" data, that is any data that remains in a partial block. It uses standard block padding (aka \s-1PKCS\s0 padding). The encrypted final data is written to \fBout\fR which should have sufficient space for one cipher block. The number of bytes written is placed in \fBoutl\fR. After this function is called the encryption operation is finished and no further -calls to \fIEVP_EncryptUpdate()\fR should be made. +calls to \fBEVP_EncryptUpdate()\fR should be made. .PP -If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more +If padding is disabled then \fBEVP_EncryptFinal_ex()\fR will not encrypt any more data and it will return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size. .PP -\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the -corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an +\&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR are the +corresponding decryption operations. \fBEVP_DecryptFinal()\fR will return an error code if padding is enabled and the final block is not correctly formatted. The parameters and restrictions are identical to the encryption operations except that if padding is enabled the decrypted data buffer \fBout\fR -passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for +passed to \fBEVP_DecryptUpdate()\fR should have sufficient room for (\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in which case \fBinl\fR bytes is sufficient. .PP -\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are +\&\fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR are functions that can be used for decryption or encryption. The operation performed depends on the value of the \fBenc\fR parameter. It should be set to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged (the actual value of 'enc' being supplied in a previous call). .PP -\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context +\&\fBEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context and free up any allocated memory associate with it. It should be called after all operations using a cipher are complete so sensitive information does not remain in memory. .PP -\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a -similar way to \fIEVP_EncryptInit_ex()\fR, EVP_DecryptInit_ex and -\&\fIEVP_CipherInit_ex()\fR except the \fBctx\fR parameter does not need to be +\&\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR behave in a +similar way to \fBEVP_EncryptInit_ex()\fR, EVP_DecryptInit_ex and +\&\fBEVP_CipherInit_ex()\fR except the \fBctx\fR parameter does not need to be initialized and they always use the default cipher implementation. .PP -\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR are -identical to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and -\&\fIEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up -the \fBctx\fR, but this is no longer done and \fIEVP_CIPHER_CTX_clean()\fR +\&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR are +identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and +\&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up +the \fBctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_clean()\fR must be called to free any context resources. .PP -\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR +\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an \&\s-1ASN1_OBJECT\s0 structure. .PP -\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when +\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 value is an internal value which may not have a corresponding \s-1OBJECT IDENTIFIER.\s0 .PP -\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default +\&\fBEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default encryption operations are padded using standard block padding and the padding is checked and removed when decrypting. If the \fBpad\fR parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur. .PP -\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key +\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length -for all ciphers. Note: although \fIEVP_CIPHER_key_length()\fR is fixed for a -given cipher, the value of \fIEVP_CIPHER_CTX_key_length()\fR may be different +for all ciphers. Note: although \fBEVP_CIPHER_key_length()\fR is fixed for a +given cipher, the value of \fBEVP_CIPHER_CTX_key_length()\fR may be different for variable key length ciphers. .PP -\&\fIEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. +\&\fBEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. If the cipher is a fixed length cipher then attempting to set the key length to any value other than the fixed value is an error. .PP -\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. It will return zero if the cipher does not use an \s-1IV.\s0 The constant \&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. .PP -\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block +\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_IV_LENGTH\s0\fR is also the maximum block length for all ciphers. .PP -\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed +\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the type of the passed cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and 128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object identifier or does not have \s-1ASN1\s0 support this function will return \&\fBNID_undef\fR. .PP -\&\fIEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed +\&\fBEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. .PP -\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode: +\&\fBEVP_CIPHER_mode()\fR and \fBEVP_CIPHER_CTX_mode()\fR return the block cipher mode: \&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE\s0 or \&\s-1EVP_CIPH_OFB_MODE.\s0 If the cipher is a stream cipher then \&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. .PP -\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based +\&\fBEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. This will typically include any parameters and an \&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call should be made before the cipher is actually \*(L"used\*(R" (before any -\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function +\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). This function may fail if the cipher does not have any \s-1ASN1\s0 support. .PP -\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 +\&\fBEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length. This function should be called after the base cipher type is set but before -the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and -key set to \s-1NULL,\s0 \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally -\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is +the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and +key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally +\&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support or the parameters cannot be set (for example the \s-1RC2\s0 effective key length is not supported. .PP -\&\fIEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined +\&\fBEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined and set. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal_ex()\fR +\&\fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. -\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. +\&\fBEVP_DecryptInit_ex()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. .PP -\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. -\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. +\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. .PP -\&\fIEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure. +\&\fBEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure. .PP -\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR +\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. .PP -\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 +\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 .PP -\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block +\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block size. .PP -\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key +\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key length. .PP -\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1. +\&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1. .PP -\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 length or zero if the cipher does not use an \s-1IV.\s0 .PP -\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's +\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's \&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0 .PP -\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. +\&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. .PP -\&\fIEVP_CIPHER_param_to_asn1()\fR and \fIEVP_CIPHER_asn1_to_param()\fR return 1 for +\&\fBEVP_CIPHER_param_to_asn1()\fR and \fBEVP_CIPHER_asn1_to_param()\fR return 1 for success or zero for failure. .SH "CIPHER LISTING" .IX Header "CIPHER LISTING" All algorithms have a fixed key length unless otherwise stated. -.IP "\fIEVP_enc_null()\fR" 4 +.IP "\fBEVP_enc_null()\fR" 4 .IX Item "EVP_enc_null()" Null cipher: does nothing. .IP "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" 4 .IX Item "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" \&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. -.IP "EVP_des_ede_cbc(void), \fIEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4 +.IP "EVP_des_ede_cbc(void), \fBEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4 .IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" Two key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. -.IP "EVP_des_ede3_cbc(void), \fIEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4 +.IP "EVP_des_ede3_cbc(void), \fBEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4 .IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" Three key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. .IP "EVP_desx_cbc(void)" 4 @@ -438,9 +442,9 @@ Three key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respect \&\s-1RC4\s0 stream cipher. This is a variable key length cipher with default key length 128 bits. .IP "EVP_rc4_40(void)" 4 .IX Item "EVP_rc4_40(void)" -\&\s-1RC4\s0 stream cipher with 40 bit key length. This is obsolete and new code should use \fIEVP_rc4()\fR -and the \fIEVP_CIPHER_CTX_set_key_length()\fR function. -.IP "\fIEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void)" 4 +\&\s-1RC4\s0 stream cipher with 40 bit key length. This is obsolete and new code should use \fBEVP_rc4()\fR +and the \fBEVP_CIPHER_CTX_set_key_length()\fR function. +.IP "\fBEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void)" 4 .IX Item "EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void)" \&\s-1IDEA\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. .IP "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" 4 @@ -451,8 +455,8 @@ By default both are set to 128 bits. .IP "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" 4 .IX Item "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" \&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of 40 and 64 bits. -These are obsolete and new code should use \fIEVP_rc2_cbc()\fR, \fIEVP_CIPHER_CTX_set_key_length()\fR and -\&\fIEVP_CIPHER_CTX_ctrl()\fR to set the key length and effective key length. +These are obsolete and new code should use \fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and +\&\fBEVP_CIPHER_CTX_ctrl()\fR to set the key length and effective key length. .IP "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" 4 .IX Item "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" Blowfish encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key @@ -481,11 +485,11 @@ These ciphers require additional control operations to function correctly: see For \s-1GCM\s0 mode ciphers the behaviour of the \s-1EVP\s0 interface is subtly altered and several \s-1GCM\s0 specific ctrl operations are supported. .PP -To specify any additional authenticated data (\s-1AAD\s0) a call to \fIEVP_CipherUpdate()\fR, -\&\fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR should be made with the output +To specify any additional authenticated data (\s-1AAD\s0) a call to \fBEVP_CipherUpdate()\fR, +\&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output parameter \fBout\fR set to \fB\s-1NULL\s0\fR. .PP -When decrypting the return value of \fIEVP_DecryptFinal()\fR or \fIEVP_CipherFinal()\fR +When decrypting the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR indicates if the operation was successful. If it does not indicate success the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR be used as it is corrupted. @@ -505,7 +509,7 @@ not called a default \s-1IV\s0 length is used (96 bits for \s-1AES\s0). .PP Writes \fBtaglen\fR bytes of the tag value to the buffer indicated by \fBtag\fR. This call can only be made when encrypting data and \fBafter\fR all data has been -processed (e.g. after an \fIEVP_EncryptFinal()\fR call). +processed (e.g. after an \fBEVP_EncryptFinal()\fR call). .PP .Vb 1 \& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); @@ -519,10 +523,10 @@ The behaviour of \s-1CCM\s0 mode ciphers is similar to \s-1CCM\s0 mode but with additional requirements and different ctrl values. .PP Like \s-1GCM\s0 mode any additional authenticated data (\s-1AAD\s0) is passed by calling -\&\fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR with the output +\&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output parameter \fBout\fR set to \fB\s-1NULL\s0\fR. Additionally the total plaintext or ciphertext -length \fB\s-1MUST\s0\fR be passed to \fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or -\&\fIEVP_DecryptUpdate()\fR with the output and input parameters (\fBin\fR and \fBout\fR) +length \fB\s-1MUST\s0\fR be passed to \fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or +\&\fBEVP_DecryptUpdate()\fR with the output and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in the \fBinl\fR parameter. .PP The following ctrls are supported in \s-1CCM\s0 mode: @@ -574,11 +578,11 @@ the input data earlier on will not produce a final decrypt error. If padding is disabled then the decryption operation will always succeed if the total amount of data decrypted is a multiple of the block size. .PP -The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR, -\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for -compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR, -\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, -\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an +The functions \fBEVP_EncryptInit()\fR, \fBEVP_EncryptFinal()\fR, \fBEVP_DecryptInit()\fR, +\&\fBEVP_CipherInit()\fR and \fBEVP_CipherFinal()\fR are obsolete but are retained for +compatibility with existing code. New code should use \fBEVP_EncryptInit_ex()\fR, +\&\fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptFinal_ex()\fR, +\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherFinal_ex()\fR because they can reuse an existing context without allocating and freeing it up on each call. .SH "BUGS" .IX Header "BUGS" @@ -700,12 +704,12 @@ with a 128\-bit key: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3) +\&\fBevp\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_CIPHER_CTX_init()\fR, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptFinal_ex()\fR, -\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, \fIEVP_CipherInit_ex()\fR, -\&\fIEVP_CipherFinal_ex()\fR and \fIEVP_CIPHER_CTX_set_padding()\fR appeared in +\&\fBEVP_CIPHER_CTX_init()\fR, \fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptFinal_ex()\fR, +\&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptFinal_ex()\fR, \fBEVP_CipherInit_ex()\fR, +\&\fBEVP_CipherFinal_ex()\fR and \fBEVP_CIPHER_CTX_set_padding()\fR appeared in OpenSSL 0.9.7. .PP \&\s-1IDEA\s0 appeared in OpenSSL 0.9.7 but was often disabled due to diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index 0fec2cb9936..1baa2cc3cf7 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_OpenInit 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,19 +158,19 @@ The \s-1EVP\s0 envelope routines are a high level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. .PP -\&\fIEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption +\&\fBEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length \&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. The \s-1IV\s0 is supplied in the \fBiv\fR parameter. .PP -\&\fIEVP_OpenUpdate()\fR and \fIEVP_OpenFinal()\fR have exactly the same properties -as the \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR routines, as -documented on the \fIEVP_EncryptInit\fR\|(3) manual +\&\fBEVP_OpenUpdate()\fR and \fBEVP_OpenFinal()\fR have exactly the same properties +as the \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal()\fR routines, as +documented on the \fBEVP_EncryptInit\fR\|(3) manual page. .SH "NOTES" .IX Header "NOTES" -It is possible to call \fIEVP_OpenInit()\fR twice in the same way as -\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 +It is possible to call \fBEVP_OpenInit()\fR twice in the same way as +\&\fBEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 and (after setting any cipher parameters) it should be called again with \fBtype\fR set to \s-1NULL.\s0 .PP @@ -176,16 +180,16 @@ key length. If the cipher is a fixed length cipher then the recovered key length must match the fixed cipher length. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the +\&\fBEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the recovered secret key size) if successful. .PP -\&\fIEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. +\&\fBEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. .PP -\&\fIEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. +\&\fBEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIrand\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_SealInit\fR\|(3) +\&\fBevp\fR\|(3), \fBrand\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_SealInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index 7a16e40b54f..e278a9218d2 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_ctrl 3" -.TH EVP_PKEY_CTX_ctrl 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_CTX_ctrl 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,16 +177,16 @@ EVP_PKEY_CTX_set_ec_paramgen_curve_nid \- algorithm specific control operations .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fIEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context +The function \fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context \&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter \&\fBoptype\fR is a mask indicating which operations the control can be applied to. The control command is indicated in \fBcmd\fR and any additional arguments in \&\fBp1\fR and \fBp2\fR. .PP -Applications will not normally call \fIEVP_PKEY_CTX_ctrl()\fR directly but will +Applications will not normally call \fBEVP_PKEY_CTX_ctrl()\fR directly but will instead call one of the algorithm specific macros below. .PP -The function \fIEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm +The function \fBEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm specific control operation to a context \fBctx\fR in string form. This is intended to be used for options specified on the command line or in text files. The commands supported are documented in the openssl utility @@ -191,18 +195,18 @@ command line pages for the option \fB\-pkeyopt\fR which is supported by the .PP All the remaining \*(L"functions\*(R" are implemented as macros. .PP -The \fIEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used +The \fBEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used in a signature. It can be used with any public key algorithm supporting signature operations. .PP -The macro \fIEVP_PKEY_CTX_set_rsa_padding()\fR sets the \s-1RSA\s0 padding mode for \fBctx\fR. +The macro \fBEVP_PKEY_CTX_set_rsa_padding()\fR sets the \s-1RSA\s0 padding mode for \fBctx\fR. The \fBpad\fR parameter can take the value \s-1RSA_PKCS1_PADDING\s0 for PKCS#1 padding, \&\s-1RSA_SSLV23_PADDING\s0 for SSLv23 padding, \s-1RSA_NO_PADDING\s0 for no padding, \&\s-1RSA_PKCS1_OAEP_PADDING\s0 for \s-1OAEP\s0 padding (encrypt and decrypt only), \&\s-1RSA_X931_PADDING\s0 for X9.31 padding (signature operations only) and \&\s-1RSA_PKCS1_PSS_PADDING\s0 (sign and verify only). .PP -Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR +Two \s-1RSA\s0 padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR is used. If this macro is called for PKCS#1 padding the plaintext buffer is an actual digest value and is encapsulated in a DigestInfo structure according to PKCS#1 when signing and this structure is expected (and stripped off) when @@ -211,7 +215,7 @@ supplied data is used directly and not encapsulated. In the case of X9.31 padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. .PP -The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to +The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to \&\fBlen\fR as its name implies it is only supported for \s-1PSS\s0 padding. Two special values are supported: \-1 sets the salt length to the digest length. When signing \-2 sets the salt length to the maximum permissible value. When @@ -219,42 +223,42 @@ verifying \-2 causes the salt length to be automatically determined based on the \&\fB\s-1PSS\s0\fR block structure. If this macro is not called a salt length value of \-2 is used by default. .PP -The \fIEVP_PKEY_CTX_set_rsa_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for +The \fBEVP_PKEY_CTX_set_rsa_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for \&\s-1RSA\s0 key genration to \fBbits\fR. If not specified 1024 bits is used. .PP -The \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value +The \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value for \s-1RSA\s0 key generation to \fBpubexp\fR currently it should be an odd integer. The \&\fBpubexp\fR pointer is used internally by this function so it should not be modified or free after the call. If this macro is not called then 65537 is used. .PP -The macro \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR sets the number of bits used +The macro \fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR sets the number of bits used for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used. .PP -The macro \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR sets the length of the \s-1DH\s0 +The macro \fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR sets the length of the \s-1DH\s0 prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called then 1024 is used. .PP -The \fIEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR +The \fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR for \s-1DH\s0 parameter generation. If not specified 2 is used. .PP -The \fIEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter +The \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called or an error occurs because there is no default curve. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 +\&\fBEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) -\&\fIEVP_PKEY_keygen\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_keygen\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 index 399790c969b..1c1b98cafb9 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_new 3" -.TH EVP_PKEY_CTX_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_CTX_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,17 +152,17 @@ EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- pu .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using +The \fBEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR. .PP -The \fIEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context +The \fBEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example during parameter generation of key genration for some algorithms. .PP -\&\fIEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. +\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. .PP -\&\fIEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. +\&\fBEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used @@ -167,13 +171,13 @@ threads: that is it is not permissible to use the same context simultaneously in two threads. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_CTX_new()\fR, \fIEVP_PKEY_CTX_new_id()\fR, \fIEVP_PKEY_CTX_dup()\fR returns either +\&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR returns either the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIEVP_PKEY_CTX_free()\fR does not return a value. +\&\fBEVP_PKEY_CTX_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_new\fR\|(3) +\&\fBEVP_PKEY_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 index dd791b8f558..85bba170017 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_cmp 3" -.TH EVP_PKEY_cmp 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_cmp 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,43 +153,43 @@ EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key +The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm doesn't use parameters. .PP -The function \fIEVP_PKEY_copy_parameters()\fR copies the parameters from key +The function \fBEVP_PKEY_copy_parameters()\fR copies the parameters from key \&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in \&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters in \fBfrom\fR and \fBto\fR are both present and match this function has no effect. .PP -The function \fIEVP_PKEY_cmp_parameters()\fR compares the parameters of keys +The function \fBEVP_PKEY_cmp_parameters()\fR compares the parameters of keys \&\fBa\fR and \fBb\fR. .PP -The function \fIEVP_PKEY_cmp()\fR compares the public key components and paramters +The function \fBEVP_PKEY_cmp()\fR compares the public key components and paramters (if present) of keys \fBa\fR and \fBb\fR. .SH "NOTES" .IX Header "NOTES" -The main purpose of the functions \fIEVP_PKEY_missing_parameters()\fR and -\&\fIEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the +The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and +\&\fBEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the parameters are sometimes omitted from a public key if they are inherited from the \s-1CA\s0 that signed it. .PP Since OpenSSL private keys contain public key components too the function -\&\fIEVP_PKEY_cmp()\fR can also be used to determine if a private key matches +\&\fBEVP_PKEY_cmp()\fR can also be used to determine if a private key matches a public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key +The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm doesn't use parameters. .PP -These functions \fIEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for +These functions \fBEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for failure. .PP -The function \fIEVP_PKEY_cmp_parameters()\fR and \fIEVP_PKEY_cmp()\fR return 1 if the +The function \fBEVP_PKEY_cmp_parameters()\fR and \fBEVP_PKEY_cmp()\fR return 1 if the keys match, 0 if they don't match, \-1 if the key types are different and \&\-2 if the operation is not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_keygen\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 index afc4835181c..dedee2cb48d 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_decrypt 3" -.TH EVP_PKEY_decrypt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_decrypt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,10 +152,10 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a decryption operation. .PP -The \fIEVP_PKEY_decrypt()\fR function performs a public key decryption operation +The \fBEVP_PKEY_decrypt()\fR function performs a public key decryption operation using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and \&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then @@ -160,15 +164,15 @@ before the call the \fBoutlen\fR parameter should contain the length of the \&\fBout\fR and the amount of data written to \fBoutlen\fR. .SH "NOTES" .IX Header "NOTES" -After the call to \fIEVP_PKEY_decrypt_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_decrypt_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The function \fIEVP_PKEY_decrypt()\fR can be called more than once on the same +The function \fBEVP_PKEY_decrypt()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_decrypt_init()\fR and \fIEVP_PKEY_decrypt()\fR return 1 for success and 0 +\&\fBEVP_PKEY_decrypt_init()\fR and \fBEVP_PKEY_decrypt()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLE" @@ -210,12 +214,12 @@ Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 index 488c4243900..caa72359d9b 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_derive 3" -.TH EVP_PKEY_derive 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_derive 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,13 +151,13 @@ EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_derive_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_derive_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for shared secret derivation. .PP -The \fIEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally +The \fBEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally be a public key. .PP -The \fIEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. +The \fBEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the \&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call @@ -161,15 +165,15 @@ is successful the shared secret is written to \fBkey\fR and the amount of data written to \fBkeylen\fR. .SH "NOTES" .IX Header "NOTES" -After the call to \fIEVP_PKEY_derive_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_derive_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The function \fIEVP_PKEY_derive()\fR can be called more than once on the same +The function \fBEVP_PKEY_derive()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_derive_init()\fR and \fIEVP_PKEY_derive()\fR return 1 for success and 0 +\&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLE" @@ -210,12 +214,12 @@ Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 index 54db9919e66..1254121935c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_encrypt 3" -.TH EVP_PKEY_encrypt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_encrypt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,10 +152,10 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for an encryption operation. .PP -The \fIEVP_PKEY_encrypt()\fR function performs a public key encryption operation +The \fBEVP_PKEY_encrypt()\fR function performs a public key encryption operation using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and \&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then @@ -160,21 +164,21 @@ before the call the \fBoutlen\fR parameter should contain the length of the \&\fBout\fR and the amount of data written to \fBoutlen\fR. .SH "NOTES" .IX Header "NOTES" -After the call to \fIEVP_PKEY_encrypt_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_encrypt_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The function \fIEVP_PKEY_encrypt()\fR can be called more than once on the same +The function \fBEVP_PKEY_encrypt()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_encrypt_init()\fR and \fIEVP_PKEY_encrypt()\fR return 1 for success and 0 +\&\fBEVP_PKEY_encrypt_init()\fR and \fBEVP_PKEY_encrypt()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLE" .IX Header "EXAMPLE" -Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fIPEM_read_PUBKEY\fR\|(3) or -\&\fId2i_X509\fR\|(3) for means to load a public key. You may also simply +Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fBPEM_read_PUBKEY\fR\|(3) or +\&\fBd2i_X509\fR\|(3) for means to load a public key. You may also simply set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation: .PP .Vb 3 @@ -214,14 +218,14 @@ set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementa .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3), -\&\fIengine\fR\|(3), -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBd2i_X509\fR\|(3), +\&\fBengine\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 index d39d2805809..a0cd4fb1736 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_get_default_digest 3" -.TH EVP_PKEY_get_default_digest 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_get_default_digest 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +148,7 @@ EVP_PKEY_get_default_digest_nid \- get default signature digest .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default +The \fBEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default message digest \s-1NID\s0 for the public key signature operations associated with key \&\fBpkey\fR. .SH "NOTES" @@ -152,17 +156,17 @@ message digest \s-1NID\s0 for the public key signature operations associated wit For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The \fIEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest +The \fBEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest is advisory (that is other digests can be used) and 2 if it is mandatory (other digests can not be used). It returns 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" This function was first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 index e43a1cd285c..8286a4e94ad 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_keygen 3" -.TH EVP_PKEY_keygen 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_keygen 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,40 +162,40 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_keygen_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_keygen_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a key genration operation. .PP -The \fIEVP_PKEY_keygen()\fR function performs a key generation operation, the +The \fBEVP_PKEY_keygen()\fR function performs a key generation operation, the generated key is written to \fBppkey\fR. .PP -The functions \fIEVP_PKEY_paramgen_init()\fR and \fIEVP_PKEY_paramgen()\fR are similar +The functions \fBEVP_PKEY_paramgen_init()\fR and \fBEVP_PKEY_paramgen()\fR are similar except parameters are generated. .PP -The function \fIEVP_PKEY_set_cb()\fR sets the key or parameter generation callback -to \fBcb\fR. The function \fIEVP_PKEY_CTX_get_cb()\fR returns the key or parameter +The function \fBEVP_PKEY_set_cb()\fR sets the key or parameter generation callback +to \fBcb\fR. The function \fBEVP_PKEY_CTX_get_cb()\fR returns the key or parameter generation callback. .PP -The function \fIEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated +The function \fBEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated with the generation operation. If \fBidx\fR is \-1 the total number of parameters available is returned. Any non negative value returns the value of -that parameter. \fIEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for +that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for \&\fBidx\fR should only be called within the generation callback. .PP If the callback returns 0 then the key genration operation is aborted and an error occurs. This might occur during a time consuming operation where a user clicks on a \*(L"cancel\*(R" button. .PP -The functions \fIEVP_PKEY_CTX_set_app_data()\fR and \fIEVP_PKEY_CTX_get_app_data()\fR set +The functions \fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR set and retrieve an opaque pointer. This can be used to set some application defined value which can be retrieved in the callback: for example a handle which is used to update a \*(L"progress dialog\*(R". .SH "NOTES" .IX Header "NOTES" -After the call to \fIEVP_PKEY_keygen_init()\fR or \fIEVP_PKEY_paramgen_init()\fR algorithm +After the call to \fBEVP_PKEY_keygen_init()\fR or \fBEVP_PKEY_paramgen_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The functions \fIEVP_PKEY_keygen()\fR and \fIEVP_PKEY_paramgen()\fR can be called more than +The functions \fBEVP_PKEY_keygen()\fR and \fBEVP_PKEY_paramgen()\fR can be called more than once on the same context if several operations are performed using the same parameters. .PP @@ -210,8 +214,8 @@ equivalent to what some libraries call a \*(L"key pair\*(R". A private key can b in functions which require the use of a public key or parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_keygen_init()\fR, \fIEVP_PKEY_paramgen_init()\fR, \fIEVP_PKEY_keygen()\fR and -\&\fIEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. +\&\fBEVP_PKEY_keygen_init()\fR, \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR and +\&\fBEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLES" @@ -281,13 +285,13 @@ Example of generation callback for OpenSSL public key implementations: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 index 176e843ca0f..3a4e92cde74 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_meth_new 3" -.TH EVP_PKEY_meth_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_meth_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -329,7 +333,7 @@ verifying, encrypting or decrypting, etc. There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one is a built-in static array representing the standard methods for different algorithms, and the other one is a stack of user-defined application-specific -methods, which can be manipulated by using \fIEVP_PKEY_meth_add0\fR\|(3). +methods, which can be manipulated by using \fBEVP_PKEY_meth_add0\fR\|(3). .PP The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR objects. @@ -344,19 +348,19 @@ algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. \& void (*cleanup) (EVP_PKEY_CTX *ctx); .Ve .PP -The \fIinit()\fR method is called to initialize algorithm-specific data when a new -\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fIinit()\fR, the \fIcleanup()\fR method is called -when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fIcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR -is being duplicated. Refer to \fIEVP_PKEY_CTX_new\fR\|(3), \fIEVP_PKEY_CTX_new_id\fR\|(3), -\&\fIEVP_PKEY_CTX_free\fR\|(3) and \fIEVP_PKEY_CTX_dup\fR\|(3). +The \fBinit()\fR method is called to initialize algorithm-specific data when a new +\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fBinit()\fR, the \fBcleanup()\fR method is called +when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fBcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR +is being duplicated. Refer to \fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_id\fR\|(3), +\&\fBEVP_PKEY_CTX_free\fR\|(3) and \fBEVP_PKEY_CTX_dup\fR\|(3). .PP .Vb 2 \& int (*paramgen_init) (EVP_PKEY_CTX *ctx); \& int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); .Ve .PP -The \fIparamgen_init()\fR and \fIparamgen()\fR methods deal with key parameter generation. -They are called by \fIEVP_PKEY_paramgen_init\fR\|(3) and \fIEVP_PKEY_paramgen\fR\|(3) to +The \fBparamgen_init()\fR and \fBparamgen()\fR methods deal with key parameter generation. +They are called by \fBEVP_PKEY_paramgen_init\fR\|(3) and \fBEVP_PKEY_paramgen\fR\|(3) to handle the parameter generation process. .PP .Vb 2 @@ -364,9 +368,9 @@ handle the parameter generation process. \& int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); .Ve .PP -The \fIkeygen_init()\fR and \fIkeygen()\fR methods are used to generate the actual key for -the specified algorithm. They are called by \fIEVP_PKEY_keygen_init\fR\|(3) and -\&\fIEVP_PKEY_keygen\fR\|(3). +The \fBkeygen_init()\fR and \fBkeygen()\fR methods are used to generate the actual key for +the specified algorithm. They are called by \fBEVP_PKEY_keygen_init\fR\|(3) and +\&\fBEVP_PKEY_keygen\fR\|(3). .PP .Vb 3 \& int (*sign_init) (EVP_PKEY_CTX *ctx); @@ -374,9 +378,9 @@ the specified algorithm. They are called by \fIEVP_PKEY_keygen_init\fR\|(3) and \& const unsigned char *tbs, size_t tbslen); .Ve .PP -The \fIsign_init()\fR and \fIsign()\fR methods are used to generate the signature of a -piece of data using a private key. They are called by \fIEVP_PKEY_sign_init\fR\|(3) -and \fIEVP_PKEY_sign\fR\|(3). +The \fBsign_init()\fR and \fBsign()\fR methods are used to generate the signature of a +piece of data using a private key. They are called by \fBEVP_PKEY_sign_init\fR\|(3) +and \fBEVP_PKEY_sign\fR\|(3). .PP .Vb 4 \& int (*verify_init) (EVP_PKEY_CTX *ctx); @@ -385,8 +389,8 @@ and \fIEVP_PKEY_sign\fR\|(3). \& const unsigned char *tbs, size_t tbslen); .Ve .PP -The \fIverify_init()\fR and \fIverify()\fR methods are used to verify whether a signature is -valid. They are called by \fIEVP_PKEY_verify_init\fR\|(3) and \fIEVP_PKEY_verify\fR\|(3). +The \fBverify_init()\fR and \fBverify()\fR methods are used to verify whether a signature is +valid. They are called by \fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). .PP .Vb 4 \& int (*verify_recover_init) (EVP_PKEY_CTX *ctx); @@ -395,10 +399,10 @@ valid. They are called by \fIEVP_PKEY_verify_init\fR\|(3) and \fIEVP_PKEY_verify \& const unsigned char *sig, size_t siglen); .Ve .PP -The \fIverify_recover_init()\fR and \fIverify_recover()\fR methods are used to verify a +The \fBverify_recover_init()\fR and \fBverify_recover()\fR methods are used to verify a signature and then recover the digest from the signature (for instance, a signature that was generated by \s-1RSA\s0 signing algorithm). They are called by -\&\fIEVP_PKEY_verify_recover_init\fR\|(3) and \fIEVP_PKEY_verify_recover\fR\|(3). +\&\fBEVP_PKEY_verify_recover_init\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). .PP .Vb 3 \& int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); @@ -406,9 +410,9 @@ signature that was generated by \s-1RSA\s0 signing algorithm). They are called b \& EVP_MD_CTX *mctx); .Ve .PP -The \fIsignctx_init()\fR and \fIsignctx()\fR methods are used to sign a digest present by +The \fBsignctx_init()\fR and \fBsignctx()\fR methods are used to sign a digest present by a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See -\&\fIEVP_DigestSignInit\fR\|(3) for detail. +\&\fBEVP_DigestSignInit\fR\|(3) for detail. .PP .Vb 3 \& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); @@ -416,9 +420,9 @@ a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign function \& EVP_MD_CTX *mctx); .Ve .PP -The \fIverifyctx_init()\fR and \fIverifyctx()\fR methods are used to verify a signature +The \fBverifyctx_init()\fR and \fBverifyctx()\fR methods are used to verify a signature against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various -EVP_DigestVerify functions. See \fIEVP_DigestVerifyInit\fR\|(3) for detail. +EVP_DigestVerify functions. See \fBEVP_DigestVerifyInit\fR\|(3) for detail. .PP .Vb 3 \& int (*encrypt_init) (EVP_PKEY_CTX *ctx); @@ -426,8 +430,8 @@ EVP_DigestVerify functions. See \fIEVP_DigestVerifyInit\fR\|(3) for detail. \& const unsigned char *in, size_t inlen); .Ve .PP -The \fIencrypt_init()\fR and \fIencrypt()\fR methods are used to encrypt a piece of data. -They are called by \fIEVP_PKEY_encrypt_init\fR\|(3) and \fIEVP_PKEY_encrypt\fR\|(3). +The \fBencrypt_init()\fR and \fBencrypt()\fR methods are used to encrypt a piece of data. +They are called by \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3). .PP .Vb 3 \& int (*decrypt_init) (EVP_PKEY_CTX *ctx); @@ -435,25 +439,25 @@ They are called by \fIEVP_PKEY_encrypt_init\fR\|(3) and \fIEVP_PKEY_encrypt\fR\| \& const unsigned char *in, size_t inlen); .Ve .PP -The \fIdecrypt_init()\fR and \fIdecrypt()\fR methods are used to decrypt a piece of data. -They are called by \fIEVP_PKEY_decrypt_init\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3). +The \fBdecrypt_init()\fR and \fBdecrypt()\fR methods are used to decrypt a piece of data. +They are called by \fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3). .PP .Vb 2 \& int (*derive_init) (EVP_PKEY_CTX *ctx); \& int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); .Ve .PP -The \fIderive_init()\fR and \fIderive()\fR methods are used to derive the shared secret +The \fBderive_init()\fR and \fBderive()\fR methods are used to derive the shared secret from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by -\&\fIEVP_PKEY_derive_init\fR\|(3) and \fIEVP_PKEY_derive\fR\|(3). +\&\fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3). .PP .Vb 2 \& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); \& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); .Ve .PP -The \fIctrl()\fR and \fIctrl_str()\fR methods are used to adjust algorithm-specific -settings. See \fIEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for detail. +The \fBctrl()\fR and \fBctrl_str()\fR methods are used to adjust algorithm-specific +settings. See \fBEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for detail. .PP .Vb 5 \& int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, @@ -463,12 +467,12 @@ settings. See \fIEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for detail. \& size_t tbslen); .Ve .PP -The \fIdigestsign()\fR and \fIdigestverify()\fR methods are used to generate or verify -a signature in a one-shot mode. They could be called by \fIEVP_DigetSign\fR\|(3) -and \fIEVP_DigestVerify\fR\|(3). +The \fBdigestsign()\fR and \fBdigestverify()\fR methods are used to generate or verify +a signature in a one-shot mode. They could be called by \fBEVP_DigetSign\fR\|(3) +and \fBEVP_DigestVerify\fR\|(3). .SS "Functions" .IX Subsection "Functions" -\&\fIEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, +\&\fBEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, and associates the given \fBid\fR and \fBflags\fR. The following flags are supported: .PP @@ -482,23 +486,23 @@ maximum size of the output buffer will be automatically calculated or checked in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of these methods don't need to care about handling the case of returning output buffer size by themselves. For details on the output buffer size, refer to -\&\fIEVP_PKEY_sign\fR\|(3). +\&\fBEVP_PKEY_sign\fR\|(3). .PP -The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fIsignctx()\fR method +The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fBsignctx()\fR method of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a -digest signing operation by calling \fIEVP_DigestSignFinal\fR\|(3). +digest signing operation by calling \fBEVP_DigestSignFinal\fR\|(3). .PP -\&\fIEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by +\&\fBEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by \&\fBpmeth\fR. .PP -\&\fIEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR +\&\fBEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR to \fBdst\fR. .PP -\&\fIEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. +\&\fBEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. This function first searches through the user-defined method objects and then the built-in objects. .PP -\&\fIEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. +\&\fBEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. .PP The EVP_PKEY_meth_set functions set the corresponding fields of \&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed. @@ -507,15 +511,15 @@ The EVP_PKEY_meth_get functions get the corresponding fields of \&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR +\&\fBEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR object or returns \s-1NULL\s0 on error. .PP -\&\fIEVP_PKEY_meth_free()\fR and \fIEVP_PKEY_meth_copy()\fR do not return values. +\&\fBEVP_PKEY_meth_free()\fR and \fBEVP_PKEY_meth_copy()\fR do not return values. .PP -\&\fIEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR +\&\fBEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR object or returns \s-1NULL\s0 if not found. .PP -\&\fIEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 +\&\fBEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 if an error occurred. .PP All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 index 6e99f319251..9dd8d6cbbe6 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,28 +150,28 @@ EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR +The \fBEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is used by OpenSSL to store private keys. .PP -\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. +\&\fBEVP_PKEY_free()\fR frees up the private key \fBkey\fR. .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a general private key without reference to any particular algorithm. .PP -The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a +The structure returned by \fBEVP_PKEY_new()\fR is empty. To add a private key to this empty structure the functions described in -\&\fIEVP_PKEY_set1_RSA\fR\|(3) should be used. +\&\fBEVP_PKEY_set1_RSA\fR\|(3) should be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR +\&\fBEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIEVP_PKEY_free()\fR does not return a value. +\&\fBEVP_PKEY_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_set1_RSA\fR\|(3) +\&\fBEVP_PKEY_set1_RSA\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 index 73e4b46c285..cffe606c85a 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_print_private 3" -.TH EVP_PKEY_print_private 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_print_private 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,8 +154,8 @@ EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public k .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The functions \fIEVP_PKEY_print_public()\fR, \fIEVP_PKEY_print_private()\fR and -\&\fIEVP_PKEY_print_params()\fR print out the public, private or parameter components +The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR and +\&\fBEVP_PKEY_print_params()\fR print out the public, private or parameter components of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable form. The parameter \fBindent\fR indicated how far the printout should be indented. .PP @@ -165,7 +169,7 @@ parameter. .PP If the key does not include all the components indicated by the function then only those contained in the key will be printed. For example passing a public -key to \fIEVP_PKEY_print_private()\fR will only print the public components. +key to \fBEVP_PKEY_print_private()\fR will only print the public components. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions all return 1 for success and 0 or a negative value for failure. @@ -173,8 +177,8 @@ In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_keygen\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index ccc6d2f0242..7561f7bc38f 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_set1_RSA 3" -.TH EVP_PKEY_set1_RSA 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_set1_RSA 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,19 +167,19 @@ EVP_PKEY_type \- EVP_PKEY assignment functions. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and -\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. .PP -\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and -\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or \&\fB\s-1NULL\s0\fR if the key is not of the correct type. .PP -\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR -and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR +and \fBEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR however these use the supplied \fBkey\fR internally and so \fBkey\fR will be freed when the parent \fBpkey\fR is freed. .PP -\&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value +\&\fBEVP_PKEY_type()\fR returns the type of key corresponding to the value \&\fBtype\fR. The type of a key can be obtained with EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA, EVP_PKEY_DSA, EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding @@ -186,22 +190,22 @@ In accordance with the OpenSSL naming convention the key obtained from or assigned to the \fBpkey\fR using the \fB1\fR functions must be freed as well as \fBpkey\fR. .PP -\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR -and \fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros. +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR +and \fBEVP_PKEY_assign_EC_KEY()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and -\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. .PP -\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and -\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR -and \fIEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure. +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR +and \fBEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_new\fR\|(3) +\&\fBEVP_PKEY_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 index 13b631db103..8cd24387710 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_sign 3" -.TH EVP_PKEY_sign 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_sign 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,10 +152,10 @@ EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_sign_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_sign_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a signing operation. .PP -The \fIEVP_PKEY_sign()\fR function performs a public key signing operation +The \fBEVP_PKEY_sign()\fR function performs a public key signing operation using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and \&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then @@ -160,20 +164,20 @@ before the call the \fBsiglen\fR parameter should contain the length of the \&\fBsig\fR and the amount of data written to \fBsiglen\fR. .SH "NOTES" .IX Header "NOTES" -\&\fIEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is +\&\fBEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is normally used to sign digests. For signing arbitrary messages, see the -\&\fIEVP_DigestSignInit\fR\|(3) and -\&\fIEVP_SignInit\fR\|(3) signing interfaces instead. +\&\fBEVP_DigestSignInit\fR\|(3) and +\&\fBEVP_SignInit\fR\|(3) signing interfaces instead. .PP -After the call to \fIEVP_PKEY_sign_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_sign_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the -operation (see \fIEVP_PKEY_CTX_ctrl\fR\|(3)). +operation (see \fBEVP_PKEY_CTX_ctrl\fR\|(3)). .PP -The function \fIEVP_PKEY_sign()\fR can be called more than once on the same +The function \fBEVP_PKEY_sign()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_sign_init()\fR and \fIEVP_PKEY_sign()\fR return 1 for success and 0 +\&\fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLE" @@ -221,13 +225,13 @@ Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_CTX_ctrl\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 index 18360e9c888..b0e01d5ef4d 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify 3" -.TH EVP_PKEY_verify 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_verify 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,26 +152,26 @@ EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public k .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_verify_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_verify_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a signature verification operation. .PP -The \fIEVP_PKEY_verify()\fR function performs a public key verification operation +The \fBEVP_PKEY_verify()\fR function performs a public key verification operation using \fBctx\fR. The signature is specified using the \fBsig\fR and \&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters. .SH "NOTES" .IX Header "NOTES" -After the call to \fIEVP_PKEY_verify_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_verify_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The function \fIEVP_PKEY_verify()\fR can be called more than once on the same +The function \fBEVP_PKEY_verify()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_verify_init()\fR and \fIEVP_PKEY_verify()\fR return 1 if the verification was +\&\fBEVP_PKEY_verify_init()\fR and \fBEVP_PKEY_verify()\fR return 1 if the verification was successful and 0 if it failed. Unlike other functions the return value 0 from -\&\fIEVP_PKEY_verify()\fR only indicates that the signature did not not verify +\&\fBEVP_PKEY_verify()\fR only indicates that the signature did not not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error. .PP @@ -208,12 +212,12 @@ Verify signature using PKCS#1 and \s-1SHA256\s0 digest: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 index 43fa9bf73c0..f634320c908 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify_recover 3" -.TH EVP_PKEY_verify_recover 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_PKEY_verify_recover 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,10 +152,10 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover \- recover signature using .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm +The \fBEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a verify recover operation. .PP -The \fIEVP_PKEY_verify_recover()\fR function recovers signed data +The \fBEVP_PKEY_verify_recover()\fR function recovers signed data using \fBctx\fR. The signature is specified using the \fBsig\fR and \&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then @@ -161,22 +165,22 @@ before the call the \fBroutlen\fR parameter should contain the length of the .SH "NOTES" .IX Header "NOTES" Normally an application is only interested in whether a signature verification -operation is successful in those cases the \fIEVP_verify()\fR function should be +operation is successful in those cases the \fBEVP_verify()\fR function should be used. .PP Sometimes however it is useful to obtain the data originally signed using a signing operation. Only certain public key algorithms can recover a signature in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). .PP -After the call to \fIEVP_PKEY_verify_recover_init()\fR algorithm specific control +After the call to \fBEVP_PKEY_verify_recover_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP -The function \fIEVP_PKEY_verify_recover()\fR can be called more than once on the same +The function \fBEVP_PKEY_verify_recover()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_verify_recover_init()\fR and \fIEVP_PKEY_verify_recover()\fR return 1 for success +\&\fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLE" @@ -220,12 +224,12 @@ Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_CTX_new\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index 538ed4222e7..011ad77bb94 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_SealInit 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,9 +160,9 @@ encryption. They generate a random key and \s-1IV\s0 (if required) then \&\*(L"envelope\*(R" it by using public key encryption. Data can then be encrypted using this key. .PP -\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption +\&\fBEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption with cipher \fBtype\fR using a random secret key and \s-1IV.\s0 \fBtype\fR is normally -supplied by a function such as \fIEVP_aes_256_cbc()\fR. The secret key is encrypted +supplied by a function such as \fBEVP_aes_256_cbc()\fR. The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. \fBek\fR is an array of buffers where the public key encrypted secret key will be written, each buffer @@ -174,20 +178,20 @@ example) EVP_CIPHER_iv_length(type). If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored and can be \fB\s-1NULL\s0\fR. .PP -\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties -as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as -documented on the \fIEVP_EncryptInit\fR\|(3) manual +\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR have exactly the same properties +as the \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal()\fR routines, as +documented on the \fBEVP_EncryptInit\fR\|(3) manual page. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. +\&\fBEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. .PP -\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR return 1 for success and 0 for +\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR return 1 for success and 0 for failure. .SH "NOTES" .IX Header "NOTES" Because a random secret key is generated the random number generator -must be seeded before calling \fIEVP_SealInit()\fR. +must be seeded before calling \fBEVP_SealInit()\fR. .PP The public key must be \s-1RSA\s0 because it is the only OpenSSL public key algorithm that supports key transport. @@ -198,15 +202,15 @@ but symmetric encryption is fast. So symmetric encryption is used for bulk encryption and the small random symmetric key used is transferred using public key encryption. .PP -It is possible to call \fIEVP_SealInit()\fR twice in the same way as -\&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 +It is possible to call \fBEVP_SealInit()\fR twice in the same way as +\&\fBEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 and (after setting any cipher parameters) it should be called again with \fBtype\fR set to \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIrand\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_OpenInit\fR\|(3) +\&\fBevp\fR\|(3), \fBrand\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_OpenInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_SealFinal()\fR did not return a value before OpenSSL 0.9.7. +\&\fBEVP_SealFinal()\fR did not return a value before OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 2a1244ace82..fa370e7eaf3 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_SignInit 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,34 +159,34 @@ functions The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest +\&\fBEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest \&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with -\&\fIEVP_MD_CTX_init()\fR before calling this function. +\&\fBEVP_MD_CTX_init()\fR before calling this function. .PP -\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fBEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the signature context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. .PP -\&\fIEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and +\&\fBEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and places the signature in \fBsig\fR. \fBsig\fR must be at least EVP_PKEY_size(pkey) bytes in size. \fBs\fR is an \s-1OUT\s0 paramter, and not used as an \s-1IN\s0 parameter. The number of bytes of data written (i.e. the length of the signature) will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes will be written. .PP -\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default +\&\fBEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default implementation of digest \fBtype\fR. .PP -\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual -signature returned by \fIEVP_SignFinal()\fR may be smaller. +\&\fBEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual +signature returned by \fBEVP_SignFinal()\fR may be smaller. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1 +\&\fBEVP_SignInit_ex()\fR, \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. +\&\fBEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in @@ -192,42 +196,42 @@ transparent to the algorithm used and much more flexible. Due to the link between message digests and public key algorithms the correct digest algorithm must be used with the correct public key type. A list of algorithms and associated public key algorithms appears in -\&\fIEVP_DigestInit\fR\|(3). +\&\fBEVP_DigestInit\fR\|(3). .PP When signing with \s-1DSA\s0 private keys the random number generator must be seeded or the operation will fail. The random number generator does not need to be seeded for \s-1RSA\s0 signatures. .PP -The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context. -This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called +The call to \fBEVP_SignFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR can be called later to digest and sign additional data. .PP Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak +be cleaned up after use by calling \fBEVP_MD_CTX_cleanup()\fR or a memory leak will occur. .SH "BUGS" .IX Header "BUGS" Older versions of this documentation wrongly stated that calls to -\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR. +\&\fBEVP_SignUpdate()\fR could not be made after calling \fBEVP_SignFinal()\fR. .PP -Since the private key is passed in the call to \fIEVP_SignFinal()\fR any error +Since the private key is passed in the call to \fBEVP_SignFinal()\fR any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of -data have been passed through \fIEVP_SignUpdate()\fR. +data have been passed through \fBEVP_SignUpdate()\fR. .PP It is not possible to change the signing parameters using these function. .PP The previous two bugs are fixed in the newer EVP_SignDigest*() function. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_VerifyInit\fR\|(3), -\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3), -\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3), -\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), -\&\fIsha\fR\|(3), \fIdgst\fR\|(1) +\&\fBEVP_VerifyInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), \fBerr\fR\|(3), +\&\fBevp\fR\|(3), \fBhmac\fR\|(3), \fBmd2\fR\|(3), +\&\fBmd5\fR\|(3), \fBmdc2\fR\|(3), \fBripemd\fR\|(3), +\&\fBsha\fR\|(3), \fBdgst\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_SignInit()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR are +\&\fBEVP_SignInit()\fR, \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR are available in all versions of SSLeay and OpenSSL. .PP -\&\fIEVP_SignInit_ex()\fR was added in OpenSSL 0.9.7. +\&\fBEVP_SignInit_ex()\fR was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index b067d9d5043..808c59e8e76 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EVP_VerifyInit 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,28 +156,28 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- EVP signature verification The \s-1EVP\s0 signature verification routines are a high level interface to digital signatures. .PP -\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest +\&\fBEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest \&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling -\&\fIEVP_MD_CTX_init()\fR before calling this function. +\&\fBEVP_MD_CTX_init()\fR before calling this function. .PP -\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fBEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. .PP -\&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR +\&\fBEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR and against the \fBsiglen\fR bytes at \fBsigbuf\fR. .PP -\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default +\&\fBEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default implementation of digest \fBtype\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for +\&\fBEVP_VerifyInit_ex()\fR and \fBEVP_VerifyUpdate()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some +\&\fBEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some other error occurred. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in @@ -183,39 +187,39 @@ transparent to the algorithm used and much more flexible. Due to the link between message digests and public key algorithms the correct digest algorithm must be used with the correct public key type. A list of algorithms and associated public key algorithms appears in -\&\fIEVP_DigestInit\fR\|(3). +\&\fBEVP_DigestInit\fR\|(3). .PP -The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. -This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called +The call to \fBEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called later to digest and verify additional data. .PP Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak +be cleaned up after use by calling \fBEVP_MD_CTX_cleanup()\fR or a memory leak will occur. .SH "BUGS" .IX Header "BUGS" Older versions of this documentation wrongly stated that calls to -\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR. +\&\fBEVP_VerifyUpdate()\fR could not be made after calling \fBEVP_VerifyFinal()\fR. .PP -Since the public key is passed in the call to \fIEVP_SignFinal()\fR any error +Since the public key is passed in the call to \fBEVP_SignFinal()\fR any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of -data have been passed through \fIEVP_SignUpdate()\fR. +data have been passed through \fBEVP_SignUpdate()\fR. .PP It is not possible to change the signing parameters using these function. .PP The previous two bugs are fixed in the newer EVP_VerifyDigest*() function. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), -\&\fIEVP_SignInit\fR\|(3), -\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3), -\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3), -\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), -\&\fIsha\fR\|(3), \fIdgst\fR\|(1) +\&\fBevp\fR\|(3), +\&\fBEVP_SignInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), \fBerr\fR\|(3), +\&\fBevp\fR\|(3), \fBhmac\fR\|(3), \fBmd2\fR\|(3), +\&\fBmd5\fR\|(3), \fBmdc2\fR\|(3), \fBripemd\fR\|(3), +\&\fBsha\fR\|(3), \fBdgst\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_VerifyInit()\fR, \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR are +\&\fBEVP_VerifyInit()\fR, \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR are available in all versions of SSLeay and OpenSSL. .PP -\&\fIEVP_VerifyInit_ex()\fR was added in OpenSSL 0.9.7 +\&\fBEVP_VerifyInit_ex()\fR was added in OpenSSL 0.9.7 diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 index ce6d02986c2..94f043fd15e 100644 --- a/secure/lib/libcrypto/man/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_nid2obj 3" -.TH OBJ_nid2obj 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH OBJ_nid2obj 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,23 +177,23 @@ are available as defined constants. For the functions below, application code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as constants. .PP -\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +\&\fBOBJ_nid2obj()\fR, \fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 for the object \fBo\fR, the long name or the short name respectively or NID_undef if an error occurred. .PP -\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string . \fBs\fR can be +\&\fBOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string . \fBs\fR can be a long name, a short name or the numerical respresentation of an object. .PP -\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. +\&\fBOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. If \fBno_name\fR is 0 then long names and short names will be interpreted as well as numerical forms. If \fBno_name\fR is 1 only the numerical form is acceptable. .PP -\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. +\&\fBOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. The representation is written as a null terminated string to \fBbuf\fR at most \fBbuf_len\fR bytes are written, truncating the result if necessary. The total amount of space required is returned. If \fBno_name\fR is 0 then @@ -197,17 +201,17 @@ if the object has a long or short name then that will be used, otherwise the numerical form will be used. If \fBno_name\fR is 1 then the numerical form will always be used. .PP -\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. +\&\fBOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. .PP -\&\fIOBJ_dup()\fR returns a copy of \fBo\fR. +\&\fBOBJ_dup()\fR returns a copy of \fBo\fR. .PP -\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the +\&\fBOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the numerical form of the object, \fBsn\fR the short name and \fBln\fR the long name. A new \s-1NID\s0 is returned for the created object. .PP -\&\fIOBJ_cleanup()\fR cleans up OpenSSLs internal object table: this should +\&\fBOBJ_cleanup()\fR cleans up OpenSSLs internal object table: this should be called before an application exits if any new objects were added -using \fIOBJ_create()\fR. +using \fBOBJ_create()\fR. .SH "NOTES" .IX Header "NOTES" Objects in OpenSSL can have a short name, a long name and a numerical @@ -223,7 +227,7 @@ For example the \s-1OID\s0 for commonName has the following definitions: \& #define NID_commonName 13 .Ve .PP -New objects can be added by calling \fIOBJ_create()\fR. +New objects can be added by calling \fBOBJ_create()\fR. .PP Table objects have certain advantages over other objects: for example their NIDs can be used in a C language switch statement. They are @@ -233,14 +237,14 @@ is only a single constant structure for each table object. Objects which are not in the table have the \s-1NID\s0 value NID_undef. .PP Objects do not need to be in the internal tables to be processed, -the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical +the functions \fBOBJ_txt2obj()\fR and \fBOBJ_obj2txt()\fR can process the numerical form of an \s-1OID.\s0 .PP Some objects are used to represent algorithms which do not have a corresponding \s-1ASN.1 OBJECT IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently exists for a particular algorithm). As a result they \fBcannot\fR be encoded or decoded as part of \s-1ASN.1\s0 structures. Applications can determine if there -is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fIOBJ_length()\fR is not zero. +is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fBOBJ_length()\fR is not zero. .PP These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can represent both an internal, constant, \s-1OID\s0 and a dynamically-created one. @@ -279,7 +283,7 @@ Create a new object directly: .Ve .SH "BUGS" .IX Header "BUGS" -\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the +\&\fBOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the convention of other OpenSSL functions where the buffer can be set to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should @@ -287,19 +291,19 @@ be set to a positive value. A buffer length of 80 should be more than enough to handle any \s-1OID\s0 encountered in practice. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +\&\fBOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an error occurred. It returns a pointer to an internal table and does not -allocate memory; \fIASN1_OBJECT_free()\fR will have no effect. +allocate memory; \fBASN1_OBJECT_free()\fR will have no effect. .PP -\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +\&\fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR on error. .PP -\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR and \fBOBJ_txt2nid()\fR return a \s-1NID\s0 or \fBNID_undef\fR on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3 index d91c6679ee9..1af2e898143 100644 --- a/secure/lib/libcrypto/man/OPENSSL_Applink.3 +++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_Applink 3" -.TH OPENSSL_Applink 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH OPENSSL_Applink 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 734156abe6b..151d653bcfb 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -192,11 +196,11 @@ For backward compatibility, \s-1SSLEAY_VERSION_NUMBER\s0 is also defined. release date. For example, \&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". .PP -\&\fISSLeay()\fR returns this number. The return value can be compared to the +\&\fBSSLeay()\fR returns this number. The return value can be compared to the macro to make sure that the correct version of the library has been loaded, especially when using DLLs on Windows systems. .PP -\&\fISSLeay_version()\fR returns different strings depending on \fBt\fR: +\&\fBSSLeay_version()\fR returns different strings depending on \fBt\fR: .IP "\s-1SSLEAY_VERSION\s0" 4 .IX Item "SSLEAY_VERSION" The text variant of the version number and the release date. For example, @@ -225,9 +229,9 @@ For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. The version number. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3) +\&\fBcrypto\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSLeay()\fR and \s-1SSLEAY_VERSION_NUMBER\s0 are available in all versions of SSLeay and OpenSSL. +\&\fBSSLeay()\fR and \s-1SSLEAY_VERSION_NUMBER\s0 are available in all versions of SSLeay and OpenSSL. \&\s-1OPENSSL_VERSION_NUMBER\s0 is available in all versions of OpenSSL. \&\fB\s-1SSLEAY_DIR\s0\fR was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3 index 72caf16d329..4496859bf5c 100644 --- a/secure/lib/libcrypto/man/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/OPENSSL_config.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_config 3" -.TH OPENSSL_config 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH OPENSSL_config 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,23 +150,23 @@ OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and +\&\fBOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then the default section, \fBopenssl_conf\fR, will be used. Errors are silently ignored. Multiple calls have no effect. .PP -\&\fIOPENSSL_no_config()\fR disables configuration. If called before \fIOPENSSL_config()\fR +\&\fBOPENSSL_no_config()\fR disables configuration. If called before \fBOPENSSL_config()\fR no configuration takes place. .SH "NOTES" .IX Header "NOTES" -The \fIOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and +The \fBOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and forget it\*(R" function. It is however \fBmuch\fR better than nothing. Applications which need finer control over their configuration functionality should use the configuration -functions such as \fICONF_modules_load()\fR directly. This function is deprecated +functions such as \fBCONF_modules_load()\fR directly. This function is deprecated and its use should be avoided. -Applications should instead call \fICONF_modules_load()\fR during +Applications should instead call \fBCONF_modules_load()\fR during initialization (that is before starting any threads). .PP There are several reasons why calling the OpenSSL configuration routines is @@ -172,19 +176,19 @@ used (among other things) to load dynamic ENGINEs from shared libraries (DSOs). However very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an -application calls \fIOPENSSL_config()\fR it doesn't need to know or care about +application calls \fBOPENSSL_config()\fR it doesn't need to know or care about \&\s-1ENGINE\s0 control operations because they can be performed by editing a configuration file. .PP Applications should free up configuration at application closedown by calling -\&\fICONF_modules_free()\fR. +\&\fBCONF_modules_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -Neither \fIOPENSSL_config()\fR nor \fIOPENSSL_no_config()\fR return a value. +Neither \fBOPENSSL_config()\fR nor \fBOPENSSL_no_config()\fR return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIconf\fR\|(5), \fICONF_load_modules_file\fR\|(3), -\&\fICONF_modules_free\fR\|(3) +\&\fBconf\fR\|(5), \fBCONF_load_modules_file\fR\|(3), +\&\fBCONF_modules_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIOPENSSL_config()\fR and \fIOPENSSL_no_config()\fR first appeared in OpenSSL 0.9.7 +\&\fBOPENSSL_config()\fR and \fBOPENSSL_no_config()\fR first appeared in OpenSSL 0.9.7 diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 index d71c7dad9f8..b812320d540 100644 --- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 +++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ia32cap 3" -.TH OPENSSL_ia32cap 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH OPENSSL_ia32cap 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +148,7 @@ OPENSSL_ia32cap, OPENSSL_ia32cap_loc \- the IA\-32 processor capabilities vector .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -Value returned by \fIOPENSSL_ia32cap_loc()\fR is address of a variable +Value returned by \fBOPENSSL_ia32cap_loc()\fR is address of a variable containing \s-1IA\-32\s0 processor capabilities bit vector as it appears in \&\s-1EDX:ECX\s0 register pair after executing \s-1CPUID\s0 instruction with EAX=1 input value (see Intel Application Note #241618). Naturally it's diff --git a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 index 06372133a56..d47fb39a330 100644 --- a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 +++ b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_instrument_bus 3" -.TH OPENSSL_instrument_bus 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH OPENSSL_instrument_bus 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 index a95ba07a3e8..598e240adfa 100644 --- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_load_builtin_modules 3" -.TH OPENSSL_load_builtin_modules 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH OPENSSL_load_builtin_modules 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,23 +151,23 @@ OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fIOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL +The function \fBOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL configuration modules to the internal list. They can then be used by the OpenSSL configuration code. .PP -\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. +\&\fBASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. .PP -\&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. +\&\fBENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. .SH "NOTES" .IX Header "NOTES" -If the simple configuration function \fIOPENSSL_config()\fR is called then -\&\fIOPENSSL_load_builtin_modules()\fR is called automatically. +If the simple configuration function \fBOPENSSL_config()\fR is called then +\&\fBOPENSSL_load_builtin_modules()\fR is called automatically. .PP Applications which use the configuration functions directly will need to -call \fIOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other +call \fBOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other configuration code. .PP -Applications should call \fIOPENSSL_load_builtin_modules()\fR to load all +Applications should call \fBOPENSSL_load_builtin_modules()\fR to load all configuration modules instead of adding modules selectively: otherwise functionality may be missing from the application if an when new modules are added. @@ -172,7 +176,7 @@ modules are added. None of the functions return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIconf\fR\|(3), \fIOPENSSL_config\fR\|(3) +\&\fBconf\fR\|(3), \fBOPENSSL_config\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions first appeared in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index e313cf6c819..fb78e9d8ec0 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,27 +155,27 @@ add algorithms to internal table .SH "DESCRIPTION" .IX Header "DESCRIPTION" OpenSSL keeps an internal table of digest algorithms and ciphers. It uses -this table to lookup ciphers via functions such as \fIEVP_get_cipher_byname()\fR. +this table to lookup ciphers via functions such as \fBEVP_get_cipher_byname()\fR. .PP -\&\fIOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. +\&\fBOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. .PP -\&\fIOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and +\&\fBOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and ciphers). .PP -\&\fIOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including +\&\fBOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including password based encryption algorithms. .PP -\&\fIEVP_cleanup()\fR removes all ciphers and digests from the table. +\&\fBEVP_cleanup()\fR removes all ciphers and digests from the table. .SH "RETURN VALUES" .IX Header "RETURN VALUES" None of the functions return a value. .SH "NOTES" .IX Header "NOTES" -A typical application will call \fIOpenSSL_add_all_algorithms()\fR initially and -\&\fIEVP_cleanup()\fR before exiting. +A typical application will call \fBOpenSSL_add_all_algorithms()\fR initially and +\&\fBEVP_cleanup()\fR before exiting. .PP An application does not need to add algorithms to use them explicitly, for example -by \fIEVP_sha1()\fR. It just needs to add them if it (or any of the functions it calls) +by \fBEVP_sha1()\fR. It just needs to add them if it (or any of the functions it calls) needs to lookup algorithms. .PP The cipher and digest lookup functions are used in many parts of the library. If @@ -179,7 +183,7 @@ the table is not initialized several functions will misbehave and complain they cannot find algorithms. This includes the \s-1PEM,\s0 PKCS#12, \s-1SSL\s0 and S/MIME libraries. This is a common query in the OpenSSL mailing lists. .PP -Calling \fIOpenSSL_add_all_algorithms()\fR links in all algorithms: as a result a +Calling \fBOpenSSL_add_all_algorithms()\fR links in all algorithms: as a result a statically linked executable can be quite large. If this is important it is possible to just add the required ciphers and digests. .SH "BUGS" @@ -189,5 +193,5 @@ This will only happen as a result of a memory allocation failure so this is not too much of a problem in practice. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIEVP_DigestInit\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3) +\&\fBevp\fR\|(3), \fBEVP_DigestInit\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3) diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 index a2d0b7bcfe1..2e52fba9ad0 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_CMS_stream 3" -.TH PEM_write_bio_CMS_stream 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PEM_write_bio_CMS_stream 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,23 +152,23 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. +\&\fBPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. .PP -It is otherwise identical to the function \fISMIME_write_CMS()\fR. +It is otherwise identical to the function \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" -This function is effectively a version of the \fIPEM_write_bio_CMS()\fR supporting +This function is effectively a version of the \fBPEM_write_bio_CMS()\fR supporting streaming. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. +\&\fBPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) -\&\fICMS_decrypt\fR\|(3), -\&\fISMIME_write_CMS\fR\|(3), -\&\fIi2d_CMS_bio_stream\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBi2d_CMS_bio_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPEM_write_bio_CMS_stream()\fR was added to OpenSSL 1.0.0 +\&\fBPEM_write_bio_CMS_stream()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 index c1113d26a98..4fe0a488a32 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_PKCS7_stream 3" -.TH PEM_write_bio_PKCS7_stream 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PEM_write_bio_PKCS7_stream 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,23 +150,23 @@ PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. +\&\fBPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. .PP -It is otherwise identical to the function \fISMIME_write_PKCS7()\fR. +It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. .SH "NOTES" .IX Header "NOTES" -This function is effectively a version of the \fIPEM_write_bio_PKCS7()\fR supporting +This function is effectively a version of the \fBPEM_write_bio_PKCS7()\fR supporting streaming. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. +\&\fBPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3), -\&\fISMIME_write_PKCS7\fR\|(3), -\&\fIi2d_PKCS7_bio_stream\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3), +\&\fBi2d_PKCS7_bio_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPEM_write_bio_PKCS7_stream()\fR was added to OpenSSL 1.0.0 +\&\fBPEM_write_bio_PKCS7_stream()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 index f6834b1a963..ee6d58fbf99 100644 --- a/secure/lib/libcrypto/man/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_create 3" -.TH PKCS12_create 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKCS12_create 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ PKCS12_create \- create a PKCS#12 structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS12_create()\fR creates a PKCS#12 structure. +\&\fBPKCS12_create()\fR creates a PKCS#12 structure. .PP \&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for the supplied certifictate and key. \fBpkey\fR is the private key to include in @@ -179,7 +183,7 @@ had restrictions on the permissible sizes of keys which could be used for encryption. .SH "NEW FUNCTIONALITY IN OPENSSL 0.9.8" .IX Header "NEW FUNCTIONALITY IN OPENSSL 0.9.8" -Some additional functionality was added to \fIPKCS12_create()\fR in OpenSSL +Some additional functionality was added to \fBPKCS12_create()\fR in OpenSSL 0.9.8. These extensions are detailed below. .PP If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be @@ -196,7 +200,7 @@ should be used. \&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_PKCS12\fR\|(3) +\&\fBd2i_PKCS12\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" PKCS12_create was added in OpenSSL 0.9.3 diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 index 87fa4835c0c..677b666949b 100644 --- a/secure/lib/libcrypto/man/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_parse 3" -.TH PKCS12_parse 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKCS12_parse 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,12 +144,13 @@ PKCS12_parse \- parse a PKCS#12 structure .IX Header "SYNOPSIS" .Vb 1 \& #include +\& +\& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +\& STACK_OF(X509) **ca); .Ve -.PP -int PKCS12_parse(\s-1PKCS12\s0 *p12, const char *pass, \s-1EVP_PKEY\s0 **pkey, X509 **cert, \s-1STACK_OF\s0(X509) **ca); .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +\&\fBPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. .PP \&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. If successful the private key will be written to \fB*pkey\fR, the corresponding @@ -162,9 +167,9 @@ certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the \&\fBX509\fR structure. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS12_parse()\fR returns 1 for success and zero if an error occurred. +\&\fBPKCS12_parse()\fR returns 1 for success and zero if an error occurred. .PP -The error can be obtained from \fIERR_get_error\fR\|(3) +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" Only a single private key and corresponding certificate is returned by this @@ -177,7 +182,7 @@ certificates. Other attributes are discarded. Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_PKCS12\fR\|(3) +\&\fBd2i_PKCS12\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" PKCS12_parse was added in OpenSSL 0.9.3 diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 index cee71bd66e6..b80cc34f722 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKCS7_decrypt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,13 +149,13 @@ PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +\&\fBPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this +\&\fBOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this function or errors about unknown algorithms will occur. .PP Although the recipients certificate is not needed to decrypt the data it is needed @@ -164,18 +168,18 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. -The error can be obtained from \fIERR_get_error\fR\|(3) +\&\fBPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" -\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would +\&\fBPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would be better if it could look up the correct key and certificate from a database. .PP The lack of single pass processing and need to hold all data in memory as -mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 +\&\fBPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 index 77af6d0c3d8..37ebd495599 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKCS7_encrypt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ PKCS7_encrypt \- create a PKCS#7 envelopedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +\&\fBPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR is a list of recipient certificates. \fBin\fR is the content to be encrypted. \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. .SH "NOTES" @@ -154,11 +158,11 @@ Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to be signed using the \s-1RSA\s0 algorithm. .PP -\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because most clients will support it. .PP Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 -bit \s-1RC2.\s0 These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR +bit \s-1RC2.\s0 These can be used by passing \fBEVP_rc2_40_cbc()\fR and \fBEVP_rc2_64_cbc()\fR respectively. .PP The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of @@ -167,7 +171,7 @@ its parameters. Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to -\&\fIPKCS7_encrypt()\fR. +\&\fBPKCS7_encrypt()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP @@ -189,18 +193,18 @@ complete and outputting its contents via a function that does not properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. .PP -Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR, -\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, +\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fIBIO_new_PKCS7()\fR. +\&\fBBIO_new_PKCS7()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. -The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 +\&\fBPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 The \fB\s-1PKCS7_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 index 30c7d12341a..e8ccf6cf0db 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign 3" -.TH PKCS7_sign 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKCS7_sign 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ PKCS7_sign \- create a PKCS#7 signedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is +\&\fBPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponsding private key. \&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain). @@ -202,17 +206,17 @@ If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR str complete and outputting its contents via a function that does not properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. .PP -Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR, -\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, +\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fIBIO_new_PKCS7()\fR. +\&\fBBIO_new_PKCS7()\fR. .PP If a signer is specified it will use the default digest for the signing algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. .PP In OpenSSL 1.0.0 the \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added -using the function \fB\f(BIPKCS7_sign_add_signer()\fB\fR. \fB\f(BIPKCS7_final()\fB\fR must also be +using the function \fB\fBPKCS7_sign_add_signer()\fB\fR. \fB\fBPKCS7_final()\fB\fR must also be called to finalize the structure if streaming is not enabled. Alternative signing digests can also be specified using this method. .PP @@ -226,14 +230,14 @@ In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters Some advanced attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_verify\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5 +\&\fBPKCS7_sign()\fR was added to OpenSSL 0.9.5 .PP The \fB\s-1PKCS7_PARTIAL\s0\fR flag was added in OpenSSL 1.0.0 .PP diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 index 9b472446ed8..6addbeefe51 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign_add_signer 3" -.TH PKCS7_sign_add_signer 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKCS7_sign_add_signer 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,11 +149,11 @@ PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private +\&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure \&\fBp7\fR. .PP -The \s-1PKCS7\s0 structure should be obtained from an initial call to \fIPKCS7_sign()\fR +The \s-1PKCS7\s0 structure should be obtained from an initial call to \fBPKCS7_sign()\fR with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0 signed data structure. .PP @@ -158,11 +162,11 @@ key algorithm will be used. .PP Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure is not complete and must be finalized either by streaming (if applicable) or -a call to \fIPKCS7_final()\fR. +a call to \fBPKCS7_final()\fR. .SH "NOTES" .IX Header "NOTES" The main purpose of this function is to provide finer control over a PKCS#7 -signed data structure where the simpler \fIPKCS7_sign()\fR function defaults are +signed data structure where the simpler \fBPKCS7_sign()\fR function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. .PP @@ -176,7 +180,7 @@ returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is se .PP If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the \&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes -can be added. In this case an explicit call to \fIPKCS7_SIGNER_INFO_sign()\fR is +can be added. In this case an explicit call to \fBPKCS7_SIGNER_INFO_sign()\fR is needed to finalize it. .PP If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the @@ -195,17 +199,17 @@ If present the SMIMECapabilities attribute indicates support for the following algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of these algorithms is disabled then it will not be included. .PP -\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 structure just added, this can be used to set additional attributes before it is finalized. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_final\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_final\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\fIPPKCS7_sign_add_signer()\fR was added to OpenSSL 1.0.0 +\&\fBPPKCS7_sign_add_signer()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 index 3547a5aa797..45e8d8fa3ca 100644 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_verify 3" -.TH PKCS7_verify 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKCS7_verify 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +\&\fBPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 structure to verify. \fBcerts\fR is a set of certificates in which to search for the signer's certificate. \fBstore\fR is a trusted certficate store (used for chain verification). \fBindata\fR is the signed data if the content is not @@ -157,9 +161,9 @@ if it is not \s-1NULL.\s0 \&\fBflags\fR is an optional set of flags, which can be used to modify the verify operation. .PP -\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does +\&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does \&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR -and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR. +and \fBflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR. .SH "VERIFY PROCESS" .IX Header "VERIFY PROCESS" Normally the verify process proceeds as follows. @@ -184,7 +188,7 @@ If all signature's verify correctly then the function is successful. .PP Any of the following flags (ored together) can be passed in the \fBflags\fR parameter to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is -meaningful to \fIPKCS7_get0_signers()\fR. +meaningful to \fBPKCS7_get0_signers()\fR. .PP If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not searched when locating the signer's certificate. This means that all the signers @@ -221,12 +225,12 @@ signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_verify()\fR returns one for a successful verification and zero +\&\fBPKCS7_verify()\fR returns one for a successful verification and zero if an error occurs. .PP -\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +\&\fBPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. .PP -The error can be obtained from \fIERR_get_error\fR\|(3) +The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The trusted certificate store is not searched for the signers certificate, @@ -234,10 +238,10 @@ this is primarily due to the inadequacies of the current \fBX509_STORE\fR functionality. .PP The lack of single pass processing and need to hold all data in memory as -mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPKCS7_verify()\fR was added to OpenSSL 0.9.5 +\&\fBPKCS7_verify()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index 7b4ac4e33db..137bc8b9088 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RAND_add 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +157,7 @@ entropy to the PRNG .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the \s-1PRNG\s0 state. Thus, +\&\fBRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the \s-1PRNG\s0 state. Thus, if the data at \fBbuf\fR are unpredictable to an adversary, this increases the uncertainty about the state and makes the \s-1PRNG\s0 output less predictable. Suitable input comes from user interaction (random @@ -163,43 +167,43 @@ randomness is contained in \fBbuf\fR, measured in bytes. Details about sources of randomness and how to estimate their entropy can be found in the literature, e.g. \s-1RFC 1750.\s0 .PP -\&\fIRAND_add()\fR may be called with sensitive data such as user entered +\&\fBRAND_add()\fR may be called with sensitive data such as user entered passwords. The seed values cannot be recovered from the \s-1PRNG\s0 output. .PP OpenSSL makes sure that the \s-1PRNG\s0 state is unique for each thread. On systems that provide \f(CW\*(C`/dev/urandom\*(C'\fR, the randomness device is used to seed the \s-1PRNG\s0 transparently. However, on all other systems, the -application is responsible for seeding the \s-1PRNG\s0 by calling \fIRAND_add()\fR, -\&\fIRAND_egd\fR\|(3) -or \fIRAND_load_file\fR\|(3). +application is responsible for seeding the \s-1PRNG\s0 by calling \fBRAND_add()\fR, +\&\fBRAND_egd\fR\|(3) +or \fBRAND_load_file\fR\|(3). .PP -\&\fIRAND_seed()\fR is equivalent to \fIRAND_add()\fR when \fBnum == entropy\fR. +\&\fBRAND_seed()\fR is equivalent to \fBRAND_add()\fR when \fBnum == entropy\fR. .PP -\&\fIRAND_event()\fR collects the entropy from Windows events such as mouse +\&\fBRAND_event()\fR collects the entropy from Windows events such as mouse movements and other user interaction. It should be called with the \&\fBiMsg\fR, \fBwParam\fR and \fBlParam\fR arguments of \fIall\fR messages sent to the window procedure. It will estimate the entropy contained in the event message (if any), and add it to the \s-1PRNG.\s0 The program can then process the messages as usual. .PP -The \fIRAND_screen()\fR function is available for the convenience of Windows +The \fBRAND_screen()\fR function is available for the convenience of Windows programmers. It adds the current contents of the screen to the \s-1PRNG.\s0 For applications that can catch Windows events, seeding the \s-1PRNG\s0 by -calling \fIRAND_event()\fR is a significantly better source of +calling \fBRAND_event()\fR is a significantly better source of randomness. It should be noted that both methods cannot be used on servers that run without user interaction. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_status()\fR and \fIRAND_event()\fR return 1 if the \s-1PRNG\s0 has been seeded +\&\fBRAND_status()\fR and \fBRAND_event()\fR return 1 if the \s-1PRNG\s0 has been seeded with enough data, 0 otherwise. .PP The other functions do not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrand\fR\|(3), \fIRAND_egd\fR\|(3), -\&\fIRAND_load_file\fR\|(3), \fIRAND_cleanup\fR\|(3) +\&\fBrand\fR\|(3), \fBRAND_egd\fR\|(3), +\&\fBRAND_load_file\fR\|(3), \fBRAND_cleanup\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRAND_seed()\fR and \fIRAND_screen()\fR are available in all versions of SSLeay -and OpenSSL. \fIRAND_add()\fR and \fIRAND_status()\fR have been added in OpenSSL -0.9.5, \fIRAND_event()\fR in OpenSSL 0.9.5a. +\&\fBRAND_seed()\fR and \fBRAND_screen()\fR are available in all versions of SSLeay +and OpenSSL. \fBRAND_add()\fR and \fBRAND_status()\fR have been added in OpenSSL +0.9.5, \fBRAND_event()\fR in OpenSSL 0.9.5a. diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index af0a1fe6c99..1acd2a9c556 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RAND_bytes 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,12 +151,12 @@ RAND_bytes, RAND_pseudo_bytes \- generate random data .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes +\&\fBRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes into \fBbuf\fR. An error occurs if the \s-1PRNG\s0 has not been seeded with enough randomness to ensure an unpredictable byte sequence. .PP -\&\fIRAND_pseudo_bytes()\fR puts \fBnum\fR pseudo-random bytes into \fBbuf\fR. -Pseudo-random byte sequences generated by \fIRAND_pseudo_bytes()\fR will be +\&\fBRAND_pseudo_bytes()\fR puts \fBnum\fR pseudo-random bytes into \fBbuf\fR. +Pseudo-random byte sequences generated by \fBRAND_pseudo_bytes()\fR will be unique if they are of sufficient length, but are not necessarily unpredictable. They can be used for non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key @@ -162,17 +166,17 @@ The contents of \fBbuf\fR is mixed into the entropy pool before retrieving the new pseudo-random bytes unless disabled at compile time (see \s-1FAQ\s0). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_bytes()\fR returns 1 on success, 0 otherwise. The error code can be -obtained by \fIERR_get_error\fR\|(3). \fIRAND_pseudo_bytes()\fR returns 1 if the +\&\fBRAND_bytes()\fR returns 1 on success, 0 otherwise. The error code can be +obtained by \fBERR_get_error\fR\|(3). \fBRAND_pseudo_bytes()\fR returns 1 if the bytes generated are cryptographically strong, 0 otherwise. Both functions return \-1 if they are not supported by the current \s-1RAND\s0 method. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrand\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIRAND_add\fR\|(3) +\&\fBrand\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBRAND_add\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL. It -has a return value since OpenSSL 0.9.5. \fIRAND_pseudo_bytes()\fR was added +\&\fBRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL. It +has a return value since OpenSSL 0.9.5. \fBRAND_pseudo_bytes()\fR was added in OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index 26edce8eb38..8186781ea65 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RAND_cleanup 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,13 +149,13 @@ RAND_cleanup \- erase the PRNG state .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG.\s0 +\&\fBRAND_cleanup()\fR erases the memory used by the \s-1PRNG.\s0 .SH "RETURN VALUE" .IX Header "RETURN VALUE" -\&\fIRAND_cleanup()\fR returns no value. +\&\fBRAND_cleanup()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrand\fR\|(3) +\&\fBrand\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRAND_cleanup()\fR is available in all versions of SSLeay and OpenSSL. +\&\fBRAND_cleanup()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index 44654b8776e..7db1f24cf73 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RAND_egd 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,24 +152,24 @@ RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes \- query entropy gathering daemon .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. -It queries 255 bytes and uses \fIRAND_add\fR\|(3) to seed the +\&\fBRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. +It queries 255 bytes and uses \fBRAND_add\fR\|(3) to seed the OpenSSL built-in \s-1PRNG.\s0 RAND_egd(path) is a wrapper for RAND_egd_bytes(path, 255); .PP -\&\fIRAND_egd_bytes()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. -It queries \fBbytes\fR bytes and uses \fIRAND_add\fR\|(3) to seed the +\&\fBRAND_egd_bytes()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. +It queries \fBbytes\fR bytes and uses \fBRAND_add\fR\|(3) to seed the OpenSSL built-in \s-1PRNG.\s0 -This function is more flexible than \fIRAND_egd()\fR. +This function is more flexible than \fBRAND_egd()\fR. When only one secret key must be generated, it is not necessary to request the full amount 255 bytes from the \s-1EGD\s0 socket. This can be advantageous, since the amount of entropy that can be retrieved from \s-1EGD\s0 over time is limited. .PP -\&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket +\&\fBRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket \&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into \&\fBbuf\fR. If \fBbuf\fR is \s-1NULL,\s0 \fBbytes\fR bytes are queried and used to seed the -OpenSSL built-in \s-1PRNG\s0 using \fIRAND_add\fR\|(3). +OpenSSL built-in \s-1PRNG\s0 using \fBRAND_add\fR\|(3). .SH "NOTES" .IX Header "NOTES" On systems without /dev/*random devices providing entropy from the kernel, @@ -176,8 +180,8 @@ a socket interface through which entropy can be gathered in chunks up to \&\s-1EGD\s0 is available from http://www.lothar.com/tech/crypto/ (\f(CW\*(C`perl Makefile.PL; make; make install\*(C'\fR to install). It is run as \fBegd\fR \&\fIpath\fR, where \fIpath\fR is an absolute path designating a socket. When -\&\fIRAND_egd()\fR is called with that path as an argument, it tries to read -random bytes that \s-1EGD\s0 has collected. \fIRAND_egd()\fR retrieves entropy from the +\&\fBRAND_egd()\fR is called with that path as an argument, it tries to read +random bytes that \s-1EGD\s0 has collected. \fBRAND_egd()\fR retrieves entropy from the daemon using the daemon's \*(L"non-blocking read\*(R" command which shall be answered immediately by the daemon without waiting for additional entropy to be collected. The write and read socket operations in the @@ -189,27 +193,27 @@ http://prngd.sourceforge.net/ . \&\s-1PRNGD\s0 does employ an internal \s-1PRNG\s0 itself and can therefore never run out of entropy. .PP -OpenSSL automatically queries \s-1EGD\s0 when entropy is requested via \fIRAND_bytes()\fR -or the status is checked via \fIRAND_status()\fR for the first time, if the socket +OpenSSL automatically queries \s-1EGD\s0 when entropy is requested via \fBRAND_bytes()\fR +or the status is checked via \fBRAND_status()\fR for the first time, if the socket is located at /var/run/egd\-pool, /dev/egd\-pool or /etc/egd\-pool. .SH "RETURN VALUE" .IX Header "RETURN VALUE" -\&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the +\&\fBRAND_egd()\fR and \fBRAND_egd_bytes()\fR return the number of bytes read from the daemon on success, and \-1 if the connection failed or the daemon did not return enough data to fully seed the \s-1PRNG.\s0 .PP -\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on +\&\fBRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on success, and \-1 if the connection failed. The \s-1PRNG\s0 state is not considered. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrand\fR\|(3), \fIRAND_add\fR\|(3), -\&\fIRAND_cleanup\fR\|(3) +\&\fBrand\fR\|(3), \fBRAND_add\fR\|(3), +\&\fBRAND_cleanup\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRAND_egd()\fR is available since OpenSSL 0.9.5. +\&\fBRAND_egd()\fR is available since OpenSSL 0.9.5. .PP -\&\fIRAND_egd_bytes()\fR is available since OpenSSL 0.9.6. +\&\fBRAND_egd_bytes()\fR is available since OpenSSL 0.9.6. .PP -\&\fIRAND_query_egd_bytes()\fR is available since OpenSSL 0.9.7. +\&\fBRAND_query_egd_bytes()\fR is available since OpenSSL 0.9.7. .PP The automatic query of /var/run/egd\-pool et al was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index f1d0794cc11..47ece57fe26 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RAND_load_file 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,33 +153,33 @@ RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_file_name()\fR generates a default path for the random seed +\&\fBRAND_file_name()\fR generates a default path for the random seed file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the filename. The seed file is \f(CW$RANDFILE\fR if that environment variable is set, \f(CW$HOME\fR/.rnd otherwise. If \f(CW$HOME\fR is not set either, or \fBnum\fR is too small for the path name, an error occurs. .PP -\&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and +\&\fBRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative, up to to \fBmax_bytes\fR are read; starting with OpenSSL 0.9.5, if \fBmax_bytes\fR is \-1, the complete file is read. .PP -\&\fIRAND_write_file()\fR writes a number of random bytes (currently 1024) to +\&\fBRAND_write_file()\fR writes a number of random bytes (currently 1024) to file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling -\&\fIRAND_load_file()\fR in a later session. +\&\fBRAND_load_file()\fR in a later session. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_load_file()\fR returns the number of bytes read. +\&\fBRAND_load_file()\fR returns the number of bytes read. .PP -\&\fIRAND_write_file()\fR returns the number of bytes written, and \-1 if the +\&\fBRAND_write_file()\fR returns the number of bytes written, and \-1 if the bytes written were generated without appropriate seed. .PP -\&\fIRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on +\&\fBRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrand\fR\|(3), \fIRAND_add\fR\|(3), \fIRAND_cleanup\fR\|(3) +\&\fBrand\fR\|(3), \fBRAND_add\fR\|(3), \fBRAND_cleanup\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRAND_load_file()\fR, \fIRAND_write_file()\fR and \fIRAND_file_name()\fR are available in +\&\fBRAND_load_file()\fR, \fBRAND_write_file()\fR and \fBRAND_file_name()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index 5257366bada..afcf70bb6ed 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RAND_set_rand_method 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,13 +160,13 @@ information about how these \s-1RAND API\s0 functions are affected by the use of \&\fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1RAND_METHOD\s0 is the OpenSSL internal implementation, as -returned by \fIRAND_SSLeay()\fR. +returned by \fBRAND_SSLeay()\fR. .PP -\&\fIRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is +\&\fBRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND,\s0 so this function is no longer recommended. .PP -\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD.\s0 +\&\fBRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD.\s0 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .SH "THE RAND_METHOD STRUCTURE" @@ -179,33 +183,33 @@ API\s0 is being used, so this function is no longer recommended. \& } RAND_METHOD; .Ve .PP -The components point to the implementation of \fIRAND_seed()\fR, -\&\fIRAND_bytes()\fR, \fIRAND_cleanup()\fR, \fIRAND_add()\fR, \fIRAND_pseudo_rand()\fR -and \fIRAND_status()\fR. +The components point to the implementation of \fBRAND_seed()\fR, +\&\fBRAND_bytes()\fR, \fBRAND_cleanup()\fR, \fBRAND_add()\fR, \fBRAND_pseudo_rand()\fR +and \fBRAND_status()\fR. Each component may be \s-1NULL\s0 if the function is not implemented. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRAND_set_rand_method()\fR returns no value. \fIRAND_get_rand_method()\fR and -\&\fIRAND_SSLeay()\fR return pointers to the respective methods. +\&\fBRAND_set_rand_method()\fR returns no value. \fBRAND_get_rand_method()\fR and +\&\fBRAND_SSLeay()\fR return pointers to the respective methods. .SH "NOTES" .IX Header "NOTES" As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE API\s0 function, that will override any \s-1RAND\s0 defaults set using the \s-1RAND API\s0 (ie. -\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way +\&\fBRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way to control default implementations for use in \s-1RAND\s0 and other cryptographic algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrand\fR\|(3), \fIengine\fR\|(3) +\&\fBrand\fR\|(3), \fBengine\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRAND_set_rand_method()\fR, \fIRAND_get_rand_method()\fR and \fIRAND_SSLeay()\fR are +\&\fBRAND_set_rand_method()\fR, \fBRAND_get_rand_method()\fR and \fBRAND_SSLeay()\fR are available in all versions of OpenSSL. .PP -In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to +In the engine version of version 0.9.6, \fBRAND_set_rand_method()\fR was altered to take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been reverted as the \s-1ENGINE API\s0 transparently overrides \s-1RAND\s0 defaults if used, -otherwise \s-1RAND API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also +otherwise \s-1RAND API\s0 functions work as before. \fBRAND_set_rand_engine()\fR was also introduced in version 0.9.7. diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index 547fac77f85..e189bdff674 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_blinding_on 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,21 +155,21 @@ RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attac measure the time of \s-1RSA\s0 decryption or signature operations, blinding must be used to protect the \s-1RSA\s0 operation from that attack. .PP -\&\fIRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a +\&\fBRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and initialized \fB\s-1BN_CTX\s0\fR. The random number generator must be seeded -prior to calling \fIRSA_blinding_on()\fR. +prior to calling \fBRSA_blinding_on()\fR. .PP -\&\fIRSA_blinding_off()\fR turns blinding off and frees the memory used for +\&\fBRSA_blinding_off()\fR turns blinding off and frees the memory used for the blinding factor. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. +\&\fBRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. .PP -\&\fIRSA_blinding_off()\fR returns no value. +\&\fBRSA_blinding_off()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrsa\fR\|(3), \fIrand\fR\|(3) +\&\fBrsa\fR\|(3), \fBrand\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_blinding_on()\fR and \fIRSA_blinding_off()\fR appeared in SSLeay 0.9.0. +\&\fBRSA_blinding_on()\fR and \fBRSA_blinding_off()\fR appeared in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index 556101c9cd2..7d94ee3f896 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_check_key 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,11 +160,11 @@ even if it is otherwise fit for regular \s-1RSA\s0 operation. See \fB\s-1NOTES\s information. .SH "RETURN VALUE" .IX Header "RETURN VALUE" -\&\fIRSA_check_key()\fR returns 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. +\&\fBRSA_check_key()\fR returns 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. \&\-1 is returned if an error occurs while checking the key. .PP If the key is invalid or an error occurred, the reason code can be -obtained using \fIERR_get_error\fR\|(3). +obtained using \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" This function does not work on \s-1RSA\s0 public keys that have only the modulus @@ -179,15 +183,15 @@ is complete and untouched, but this can't be assumed in the general case. .SH "BUGS" .IX Header "BUGS" A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need -to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +to be considered. Right now \fBRSA_check_key()\fR simply uses the \s-1RSA\s0 structure elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and completely violating encapsulation and object-orientation in the process). -The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the +The best fix will probably be to introduce a \*(L"\fBcheck_key()\fR\*(R" handler to the \&\s-1RSA_METHOD\s0 function table so that alternative implementations can also provide their own verifiers. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrsa\fR\|(3), \fIERR_get_error\fR\|(3) +\&\fBrsa\fR\|(3), \fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4. +\&\fBRSA_check_key()\fR appeared in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index 28034361d92..a6f761a9db4 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_generate_key 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,9 +156,9 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_generate_key_ex()\fR generates a key pair and stores it in the \fB\s-1RSA\s0\fR +\&\fBRSA_generate_key_ex()\fR generates a key pair and stores it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must -be seeded prior to calling \fIRSA_generate_key_ex()\fR. +be seeded prior to calling \fBRSA_generate_key_ex()\fR. .PP The modulus size will be of length \fBbits\fR, and the public exponent will be \&\fBe\fR. Key sizes with \fBnum\fR < 1024 should be considered insecure. @@ -162,11 +166,11 @@ The exponent is an odd number, typically 3, 17 or 65537. .PP A callback function may be used to provide feedback about the progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it -will be called as follows using the \fIBN_GENCB_call()\fR function -described on the \fIBN_generate_prime\fR\|(3) page. +will be called as follows using the \fBBN_GENCB_call()\fR function +described on the \fBBN_generate_prime\fR\|(3) page. .IP "\(bu" 4 While a random prime number is generated, it is called as -described in \fIBN_generate_prime\fR\|(3). +described in \fBBN_generate_prime\fR\|(3). .IP "\(bu" 4 When the n\-th randomly generated prime is rejected as not suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. @@ -179,21 +183,21 @@ The process is then repeated for prime q with \fBBN_GENCB_call(cb, 3, 1)\fR. RSA_generate_key is deprecated (new applications should use RSA_generate_key_ex instead). RSA_generate_key works in the same way as RSA_generate_key_ex except it uses \*(L"old style\*(R" call backs. See -\&\fIBN_generate_prime\fR\|(3) for further details. +\&\fBBN_generate_prime\fR\|(3) for further details. .SH "RETURN VALUE" .IX Header "RETURN VALUE" -If key generation fails, \fIRSA_generate_key()\fR returns \fB\s-1NULL\s0\fR. +If key generation fails, \fBRSA_generate_key()\fR returns \fB\s-1NULL\s0\fR. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" \&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. .PP -\&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values. +\&\fBRSA_generate_key()\fR goes into an infinite loop for illegal input values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3), -\&\fIRSA_free\fR\|(3), \fIBN_generate_prime\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBrand\fR\|(3), \fBrsa\fR\|(3), +\&\fBRSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBcb_arg\fR argument was added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 index 03575201fc9..ca90a400c0e 100644 --- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_get_ex_new_index 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,81 +171,81 @@ additional data (for example a handle to the data in an external library). Since the application data can be anything at all it is passed and retrieved as a \fBvoid *\fR type. .PP -The \fB\f(BIRSA_get_ex_new_index()\fB\fR function is initially called to \*(L"register\*(R" some +The \fB\fBRSA_get_ex_new_index()\fB\fR function is initially called to \*(L"register\*(R" some new application specific data. It takes three optional function pointers which are called when the parent structure (in this case an \s-1RSA\s0 structure) is initially created, when it is copied and when it is freed up. If any or all of these function pointer arguments are not used they should be set to \s-1NULL.\s0 The precise manner in which these function pointers are called is described in more -detail below. \fB\f(BIRSA_get_ex_new_index()\fB\fR also takes additional long and pointer +detail below. \fB\fBRSA_get_ex_new_index()\fB\fR also takes additional long and pointer parameters which will be passed to the supplied functions but which otherwise have no special meaning. It returns an \fBindex\fR which should be stored (typically in a static variable) and passed used in the \fBidx\fR parameter in -the remaining functions. Each successful call to \fB\f(BIRSA_get_ex_new_index()\fB\fR +the remaining functions. Each successful call to \fB\fBRSA_get_ex_new_index()\fB\fR will return an index greater than any previously returned, this is important because the optional functions are called in order of increasing index value. .PP -\&\fB\f(BIRSA_set_ex_data()\fB\fR is used to set application specific data, the data is +\&\fB\fBRSA_set_ex_data()\fB\fR is used to set application specific data, the data is supplied in the \fBarg\fR parameter and its precise meaning is up to the application. .PP -\&\fB\f(BIRSA_get_ex_data()\fB\fR is used to retrieve application specific data. The data +\&\fB\fBRSA_get_ex_data()\fB\fR is used to retrieve application specific data. The data is returned to the application, this will be the same value as supplied to -a previous \fB\f(BIRSA_set_ex_data()\fB\fR call. +a previous \fB\fBRSA_set_ex_data()\fB\fR call. .PP -\&\fB\f(BInew_func()\fB\fR is called when a structure is initially allocated (for example -with \fB\f(BIRSA_new()\fB\fR. The parent structure members will not have any meaningful +\&\fB\fBnew_func()\fB\fR is called when a structure is initially allocated (for example +with \fB\fBRSA_new()\fB\fR. The parent structure members will not have any meaningful values at this point. This function will typically be used to allocate any application specific structure. .PP -\&\fB\f(BIfree_func()\fB\fR is called when a structure is being freed up. The dynamic parent +\&\fB\fBfree_func()\fB\fR is called when a structure is being freed up. The dynamic parent structure members should not be accessed because they will be freed up when this function is called. .PP -\&\fB\f(BInew_func()\fB\fR and \fB\f(BIfree_func()\fB\fR take the same parameters. \fBparent\fR is a +\&\fB\fBnew_func()\fB\fR and \fB\fBfree_func()\fB\fR take the same parameters. \fBparent\fR is a pointer to the parent \s-1RSA\s0 structure. \fBptr\fR is a the application specific data -(this wont be of much use in \fB\f(BInew_func()\fB\fR. \fBad\fR is a pointer to the +(this wont be of much use in \fB\fBnew_func()\fB\fR. \fBad\fR is a pointer to the \&\fB\s-1CRYPTO_EX_DATA\s0\fR structure from the parent \s-1RSA\s0 structure: the functions -\&\fB\f(BICRYPTO_get_ex_data()\fB\fR and \fB\f(BICRYPTO_set_ex_data()\fB\fR can be called to manipulate +\&\fB\fBCRYPTO_get_ex_data()\fB\fR and \fB\fBCRYPTO_set_ex_data()\fB\fR can be called to manipulate it. The \fBidx\fR parameter is the index: this will be the same value returned by -\&\fB\f(BIRSA_get_ex_new_index()\fB\fR when the functions were initially registered. Finally +\&\fB\fBRSA_get_ex_new_index()\fB\fR when the functions were initially registered. Finally the \fBargl\fR and \fBargp\fR parameters are the values originally passed to the same -corresponding parameters when \fB\f(BIRSA_get_ex_new_index()\fB\fR was called. +corresponding parameters when \fB\fBRSA_get_ex_new_index()\fB\fR was called. .PP -\&\fB\f(BIdup_func()\fB\fR is called when a structure is being copied. Pointers to the +\&\fB\fBdup_func()\fB\fR is called when a structure is being copied. Pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures are passed in the \fBto\fR and \&\fBfrom\fR parameters respectively. The \fBfrom_d\fR parameter is passed a pointer to the source application data when the function is called, when the function returns the value is copied to the destination: the application can thus modify the data pointed to by \fBfrom_d\fR and have different values in the source and destination. -The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are the same as those in \fB\f(BInew_func()\fB\fR -and \fB\f(BIfree_func()\fB\fR. +The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are the same as those in \fB\fBnew_func()\fB\fR +and \fB\fBfree_func()\fB\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fB\f(BIRSA_get_ex_new_index()\fB\fR returns a new index or \-1 on failure (note 0 is a valid +\&\fB\fBRSA_get_ex_new_index()\fB\fR returns a new index or \-1 on failure (note 0 is a valid index value). .PP -\&\fB\f(BIRSA_set_ex_data()\fB\fR returns 1 on success or 0 on failure. +\&\fB\fBRSA_set_ex_data()\fB\fR returns 1 on success or 0 on failure. .PP -\&\fB\f(BIRSA_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also +\&\fB\fBRSA_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also be valid application data but currently it can only fail if given an invalid \fBidx\fR parameter. .PP -\&\fB\f(BInew_func()\fB\fR and \fB\f(BIdup_func()\fB\fR should return 0 for failure and 1 for success. +\&\fB\fBnew_func()\fB\fR and \fB\fBdup_func()\fB\fR should return 0 for failure and 1 for success. .PP -On failure an error code can be obtained from \fIERR_get_error\fR\|(3). +On failure an error code can be obtained from \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" -\&\fB\f(BIdup_func()\fB\fR is currently never called. +\&\fB\fBdup_func()\fB\fR is currently never called. .PP -The return value of \fB\f(BInew_func()\fB\fR is ignored. +The return value of \fB\fBnew_func()\fB\fR is ignored. .PP -The \fB\f(BInew_func()\fB\fR function isn't very useful because no meaningful values are +The \fB\fBnew_func()\fB\fR function isn't very useful because no meaningful values are present in the parent \s-1RSA\s0 structure when it is called. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrsa\fR\|(3), \fICRYPTO_set_ex_data\fR\|(3) +\&\fBrsa\fR\|(3), \fBCRYPTO_set_ex_data\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR are +\&\fBRSA_get_ex_new_index()\fR, \fBRSA_set_ex_data()\fR and \fBRSA_get_ex_data()\fR are available since SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 1252455b1c5..799afaa67e3 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,23 +151,23 @@ RSA_new, RSA_free \- allocate and free RSA objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to +\&\fBRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to calling RSA_new_method(\s-1NULL\s0). .PP -\&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is +\&\fBRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is erased before the memory is returned to the system. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns +If the allocation fails, \fBRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIRSA_free()\fR returns no value. +\&\fBRSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIrsa\fR\|(3), -\&\fIRSA_generate_key\fR\|(3), -\&\fIRSA_new_method\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBrsa\fR\|(3), +\&\fBRSA_generate_key\fR\|(3), +\&\fBRSA_new_method\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_new()\fR and \fIRSA_free()\fR are available in all versions of SSLeay and OpenSSL. +\&\fBRSA_new()\fR and \fBRSA_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index 5e24fb57792..3b6d9e023b2 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -178,17 +182,17 @@ padding .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, +The \fBRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, decrypt, sign and verify functions. Normally they should not be called from application programs. .PP However, they can also be called directly to implement padding for other -asymmetric ciphers. \fIRSA_padding_add_PKCS1_OAEP()\fR and -\&\fIRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined +asymmetric ciphers. \fBRSA_padding_add_PKCS1_OAEP()\fR and +\&\fBRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding parameter. .PP -\&\fIRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into +\&\fBRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into \&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR does not meet the size requirements of the encoding method. .PP @@ -210,40 +214,45 @@ The following encoding methods are implemented: simply copy the data .PP The random number generator must be seeded prior to calling -\&\fIRSA_padding_add_xxx()\fR. +\&\fBRSA_padding_add_xxx()\fR. .PP -\&\fIRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain +\&\fBRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective encoding method and stores the recovered data of at most \fBtlen\fR bytes (for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) at \fBto\fR. .PP -For \fIRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter +For \fBRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The \fIRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. -The \fIRSA_padding_check_xxx()\fR functions return the length of the +The \fBRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. +The \fBRSA_padding_check_xxx()\fR functions return the length of the recovered data, \-1 on error. Error codes can be obtained by calling -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .SH "WARNING" .IX Header "WARNING" -The \fIRSA_padding_check_PKCS1_type_2()\fR padding check leaks timing +The \fBRSA_padding_check_PKCS1_type_2()\fR padding check leaks timing information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 -v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. +v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. Otherwise it can +be recommended to pass zero-padded \fBf\fR, so that \fBfl\fR equals to +\&\fBrsa_len\fR, and if fixed by protocol, \fBtlen\fR being set to the +expected length. In such case leakage would be minimal, it would +take attacker's ability to observe memory access pattern with byte +granilarity as it occurs, post-factum timing analysis won't do. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRSA_public_encrypt\fR\|(3), -\&\fIRSA_private_decrypt\fR\|(3), -\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3) +\&\fBRSA_public_encrypt\fR\|(3), +\&\fBRSA_private_decrypt\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_padding_add_PKCS1_type_1()\fR, \fIRSA_padding_check_PKCS1_type_1()\fR, -\&\fIRSA_padding_add_PKCS1_type_2()\fR, \fIRSA_padding_check_PKCS1_type_2()\fR, -\&\fIRSA_padding_add_SSLv23()\fR, \fIRSA_padding_check_SSLv23()\fR, -\&\fIRSA_padding_add_none()\fR and \fIRSA_padding_check_none()\fR appeared in +\&\fBRSA_padding_add_PKCS1_type_1()\fR, \fBRSA_padding_check_PKCS1_type_1()\fR, +\&\fBRSA_padding_add_PKCS1_type_2()\fR, \fBRSA_padding_check_PKCS1_type_2()\fR, +\&\fBRSA_padding_add_SSLv23()\fR, \fBRSA_padding_check_SSLv23()\fR, +\&\fBRSA_padding_add_none()\fR and \fBRSA_padding_check_none()\fR appeared in SSLeay 0.9.0. .PP -\&\fIRSA_padding_add_PKCS1_OAEP()\fR and \fIRSA_padding_check_PKCS1_OAEP()\fR were +\&\fBRSA_padding_add_PKCS1_OAEP()\fR and \fBRSA_padding_check_PKCS1_OAEP()\fR were added in OpenSSL 0.9.2b. diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index fc2726e0a36..bb453b88ca1 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_print 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,9 +173,9 @@ The output lines are indented by \fBoffset\fR spaces. These functions return 1 on success, 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdh\fR\|(3), \fIdsa\fR\|(3), \fIrsa\fR\|(3), \fIBN_bn2bin\fR\|(3) +\&\fBdh\fR\|(3), \fBdsa\fR\|(3), \fBrsa\fR\|(3), \fBBN_bn2bin\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_print()\fR, \fIRSA_print_fp()\fR, \fIDSA_print()\fR, \fIDSA_print_fp()\fR, \fIDH_print()\fR, -\&\fIDH_print_fp()\fR are available in all versions of SSLeay and OpenSSL. -\&\fIDSAparams_print()\fR and \fIDSAparams_print_fp()\fR were added in SSLeay 0.8. +\&\fBRSA_print()\fR, \fBRSA_print_fp()\fR, \fBDSA_print()\fR, \fBDSA_print_fp()\fR, \fBDH_print()\fR, +\&\fBDH_print_fp()\fR are available in all versions of SSLeay and OpenSSL. +\&\fBDSAparams_print()\fR and \fBDSAparams_print_fp()\fR were added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index f91468f013d..42c45ab1b79 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_private_encrypt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +155,7 @@ RSA_private_encrypt, RSA_public_decrypt \- low level signature operations .IX Header "DESCRIPTION" These functions handle \s-1RSA\s0 signatures at a low level. .PP -\&\fIRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a +\&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a message digest with an algorithm identifier) using the private key \&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to \&\fBRSA_size(rsa)\fR bytes of memory. @@ -161,7 +165,7 @@ message digest with an algorithm identifier) using the private key .IX Item "RSA_PKCS1_PADDING" \&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the \&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or -verifying \s-1PKCS\s0 #1 signatures, \fIRSA_sign\fR\|(3) and \fIRSA_verify\fR\|(3) should be +verifying \s-1PKCS\s0 #1 signatures, \fBRSA_sign\fR\|(3) and \fBRSA_verify\fR\|(3) should be used. .IP "\s-1RSA_NO_PADDING\s0" 4 .IX Item "RSA_NO_PADDING" @@ -169,23 +173,23 @@ Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement cryptographically sound padding modes in the application code. Signing user data directly with \s-1RSA\s0 is insecure. .PP -\&\fIRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR +\&\fBRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR bytes long signature at \fBfrom\fR using the signer's public key \&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the message digest (which is smaller than \fBRSA_size(rsa) \- 11\fR). \fBpadding\fR is the padding mode that was used to sign the data. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_private_encrypt()\fR returns the size of the signature (i.e., -RSA_size(rsa)). \fIRSA_public_decrypt()\fR returns the size of the +\&\fBRSA_private_encrypt()\fR returns the size of the signature (i.e., +RSA_size(rsa)). \fBRSA_public_decrypt()\fR returns the size of the recovered message digest. .PP On error, \-1 is returned; the error codes can be -obtained by \fIERR_get_error\fR\|(3). +obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIrsa\fR\|(3), -\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBrsa\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 988c6f198a1..9bd6f09dd12 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_public_encrypt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,7 +153,7 @@ RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a +\&\fBRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a session key) using the public key \fBrsa\fR and stores the ciphertext in \&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. .PP @@ -175,21 +179,21 @@ Encrypting user data directly with \s-1RSA\s0 is insecure. based padding modes, less than RSA_size(\fBrsa\fR) \- 41 for \&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0 The random number generator must be seeded prior to calling -\&\fIRSA_public_encrypt()\fR. +\&\fBRSA_public_encrypt()\fR. .PP -\&\fIRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the +\&\fBRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBto\fR must point to a memory section large enough to hold the decrypted data (which is smaller than RSA_size(\fBrsa\fR)). \fBpadding\fR is the padding mode that was used to encrypt the data. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., -RSA_size(\fBrsa\fR)). \fIRSA_private_decrypt()\fR returns the size of the +\&\fBRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., +RSA_size(\fBrsa\fR)). \fBRSA_private_decrypt()\fR returns the size of the recovered plaintext. .PP On error, \-1 is returned; the error codes can be -obtained by \fIERR_get_error\fR\|(3). +obtained by \fBERR_get_error\fR\|(3). .SH "WARNING" .IX Header "WARNING" Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information @@ -201,8 +205,8 @@ design. Prefer \s-1RSA_PKCS1_OAEP_PADDING.\s0 \&\s-1SSL, PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3), -\&\fIRSA_size\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBrand\fR\|(3), \fBrsa\fR\|(3), +\&\fBRSA_size\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index 2b1383e6dd8..c75954afebc 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_set_method 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,18 +172,18 @@ important information about how these \s-1RSA API\s0 functions are affected by t use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, -as returned by \fIRSA_PKCS1_SSLeay()\fR. +as returned by \fBRSA_PKCS1_SSLeay()\fR. .PP -\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +\&\fBRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RSA,\s0 so this function is no longer recommended. .PP -\&\fIRSA_get_default_method()\fR returns a pointer to the current default +\&\fBRSA_get_default_method()\fR returns a pointer to the current default \&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP -\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key \&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1RSA\s0 keys that only @@ -188,23 +192,23 @@ that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected results. .PP -\&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. +\&\fBRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if it is, the return value can only be guaranteed to be valid as long as the \&\s-1RSA\s0 key itself is valid and does not have its implementation changed by -\&\fIRSA_set_method()\fR. +\&\fBRSA_set_method()\fR. .PP -\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current \&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section. .PP -\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that +\&\fBRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that \&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, -the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used. +the \s-1RSA_METHOD\s0 controlled by \fBRSA_set_default_method()\fR is used. .PP -\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. .PP -\&\fIRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that +\&\fBRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that \&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, the default method is used. .SH "THE RSA_METHOD STRUCTURE" @@ -275,21 +279,21 @@ the default method is used. .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR -and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs. +\&\fBRSA_PKCS1_SSLeay()\fR, \fBRSA_PKCS1_null_method()\fR, \fBRSA_get_default_method()\fR +and \fBRSA_get_method()\fR return pointers to the respective RSA_METHODs. .PP -\&\fIRSA_set_default_method()\fR returns no value. +\&\fBRSA_set_default_method()\fR returns no value. .PP -\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation +\&\fBRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation that was replaced. However, this return value should probably be ignored because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a -result of the \fIRSA_set_method()\fR function releasing its handle to the +result of the \fBRSA_set_method()\fR function releasing its handle to the \&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR declaration in a future release. .PP -\&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained -by \fIERR_get_error\fR\|(3) if the allocation fails. Otherwise +\&\fBRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "NOTES" .IX Header "NOTES" @@ -297,33 +301,33 @@ As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with other algorithmic APIs (eg. \s-1DSA_METHOD, EVP_CIPHER,\s0 etc) into \fB\s-1ENGINE\s0\fR modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an \&\s-1ENGINE API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA -API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the +API\s0 (ie. \fBRSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way to control default implementations for use in \s-1RSA\s0 and other cryptographic algorithms. .SH "BUGS" .IX Header "BUGS" -The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now +The behaviour of \fBRSA_flags()\fR is a mis-feature that is left as-is for now to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key (which is what this function returns). If the flags element of an \s-1RSA\s0 key is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not -be reflected in the return value of the \fIRSA_flags()\fR function \- in effect -\&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does +be reflected in the return value of the \fBRSA_flags()\fR function \- in effect +\&\fBRSA_flags()\fR behaves more like an \fBRSA_default_flags()\fR function (which does not currently exist). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrsa\fR\|(3), \fIRSA_new\fR\|(3) +\&\fBrsa\fR\|(3), \fBRSA_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_new_method()\fR and \fIRSA_set_default_method()\fR appeared in SSLeay 0.8. -\&\fIRSA_get_default_method()\fR, \fIRSA_set_method()\fR and \fIRSA_get_method()\fR as +\&\fBRSA_new_method()\fR and \fBRSA_set_default_method()\fR appeared in SSLeay 0.8. +\&\fBRSA_get_default_method()\fR, \fBRSA_set_method()\fR and \fBRSA_get_method()\fR as well as the rsa_sign and rsa_verify components of \s-1RSA_METHOD\s0 were added in OpenSSL 0.9.4. .PP -\&\fIRSA_set_default_openssl_method()\fR and \fIRSA_get_default_openssl_method()\fR -replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR -respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use +\&\fBRSA_set_default_openssl_method()\fR and \fBRSA_get_default_openssl_method()\fR +replaced \fBRSA_set_default_method()\fR and \fBRSA_get_default_method()\fR +respectively, and \fBRSA_set_method()\fR and \fBRSA_new_method()\fR were altered to use \&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this change was reversed, and behaviour of the diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index 6385e5701fa..73167105043 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_sign 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,31 +153,31 @@ RSA_sign, RSA_verify \- RSA signatures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the +\&\fBRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the private key \fBrsa\fR as specified in \s-1PKCS\s0 #1 v2.0. It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the key that can be used. -See \fIRSA_private_encrypt\fR\|(3) for lower-level +See \fBRSA_private_encrypt\fR\|(3) for lower-level operations. .PP \&\fBtype\fR denotes the message digest algorithm that was used to generate \&\fBm\fR. It usually is one of \fBNID_sha1\fR, \fBNID_ripemd160\fR and \fBNID_md5\fR; -see \fIobjects\fR\|(3) for details. If \fBtype\fR is \fBNID_md5_sha1\fR, +see \fBobjects\fR\|(3) for details. If \fBtype\fR is \fBNID_md5_sha1\fR, an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding and no algorithm identifier) is created. .PP -\&\fIRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +\&\fBRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes the message digest algorithm that was used to generate the signature. \&\fBrsa\fR is the signer's public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_sign()\fR returns 1 on success, 0 otherwise. \fIRSA_verify()\fR returns 1 +\&\fBRSA_sign()\fR returns 1 on success, 0 otherwise. \fBRSA_verify()\fR returns 1 on successful verification, 0 otherwise. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" Certain signatures with an improper algorithm identifier are accepted @@ -183,10 +187,10 @@ for compatibility with SSLeay 0.4.5 :\-) \&\s-1SSL, PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIobjects\fR\|(3), -\&\fIrsa\fR\|(3), \fIRSA_private_encrypt\fR\|(3), -\&\fIRSA_public_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBobjects\fR\|(3), +\&\fBrsa\fR\|(3), \fBRSA_private_encrypt\fR\|(3), +\&\fBRSA_public_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_sign()\fR and \fIRSA_verify()\fR are available in all versions of SSLeay +\&\fBRSA_sign()\fR and \fBRSA_verify()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index a5146f715cc..9ad285af56d 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +155,7 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size \&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 padding. It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of @@ -159,28 +163,28 @@ memory. .PP \&\fBdummy\fR is ignored. .PP -The random number generator must be seeded prior to calling \fIRSA_sign_ASN1_OCTET_STRING()\fR. +The random number generator must be seeded prior to calling \fBRSA_sign_ASN1_OCTET_STRING()\fR. .PP -\&\fIRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR +\&\fBRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string \&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. -\&\fIRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. +\&\fBRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 otherwise. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" These functions serve no recognizable purpose. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIobjects\fR\|(3), -\&\fIrand\fR\|(3), \fIrsa\fR\|(3), \fIRSA_sign\fR\|(3), -\&\fIRSA_verify\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBobjects\fR\|(3), +\&\fBrand\fR\|(3), \fBrsa\fR\|(3), \fBRSA_sign\fR\|(3), +\&\fBRSA_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_sign_ASN1_OCTET_STRING()\fR and \fIRSA_verify_ASN1_OCTET_STRING()\fR were +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR and \fBRSA_verify_ASN1_OCTET_STRING()\fR were added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 9a39f12b92d..57b0571f330 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA_size 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +159,7 @@ value. The size in bytes. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrsa\fR\|(3) +\&\fBrsa\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_size()\fR is available in all versions of SSLeay and OpenSSL. +\&\fBRSA_size()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3 index 929560a0146..4974c1915b4 100644 --- a/secure/lib/libcrypto/man/SMIME_read_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_CMS 3" -.TH SMIME_read_CMS 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SMIME_read_CMS 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_read_CMS()\fR parses a message in S/MIME format. +\&\fBSMIME_read_CMS()\fR parses a message in S/MIME format. .PP \&\fBin\fR is a \s-1BIO\s0 to read the message from. .PP @@ -159,10 +163,10 @@ error occurred. .SH "NOTES" .IX Header "NOTES" If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can -then be passed to \fICMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. +then be passed to \fBCMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. .PP Otherwise the type of the returned structure can be determined -using \fICMS_get0_type()\fR. +using \fBCMS_get0_type()\fR. .PP To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be initialized to \s-1NULL.\s0 For example: @@ -175,7 +179,7 @@ initialized to \s-1NULL.\s0 For example: .Ve .SH "BUGS" .IX Header "BUGS" -The \s-1MIME\s0 parser used by \fISMIME_read_CMS()\fR is somewhat primitive. While it will +The \s-1MIME\s0 parser used by \fBSMIME_read_CMS()\fR is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work. .PP The parser assumes that the CMS_ContentInfo structure is always base64 encoded @@ -187,14 +191,14 @@ which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR -if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBSMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_type\fR\|(3) -\&\fISMIME_read_CMS\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) -\&\fICMS_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_type\fR\|(3) +\&\fBSMIME_read_CMS\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISMIME_read_CMS()\fR was added to OpenSSL 0.9.8 +\&\fBSMIME_read_CMS()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 index 8f9bd1756a5..2c8478763c2 100644 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_PKCS7 3" -.TH SMIME_read_PKCS7 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SMIME_read_PKCS7 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ SMIME_read_PKCS7 \- parse S/MIME message. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format. +\&\fBSMIME_read_PKCS7()\fR parses a message in S/MIME format. .PP \&\fBin\fR is a \s-1BIO\s0 to read the message from. .PP @@ -158,11 +162,11 @@ error occurred. .SH "NOTES" .IX Header "NOTES" If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text -signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with +signed. \fB*bcont\fR can then be passed to \fBPKCS7_verify()\fR with the \fB\s-1PKCS7_DETACHED\s0\fR flag set. .PP Otherwise the type of the returned structure can be determined -using \fIPKCS7_type()\fR. +using \fBPKCS7_type()\fR. .PP To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR \&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: @@ -175,7 +179,7 @@ To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR .Ve .SH "BUGS" .IX Header "BUGS" -The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive. +The \s-1MIME\s0 parser used by \fBSMIME_read_PKCS7()\fR is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work. .PP @@ -188,14 +192,14 @@ of message which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR -if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fBSMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_type\fR\|(3) -\&\fISMIME_read_PKCS7\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_type\fR\|(3) +\&\fBSMIME_read_PKCS7\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISMIME_read_PKCS7()\fR was added to OpenSSL 0.9.5 +\&\fBSMIME_read_PKCS7()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3 index f3a3af78fed..6ef72864aac 100644 --- a/secure/lib/libcrypto/man/SMIME_write_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_CMS 3" -.TH SMIME_write_CMS 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SMIME_write_CMS 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 +\&\fBSMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 structure to produce an S/MIME message. .PP \&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate @@ -158,7 +162,7 @@ supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. The following flags can be passed in the \fBflags\fR parameter. .PP If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only -makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fICMS_sign()\fR is +makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fBCMS_sign()\fR is called. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to @@ -169,7 +173,7 @@ be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_Con creation function. .PP If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must -be read twice: once to compute the signature in \fICMS_sign()\fR and once to output +be read twice: once to compute the signature in \fBCMS_sign()\fR and once to output the S/MIME message. .PP If streaming is performed the content is output in \s-1BER\s0 format using indefinite @@ -177,16 +181,16 @@ length constructed encoding except in the case of signed data with detached content where the content is absent and \s-1DER\s0 format is used. .SH "BUGS" .IX Header "BUGS" -\&\fISMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an +\&\fBSMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an option to disable this. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_write_CMS()\fR returns 1 for success or 0 for failure. +\&\fBSMIME_write_CMS()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) -\&\fICMS_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISMIME_write_CMS()\fR was added to OpenSSL 0.9.8 +\&\fBSMIME_write_CMS()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 index 882d1422b29..c488ab166d5 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SMIME_write_PKCS7 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +\&\fBSMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 structure to produce an S/MIME message. .PP \&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR @@ -157,7 +161,7 @@ The following flags can be passed in the \fBflags\fR parameter. .PP If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR -is also set when \fIPKCS7_sign()\fR is also called. +is also set when \fBPKCS7_sign()\fR is also called. .PP If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR @@ -165,10 +169,10 @@ is also set. .PP If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to -\&\fIPKCS7_sign()\fR or \fB\f(BIPKCS7_encrypt()\fB\fR. +\&\fBPKCS7_sign()\fR or \fB\fBPKCS7_encrypt()\fB\fR. .PP If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then -the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR +the data must be read twice: once to compute the signature in \fBPKCS7_sign()\fR and once to output the S/MIME message. .PP If streaming is performed the content is output in \s-1BER\s0 format using indefinite @@ -176,16 +180,16 @@ length constructuted encoding except in the case of signed data with detached content where the content is absent and \s-1DER\s0 format is used. .SH "BUGS" .IX Header "BUGS" -\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there +\&\fBSMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there should be an option to disable this. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +\&\fBSMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISMIME_write_PKCS7()\fR was added to OpenSSL 0.9.5 +\&\fBSMIME_write_PKCS7()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index a11d3e244c4..1cbdaec597a 100644 --- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_get_object 3" -.TH X509_NAME_ENTRY_get_object 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_NAME_ENTRY_get_object 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,31 +160,28 @@ X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in +\&\fBX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in and \fB\s-1ASN1_OBJECT\s0\fR structure. .PP -\&\fIX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in +\&\fBX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in and \fB\s-1ASN1_STRING\s0\fR structure. .PP -\&\fIX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. +\&\fBX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. .PP -\&\fIX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type +\&\fBX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type \&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. .PP -\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR -and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR +and \fBX509_NAME_ENTRY_create_by_OBJ()\fR create and return an \&\fBX509_NAME_ENTRY\fR structure. .SH "NOTES" .IX Header "NOTES" -\&\fIX509_NAME_ENTRY_get_object()\fR and \fIX509_NAME_ENTRY_get_data()\fR can be +\&\fBX509_NAME_ENTRY_get_object()\fR and \fBX509_NAME_ENTRY_get_data()\fR can be used to examine an \fBX509_NAME_ENTRY\fR function as returned by -\&\fIX509_NAME_get_entry()\fR for example. +\&\fBX509_NAME_get_entry()\fR for example. .PP -\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR, -and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an -.PP -\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_OBJ()\fR, -\&\fIX509_NAME_ENTRY_create_by_NID()\fR and \fIX509_NAME_ENTRY_set_data()\fR +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_OBJ()\fR, +\&\fBX509_NAME_ENTRY_create_by_NID()\fR and \fBX509_NAME_ENTRY_set_data()\fR are seldom used in practice because \fBX509_NAME_ENTRY\fR structures are almost always part of \fBX509_NAME\fR structures and the corresponding \fBX509_NAME\fR functions are typically used to @@ -188,15 +189,15 @@ create and add new entries in a single operation. .PP The arguments of these functions support similar options to the similarly named ones of the corresponding \fBX509_NAME\fR functions such as -\&\fIX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to -\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fIX509_set_data()\fR the field name must be +\&\fBX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to +\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fBX509_set_data()\fR the field name must be set first so the relevant field information can be looked up internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3), -\&\fIOBJ_nid2obj\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3), +\&\fBOBJ_nid2obj\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 index 4183705092c..21c851b8928 100644 --- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_add_entry_by_txt 3" -.TH X509_NAME_add_entry_by_txt 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_NAME_add_entry_by_txt 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,8 +158,8 @@ X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and -\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined +\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR and +\&\fBX509_NAME_add_entry_by_NID()\fR add a field whose name is defined by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. The field value to be added is in \fBbytes\fR of length \fBlen\fR. If \&\fBlen\fR is \-1 then the field length is calculated internally using @@ -166,12 +170,12 @@ definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is added to a position determined by \fBloc\fR and \fBset\fR. .PP -\&\fIX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR +\&\fBX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR to \fBname\fR. The new entry is added to a position determined by \fBloc\fR and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after the call. .PP -\&\fIX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position +\&\fBX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position \&\fBloc\fR. The deleted entry is returned and must be freed up. .SH "NOTES" .IX Header "NOTES" @@ -179,12 +183,12 @@ The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF is strongly recommended for the \fBtype\fR parameter. This allows the internal code to correctly determine the type of the field and to apply length checks according to the relevant standards. This is -done using \fIASN1_STRING_set_by_NID()\fR. +done using \fBASN1_STRING_set_by_NID()\fR. .PP If instead an \s-1ASN1\s0 type is used no checks are performed and the supplied data in \fBbytes\fR is used directly. .PP -In \fIX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents +In \fBX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents the field name using OBJ_txt2obj(field, 0). .PP The \fBloc\fR and \fBset\fR parameters determine where a new entry should @@ -225,11 +229,11 @@ Create an \fBX509_NAME\fR structure: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR, -\&\fIX509_NAME_add_entry_by_NID()\fR and \fIX509_NAME_add_entry()\fR return 1 for +\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR, +\&\fBX509_NAME_add_entry_by_NID()\fR and \fBX509_NAME_add_entry()\fR return 1 for success of 0 if an error occurred. .PP -\&\fIX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR +\&\fBX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR structure of \fB\s-1NULL\s0\fR if an error occurred. .SH "BUGS" .IX Header "BUGS" @@ -239,6 +243,6 @@ not understand multicharacter types, performs no length checks and can result in invalid field types its use is strongly discouraged. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index a93e007101f..d395b7d3dfc 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_get_index_by_NID 3" -.TH X509_NAME_get_index_by_NID 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_NAME_get_index_by_NID 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,19 +163,19 @@ These functions allow an \fBX509_NAME\fR structure to be examined. The \&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject and issuer names. .PP -\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve +\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR retrieve the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR should initially be set to \-1. If there are no more entries \-1 is returned. If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned. .PP -\&\fIX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. +\&\fBX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. .PP -\&\fIX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR +\&\fBX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from 0 to (X509_NAME_entry_count(name) \- 1). The value returned is an internal pointer which must not be freed. .PP -\&\fIX509_NAME_get_text_by_NID()\fR, \fIX509_NAME_get_text_by_OBJ()\fR retrieve +\&\fBX509_NAME_get_text_by_NID()\fR, \fBX509_NAME_get_text_by_OBJ()\fR retrieve the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or \&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes will be written and the text written to \fBbuf\fR will be null @@ -180,23 +184,23 @@ excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount of space needed in \fBbuf\fR (excluding the final null) is returned. .SH "NOTES" .IX Header "NOTES" -\&\fIX509_NAME_get_text_by_NID()\fR and \fIX509_NAME_get_text_by_OBJ()\fR are +\&\fBX509_NAME_get_text_by_NID()\fR and \fBX509_NAME_get_text_by_OBJ()\fR are legacy functions which have various limitations which make them of minimal use in practice. They can only find the first matching entry and will copy the contents of the field verbatim: this can be highly confusing if the target is a muticharacter string type like a BMPString or a UTF8String. .PP -For a more general solution \fIX509_NAME_get_index_by_NID()\fR or -\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by -\&\fIX509_NAME_get_entry()\fR on any matching indices and then the +For a more general solution \fBX509_NAME_get_index_by_NID()\fR or +\&\fBX509_NAME_get_index_by_OBJ()\fR should be used followed by +\&\fBX509_NAME_get_entry()\fR on any matching indices and then the various \fBX509_NAME_ENTRY\fR utility functions on the result. .PP The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in the source code header files and/or . .PP -Applications which could pass invalid NIDs to \fIX509_NAME_get_index_by_NID()\fR +Applications which could pass invalid NIDs to \fBX509_NAME_get_index_by_NID()\fR should check for the return value of \-2. Alternatively the \s-1NID\s0 validity can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL.\s0 .SH "EXAMPLES" @@ -231,18 +235,18 @@ Process all commonName entries: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR +\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR return the index of the next matching entry or \-1 if not found. -\&\fIX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied +\&\fBX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied \&\s-1NID\s0 is invalid. .PP -\&\fIX509_NAME_entry_count()\fR returns the total number of entries. +\&\fBX509_NAME_entry_count()\fR returns the total number of entries. .PP -\&\fIX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the +\&\fBX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the requested entry or \fB\s-1NULL\s0\fR if the index is invalid. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 index 4bf625bc47e..73ce53dc951 100644 --- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_print_ex 3" -.TH X509_NAME_print_ex 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_NAME_print_ex 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,36 +153,36 @@ X509_NAME_oneline \- X509_NAME printing routines. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each line (for multiline formats) is indented by \fBindent\fR spaces. The output format can be extensively customised by use of the \fBflags\fR parameter. .PP -\&\fIX509_NAME_print_ex_fp()\fR is identical to \fIX509_NAME_print_ex()\fR except the output is +\&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR except the output is written to \s-1FILE\s0 pointer \fBfp\fR. .PP -\&\fIX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. +\&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and \&\fBsize\fR is ignored. Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0', and \fBbuf\fR is returned. .PP -\&\fIX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +\&\fBX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR characters. Multiple lines are used if the output (including indent) exceeds 80 characters. .SH "NOTES" .IX Header "NOTES" -The functions \fIX509_NAME_oneline()\fR and \fIX509_NAME_print()\fR are legacy functions which +The functions \fBX509_NAME_oneline()\fR and \fBX509_NAME_print()\fR are legacy functions which produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications. .PP Although there are a large number of possible flags for most purposes \&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. -As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page +As noted on the \fBASN1_STRING_print_ex\fR\|(3) manual page for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example \&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used. .PP -The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below. +The complete set of the flags supported by \fBX509_NAME_print_ex()\fR is listed below. .PP Several options can be ored together. .PP @@ -210,7 +214,7 @@ printed instead of the values. If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this is only of use for multiline format. .PP -Additionally all the options supported by \fIASN1_STRING_print_ex()\fR can be used to +Additionally all the options supported by \fBASN1_STRING_print_ex()\fR can be used to control how each field value is displayed. .PP In addition a number options can be set for commonly used formats. @@ -225,10 +229,10 @@ is equivalent to: \&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR .PP -\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fIX509_NAME_print()\fR: in fact it calls \fIX509_NAME_print()\fR internally. +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: in fact it calls \fBX509_NAME_print()\fR internally. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIASN1_STRING_print_ex\fR\|(3) +\&\fBASN1_STRING_print_ex\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index 9237cedf59c..ab4bbd1c032 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_error 3" -.TH X509_STORE_CTX_get_error 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_STORE_CTX_get_error 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,26 +157,26 @@ X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_dep .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -These functions are typically called after \fIX509_verify_cert()\fR has indicated +These functions are typically called after \fBX509_verify_cert()\fR has indicated an error or in a verification callback to determine the nature of an error. .PP -\&\fIX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see +\&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes. .PP -\&\fIX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example +\&\fBX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example it might be used in a verification callback to set an error based on additional checks. .PP -\&\fIX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a +\&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a non-negative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. .PP -\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. .PP -\&\fIX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous -call to \fIX509_verify_cert()\fR is successful. If the call to \fIX509_verify_cert()\fR +\&\fBX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous +call to \fBX509_verify_cert()\fR is successful. If the call to \fBX509_verify_cert()\fR is \fBnot\fR successful the returned chain may be incomplete or invalid. The returned chain persists after the \fBctx\fR structure is freed, when it is no longer needed it should be free up using: @@ -181,18 +185,18 @@ no longer needed it should be free up using: \& sk_X509_pop_free(chain, X509_free); .Ve .PP -\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for +\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for verification error \fBn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. +\&\fBX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. .PP -\&\fIX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. +\&\fBX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. .PP -\&\fIX509_STORE_CTX_get_current_cert()\fR returns the cerificate which caused the +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the cerificate which caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. .PP -\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for +\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for verification error \fBn\fR. .SH "ERROR CODES" .IX Header "ERROR CODES" @@ -369,16 +373,16 @@ The above functions should be used instead of directly referencing the fields in the \fBX509_VERIFY_CTX\fR structure. .PP In versions of OpenSSL before 1.0 the current certificate returned by -\&\fIX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should +\&\fBX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should check the return value before printing out any debugging information relating to the current certificate. .PP -If an unrecognised error code is passed to \fIX509_verify_cert_error_string()\fR the +If an unrecognised error code is passed to \fBX509_verify_cert_error_string()\fR the numerical value of the unknown code is returned in a static buffer. This is not thread safe but will never happen unless an invalid code is passed. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_verify_cert\fR\|(3) +\&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 index 1fa762e950f..ddb970a27d5 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_ex_new_index 3" -.TH X509_STORE_CTX_get_ex_new_index 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_STORE_CTX_get_ex_new_index 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,8 +157,8 @@ X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions handle application specific data in X509_STORE_CTX structures. -Their usage is identical to that of \fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR -and \fIRSA_get_ex_data()\fR as described in \fIRSA_get_ex_new_index\fR\|(3). +Their usage is identical to that of \fBRSA_get_ex_new_index()\fR, \fBRSA_set_ex_data()\fR +and \fBRSA_get_ex_data()\fR as described in \fBRSA_get_ex_new_index\fR\|(3). .SH "NOTES" .IX Header "NOTES" This mechanism is used internally by the \fBssl\fR library to store the \fB\s-1SSL\s0\fR @@ -162,8 +166,8 @@ structure associated with a verification operation in an \fBX509_STORE_CTX\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRSA_get_ex_new_index\fR\|(3) +\&\fBRSA_get_ex_new_index\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_STORE_CTX_get_ex_new_index()\fR, \fIX509_STORE_CTX_set_ex_data()\fR and -\&\fIX509_STORE_CTX_get_ex_data()\fR are available since OpenSSL 0.9.5. +\&\fBX509_STORE_CTX_get_ex_new_index()\fR, \fBX509_STORE_CTX_set_ex_data()\fR and +\&\fBX509_STORE_CTX_get_ex_data()\fR are available since OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 index c65522447e8..fda3c2a6259 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_new 3" -.TH X509_STORE_CTX_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_STORE_CTX_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,51 +165,51 @@ X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_ .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use -by \fIX509_verify_cert()\fR. +by \fBX509_verify_cert()\fR. .PP -\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. +\&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. .PP -\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. -The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR. +\&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. +The context can then be reused with an new call to \fBX509_STORE_CTX_init()\fR. .PP -\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR +\&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR is no longer valid. .PP -\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. -It must be called before each call to \fIX509_verify_cert()\fR, i.e. a \fBctx\fR is only -good for one call to \fIX509_verify_cert()\fR; if you want to verify a second -certificate with the same \fBctx\fR then you must call \fIX509_STORE_CTX_cleanup()\fR -and then \fIX509_STORE_CTX_init()\fR again before the second call to -\&\fIX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end +\&\fBX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. +It must be called before each call to \fBX509_verify_cert()\fR, i.e. a \fBctx\fR is only +good for one call to \fBX509_verify_cert()\fR; if you want to verify a second +certificate with the same \fBctx\fR then you must call \fBX509_STORE_CTX_cleanup()\fR +and then \fBX509_STORE_CTX_init()\fR again before the second call to +\&\fBX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end entity certificate to be verified is set to \fBx509\fR and a set of additional certificates (which will be untrusted but may be used to build the chain) in \&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be \&\fB\s-1NULL\s0\fR. .PP -\&\fIX509_STORE_CTX_trusted_stack()\fR sets the set of trusted certificates of \fBctx\fR +\&\fBX509_STORE_CTX_trusted_stack()\fR sets the set of trusted certificates of \fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates instead of using an \fBX509_STORE\fR. .PP -\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be vertified in \fBctx\fR to +\&\fBX509_STORE_CTX_set_cert()\fR sets the certificate to be vertified in \fBctx\fR to \&\fBx\fR. .PP -\&\fIX509_STORE_CTX_set_chain()\fR sets the additional certificate chain used by \fBctx\fR +\&\fBX509_STORE_CTX_set_chain()\fR sets the additional certificate chain used by \fBctx\fR to \fBsk\fR. .PP -\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate +\&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure. .PP -X509_VERIFY_PARAM *\fIX509_STORE_CTX_get0_param()\fR retrieves an intenal pointer +X509_VERIFY_PARAM *\fBX509_STORE_CTX_get0_param()\fR retrieves an intenal pointer to the verification parameters associated with \fBctx\fR. .PP -\&\fIX509_STORE_CTX_set0_param()\fR sets the intenal verification parameter pointer +\&\fBX509_STORE_CTX_set0_param()\fR sets the intenal verification parameter pointer to \fBparam\fR. After this call \fBparam\fR should not be used. .PP -\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification -method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to +\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification +method to \fBname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to find an appropriate set of parameters from \fBname\fR. .SH "NOTES" .IX Header "NOTES" @@ -234,24 +238,24 @@ be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies should be made or reference counts increased instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an +\&\fBX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an error occurred. .PP -\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. +\&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. .PP -\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR +\&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR, \fIX509_STORE_CTX_trusted_stack()\fR, -\&\fIX509_STORE_CTX_set_cert()\fR, \fIX509_STORE_CTX_set_chain()\fR, -\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return +\&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR, \fBX509_STORE_CTX_trusted_stack()\fR, +\&\fBX509_STORE_CTX_set_cert()\fR, \fBX509_STORE_CTX_set_chain()\fR, +\&\fBX509_STORE_CTX_set0_crls()\fR and \fBX509_STORE_CTX_set0_param()\fR do not return values. .PP -\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. +\&\fBX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_verify_cert\fR\|(3) -\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3) +\&\fBX509_verify_cert\fR\|(3) +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0 +\&\fBX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 index 08802998dc9..afab91ba31d 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_set_verify_cb 3" -.TH X509_STORE_CTX_set_verify_cb 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_STORE_CTX_set_verify_cb 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ X509_STORE_CTX_set_verify_cb \- set verification callback .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to \&\fBverify_cb\fR overwriting any existing callback. .PP The verification callback can be used to customise the operation of certificate @@ -165,7 +169,7 @@ policy checking is complete. The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that is performing the verification operation. A callback can examine this structure and receive additional information about the error, for example -by calling \fIX509_STORE_CTX_get_current_cert()\fR. Additional application data can +by calling \fBX509_STORE_CTX_get_current_cert()\fR. Additional application data can be passed to the callback via the \fBex_data\fR mechanism. .SH "WARNING" .IX Header "WARNING" @@ -183,7 +187,7 @@ only way to set a custom verification callback is by inheriting it from the associated \fBX509_STORE\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_STORE_CTX_set_verify_cb()\fR does not return a value. +\&\fBX509_STORE_CTX_set_verify_cb()\fR does not return a value. .SH "EXAMPLES" .IX Header "EXAMPLES" Default callback operation: @@ -285,10 +289,10 @@ a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_STORE_CTX_get_error\fR\|(3) -\&\fIX509_STORE_set_verify_cb_func\fR\|(3) -\&\fIX509_STORE_CTX_get_ex_new_index\fR\|(3) +\&\fBX509_STORE_CTX_get_error\fR\|(3) +\&\fBX509_STORE_set_verify_cb_func\fR\|(3) +\&\fBX509_STORE_CTX_get_ex_new_index\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_STORE_CTX_set_verify_cb()\fR is available in all versions of SSLeay and +\&\fBX509_STORE_CTX_set_verify_cb()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 287e48e10c3..d33d1b02f89 100644 --- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_set_verify_cb_func 3" -.TH X509_STORE_set_verify_cb_func 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_STORE_set_verify_cb_func 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,10 +153,10 @@ X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb \- set verification call .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to \&\fBverify_cb\fR overwriting any existing callback. .PP -\&\fIX509_STORE_set_verify_cb_func()\fR also sets the verification callback but it +\&\fBX509_STORE_set_verify_cb_func()\fR also sets the verification callback but it is implemented as a macro. .SH "NOTES" .IX Header "NOTES" @@ -166,15 +170,15 @@ The macro version of this function was the only one available before OpenSSL 1.0.0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_STORE_set_verify_cb()\fR and \fIX509_STORE_set_verify_cb_func()\fR do not return +\&\fBX509_STORE_set_verify_cb()\fR and \fBX509_STORE_set_verify_cb_func()\fR do not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_STORE_CTX_set_verify_cb\fR\|(3) -\&\fICMS_verify\fR\|(3) +\&\fBX509_STORE_CTX_set_verify_cb\fR\|(3) +\&\fBCMS_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_STORE_set_verify_cb_func()\fR is available in all versions of SSLeay and +\&\fBX509_STORE_set_verify_cb_func()\fR is available in all versions of SSLeay and OpenSSL. .PP -\&\fIX509_STORE_set_verify_cb()\fR was added to OpenSSL 1.0.0. +\&\fBX509_STORE_set_verify_cb()\fR was added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index d891c62cf4e..3878c332dd2 100644 --- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_set_flags 3" -.TH X509_VERIFY_PARAM_set_flags 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_VERIFY_PARAM_set_flags 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,58 +181,58 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with a certificate verification operation. .PP -The \fIX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring +The \fBX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete description of values the \fBflags\fR parameter can take. .PP -\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. +\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. .PP -\&\fIX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. +\&\fBX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. .PP -\&\fIX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR +\&\fBX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR to \fBpurpose\fR. This determines the acceptable purpose of the certificate chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. .PP -\&\fIX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to +\&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to \&\fBtrust\fR. .PP -\&\fIX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to +\&\fBX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to \&\fBt\fR. Normally the current time is used. .PP -\&\fIX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled +\&\fBX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled by default) and adds \fBpolicy\fR to the acceptable policy set. .PP -\&\fIX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled +\&\fBX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear an existing policy set. .PP -\&\fIX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. +\&\fBX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. That is the maximum number of untrusted \s-1CA\s0 certificates that can appear in a chain. .PP -\&\fIX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to +\&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \&\fBname\fR clearing any previously specified host name or names. If \&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If \fBname\fR is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR must be set to the length of \fBname\fR. When a hostname is specified, -certificate verification automatically invokes \fIX509_check_host\fR\|(3) +certificate verification automatically invokes \fBX509_check_host\fR\|(3) with flags equal to the \fBflags\fR argument given to -\&\fB\f(BIX509_VERIFY_PARAM_set_hostflags()\fB\fR (default zero). Applications +\&\fB\fBX509_VERIFY_PARAM_set_hostflags()\fB\fR (default zero). Applications are strongly advised to use this interface in preference to explicitly -calling \fIX509_check_host\fR\|(3), hostname checks are out of scope -with the \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will +calling \fBX509_check_host\fR\|(3), hostname checks are out of scope +with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will be suppressed as appropriate when \s-1DANE\s0 support is added to OpenSSL. .PP -\&\fIX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference +\&\fBX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference identifer that can match the peer's certificate. Any previous names -set via \fIX509_VERIFY_PARAM_set1_host()\fR or \fIX509_VERIFY_PARAM_add1_host()\fR +set via \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, the peer is considered verified when any name matches. .PP -\&\fIX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject +\&\fBX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, or when a reference identifier specifies a parent domain (starts with \*(L".\*(R") @@ -238,38 +242,38 @@ string is allocated by the library and is no longer valid once the associated \fBparam\fR argument is freed. Applications must not free the return value. .PP -\&\fIX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to +\&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to \&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise \&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address is specified, certificate verification automatically invokes -\&\fIX509_check_email\fR\|(3). +\&\fBX509_check_email\fR\|(3). .PP -\&\fIX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. +\&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. The \fBip\fR argument is in binary format, in network byte-order and \&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 address is specified, certificate verification automatically invokes -\&\fIX509_check_ip\fR\|(3). +\&\fBX509_check_ip\fR\|(3). .PP -\&\fIX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to \&\fBipasc\fR. The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string: dotted decimal quad for IPv4 and colon-separated hexadecimal for IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_VERIFY_PARAM_set_flags()\fR, \fIX509_VERIFY_PARAM_clear_flags()\fR, -\&\fIX509_VERIFY_PARAM_set_purpose()\fR, \fIX509_VERIFY_PARAM_set_trust()\fR, -\&\fIX509_VERIFY_PARAM_add0_policy()\fR \fIX509_VERIFY_PARAM_set1_policies()\fR, -\&\fIX509_VERIFY_PARAM_set1_host()\fR, \fIX509_VERIFY_PARAM_set_hostflags()\fR, -\&\fIX509_VERIFY_PARAM_set1_email()\fR, \fIX509_VERIFY_PARAM_set1_ip()\fR and -\&\fIX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for +\&\fBX509_VERIFY_PARAM_set_flags()\fR, \fBX509_VERIFY_PARAM_clear_flags()\fR, +\&\fBX509_VERIFY_PARAM_set_purpose()\fR, \fBX509_VERIFY_PARAM_set_trust()\fR, +\&\fBX509_VERIFY_PARAM_add0_policy()\fR \fBX509_VERIFY_PARAM_set1_policies()\fR, +\&\fBX509_VERIFY_PARAM_set1_host()\fR, \fBX509_VERIFY_PARAM_set_hostflags()\fR, +\&\fBX509_VERIFY_PARAM_set1_email()\fR, \fBX509_VERIFY_PARAM_set1_ip()\fR and +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for failure. .PP -\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. +\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. .PP -\&\fIX509_VERIFY_PARAM_set_time()\fR and \fIX509_VERIFY_PARAM_set_depth()\fR do not return +\&\fBX509_VERIFY_PARAM_set_time()\fR and \fBX509_VERIFY_PARAM_set_depth()\fR do not return values. .PP -\&\fIX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. +\&\fBX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. .SH "VERIFICATION FLAGS" .IX Header "VERIFICATION FLAGS" The verification flags consists of zero or more of the following flags @@ -342,7 +346,7 @@ set this flag. Local issuer certificates are often more likely to satisfy local security requirements and lead to a locally trusted root. This is especially important When some certificates in the trust store have -explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fIx509\fR\|(1)). +explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBx509\fR\|(1)). .PP The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes intermediate certificates in the trust store to be treated as trust-anchors, in the same way as the self-signed @@ -358,7 +362,7 @@ verified chain passed to callbacks may still be anchored by a root \s-1CA.\s0 .IX Header "NOTES" The above functions should be used to manipulate verification parameters instead of legacy functions which work in specific structures such as -\&\fIX509_STORE_CTX_set_flags()\fR. +\&\fBX509_STORE_CTX_set_flags()\fR. .SH "BUGS" .IX Header "BUGS" Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and @@ -382,11 +386,11 @@ connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_verify_cert\fR\|(3), -\&\fIX509_check_host\fR\|(3), -\&\fIX509_check_email\fR\|(3), -\&\fIX509_check_ip\fR\|(3), -\&\fIx509\fR\|(1) +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_host\fR\|(3), +\&\fBX509_check_email\fR\|(3), +\&\fBX509_check_ip\fR\|(3), +\&\fBx509\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.0.2b diff --git a/secure/lib/libcrypto/man/X509_check_host.3 b/secure/lib/libcrypto/man/X509_check_host.3 index ffe0f0817d1..fa3249bdbc4 100644 --- a/secure/lib/libcrypto/man/X509_check_host.3 +++ b/secure/lib/libcrypto/man/X509_check_host.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_check_host 3" -.TH X509_check_host 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_check_host 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +160,7 @@ certificate matches a given host name, email address, or \s-1IP\s0 address. The validity of the certificate and its trust level has to be checked by other means. .PP -\&\fIX509_check_host()\fR checks if the certificate Subject Alternative +\&\fBX509_check_host()\fR checks if the certificate Subject Alternative Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host name, which must be encoded in the preferred name syntax described in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported @@ -177,23 +181,23 @@ valid for any sub-domain of \fBname\fR, (see also When the certificate is matched, and \fBpeername\fR is not \s-1NULL,\s0 a pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate is stored at the address passed in \fBpeername\fR. The application -is responsible for freeing the peername via \fIOPENSSL_free()\fR when it +is responsible for freeing the peername via \fBOPENSSL_free()\fR when it is no longer needed. .PP -\&\fIX509_check_email()\fR checks if the certificate matches the specified +\&\fBX509_check_email()\fR checks if the certificate matches the specified email \fBaddress\fR. Only the mailbox syntax of \s-1RFC 822\s0 is supported, comments are not allowed, and no attempt is made to normalize quoted characters. The \fBaddresslen\fR argument must be the number of characters in the address string or zero in which case the length is calculated with strlen(\fBaddress\fR). .PP -\&\fIX509_check_ip()\fR checks if the certificate matches a specified IPv4 or +\&\fBX509_check_ip()\fR checks if the certificate matches a specified IPv4 or IPv6 address. The \fBaddress\fR array is in binary format, in network byte order. The length is either 4 (IPv4) or 16 (IPv6). Only explicitly marked addresses in the certificates are considered; \s-1IP\s0 addresses stored in \s-1DNS\s0 names and Common Names are ignored. .PP -\&\fIX509_check_ip_asc()\fR is similar, except that the NUL-terminated +\&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated string \fBaddress\fR is first converted to the internal representation. .PP The \fBflags\fR argument is usually 0. It can be the bitwise \s-1OR\s0 of the @@ -243,23 +247,23 @@ and \-1 for an internal error: typically a memory allocation failure or an \s-1ASN.1\s0 decoding error. .PP All functions can also return \-2 if the input is malformed. For example, -\&\fIX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded +\&\fBX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded NULs. .SH "NOTES" .IX Header "NOTES" -Applications are encouraged to use \fIX509_VERIFY_PARAM_set1_host()\fR -rather than explicitly calling \fIX509_check_host\fR\|(3). Host name -checks are out of scope with the \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, +Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR +rather than explicitly calling \fBX509_check_host\fR\|(3). Host name +checks are out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal checks will be suppressed as appropriate when \&\s-1DANE\s0 support is added to OpenSSL. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_verify_result\fR\|(3), -\&\fIX509_VERIFY_PARAM_set1_host\fR\|(3), -\&\fIX509_VERIFY_PARAM_add1_host\fR\|(3), -\&\fIX509_VERIFY_PARAM_set1_email\fR\|(3), -\&\fIX509_VERIFY_PARAM_set1_ip\fR\|(3), -\&\fIX509_VERIFY_PARAM_set1_ipasc\fR\|(3) +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_host\fR\|(3), +\&\fBX509_VERIFY_PARAM_add1_host\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_email\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. diff --git a/secure/lib/libcrypto/man/X509_check_private_key.3 b/secure/lib/libcrypto/man/X509_check_private_key.3 index b4857bf8ab6..cfbf05f85b2 100644 --- a/secure/lib/libcrypto/man/X509_check_private_key.3 +++ b/secure/lib/libcrypto/man/X509_check_private_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_check_private_key 3" -.TH X509_check_private_key 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_check_private_key 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,18 +153,18 @@ request .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_check_private_key()\fR function checks the consistency of private +\&\fBX509_check_private_key()\fR function checks the consistency of private key \fBk\fR with the public key in \fBx\fR. .PP -\&\fIX509_REQ_check_private_key()\fR is equivalent to \fIX509_check_private_key()\fR +\&\fBX509_REQ_check_private_key()\fR is equivalent to \fBX509_check_private_key()\fR except that \fBx\fR represents a certificate request of structure \fBX509_REQ\fR. .SH "RETURN VALUE" .IX Header "RETURN VALUE" -\&\fIX509_check_private_key()\fR and \fIX509_REQ_check_private_key()\fR return 1 if +\&\fBX509_check_private_key()\fR and \fBX509_REQ_check_private_key()\fR return 1 if the keys match each other, and 0 if not. .PP If the key is invalid or an error occurred, the reason code can be -obtained using \fIERR_get_error\fR\|(3). +obtained using \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed @@ -170,7 +174,7 @@ of a key pair. So if you pass a public key to these functions in \fBk\fR, it wil return success. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libcrypto/man/X509_cmp_time.3 b/secure/lib/libcrypto/man/X509_cmp_time.3 index 204a2418841..53dd2fbd853 100644 --- a/secure/lib/libcrypto/man/X509_cmp_time.3 +++ b/secure/lib/libcrypto/man/X509_cmp_time.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_cmp_time 3" -.TH X509_cmp_time 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_cmp_time 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,7 +147,7 @@ X509_cmp_time \- X509 time functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time in +\&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time in . .PP \&\fBasn1_time\fR must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 i.e., @@ -155,11 +159,11 @@ If \fBcmp_time\fR is \s-1NULL\s0 the current time is used. Unlike many standard comparison functions, X509_cmp_time returns 0 on error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIX509_cmp_time()\fR returns \-1 if \fBasn1_time\fR is earlier than, or equal to, +\&\fBX509_cmp_time()\fR returns \-1 if \fBasn1_time\fR is earlier than, or equal to, \&\fBcmp_time\fR, and 1 otherwise. It returns 0 on error. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 index e1c1c0fa7fe..313891de1bd 100644 --- a/secure/lib/libcrypto/man/X509_new.3 +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_new 3" -.TH X509_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,19 +153,19 @@ X509_new, X509_free \- X509 certificate ASN1 allocation functions The X509 \s-1ASN1\s0 allocation routines, allocate and free an X509 structure, which represents an X509 certificate. .PP -\&\fIX509_new()\fR allocates and initializes a X509 structure. +\&\fBX509_new()\fR allocates and initializes a X509 structure. .PP -\&\fIX509_free()\fR frees up the \fBX509\fR structure \fBa\fR. +\&\fBX509_free()\fR frees up the \fBX509\fR structure \fBa\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). +If the allocation fails, \fBX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP -\&\fIX509_free()\fR returns no value. +\&\fBX509_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_X509\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_new()\fR and \fIX509_free()\fR are available in all versions of SSLeay and OpenSSL. +\&\fBX509_new()\fR and \fBX509_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3 index b32387722bd..f6e981e687b 100644 --- a/secure/lib/libcrypto/man/X509_verify_cert.3 +++ b/secure/lib/libcrypto/man/X509_verify_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_verify_cert 3" -.TH X509_verify_cert 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509_verify_cert 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,9 +149,9 @@ X509_verify_cert \- discover and verify X509 certificte chain .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIX509_verify_cert()\fR function attempts to discover and validate a +The \fBX509_verify_cert()\fR function attempts to discover and validate a certificate chain based on parameters in \fBctx\fR. A complete description of -the process is contained in the \fIverify\fR\|(1) manual page. +the process is contained in the \fBverify\fR\|(1) manual page. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If a complete chain can be built and validated this function returns 1, @@ -155,14 +159,14 @@ otherwise it return zero, in exceptional circumstances it can also return a negative code. .PP If the function fails additional error information can be obtained by -examining \fBctx\fR using, for example \fIX509_STORE_CTX_get_error()\fR. +examining \fBctx\fR using, for example \fBX509_STORE_CTX_get_error()\fR. .SH "NOTES" .IX Header "NOTES" Applications rarely call this function directly but it is used by OpenSSL internally for certificate validation, in both the S/MIME and \&\s-1SSL/TLS\s0 code. .PP -A negative return value from \fIX509_verify_cert()\fR can occur if it is invoked +A negative return value from \fBX509_verify_cert()\fR can occur if it is invoked incorrectly, such as with no certificate set in \fBctx\fR, or when it is called twice in succession without reinitialising \fBctx\fR for the second call. A negative return value can also happen due to internal resource problems or if @@ -175,7 +179,7 @@ This function uses the header \fBx509.h\fR as opposed to most chain verification functiosn which use \fBx509_vfy.h\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_STORE_CTX_get_error\fR\|(3) +\&\fBX509_STORE_CTX_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_verify_cert()\fR is available in all versions of SSLeay and OpenSSL. +\&\fBX509_verify_cert()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 index 22477c990cc..d13927a1e8c 100644 --- a/secure/lib/libcrypto/man/bio.3 +++ b/secure/lib/libcrypto/man/bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bio 3" -.TH bio 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH bio 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,16 +174,16 @@ first \s-1BIO\s0 then traverses the chain to the end (normally a source/sink \&\s-1BIO\s0). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBIO_ctrl\fR\|(3), -\&\fIBIO_f_base64\fR\|(3), \fIBIO_f_buffer\fR\|(3), -\&\fIBIO_f_cipher\fR\|(3), \fIBIO_f_md\fR\|(3), -\&\fIBIO_f_null\fR\|(3), \fIBIO_f_ssl\fR\|(3), -\&\fIBIO_find_type\fR\|(3), \fIBIO_new\fR\|(3), -\&\fIBIO_new_bio_pair\fR\|(3), -\&\fIBIO_push\fR\|(3), \fIBIO_read\fR\|(3), -\&\fIBIO_s_accept\fR\|(3), \fIBIO_s_bio\fR\|(3), -\&\fIBIO_s_connect\fR\|(3), \fIBIO_s_fd\fR\|(3), -\&\fIBIO_s_file\fR\|(3), \fIBIO_s_mem\fR\|(3), -\&\fIBIO_s_null\fR\|(3), \fIBIO_s_socket\fR\|(3), -\&\fIBIO_set_callback\fR\|(3), -\&\fIBIO_should_retry\fR\|(3) +\&\fBBIO_ctrl\fR\|(3), +\&\fBBIO_f_base64\fR\|(3), \fBBIO_f_buffer\fR\|(3), +\&\fBBIO_f_cipher\fR\|(3), \fBBIO_f_md\fR\|(3), +\&\fBBIO_f_null\fR\|(3), \fBBIO_f_ssl\fR\|(3), +\&\fBBIO_find_type\fR\|(3), \fBBIO_new\fR\|(3), +\&\fBBIO_new_bio_pair\fR\|(3), +\&\fBBIO_push\fR\|(3), \fBBIO_read\fR\|(3), +\&\fBBIO_s_accept\fR\|(3), \fBBIO_s_bio\fR\|(3), +\&\fBBIO_s_connect\fR\|(3), \fBBIO_s_fd\fR\|(3), +\&\fBBIO_s_file\fR\|(3), \fBBIO_s_mem\fR\|(3), +\&\fBBIO_s_null\fR\|(3), \fBBIO_s_socket\fR\|(3), +\&\fBBIO_set_callback\fR\|(3), +\&\fBBIO_should_retry\fR\|(3) diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 index a8c6c601d96..234280c95d2 100644 --- a/secure/lib/libcrypto/man/blowfish.3 +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH blowfish 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -166,59 +170,59 @@ by Counterpane (see http://www.counterpane.com/blowfish.html ). Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. It uses a variable size key, but typically, 128 bit (16 byte) keys are considered good for strong encryption. Blowfish can be used in the same -modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one +modes as \s-1DES\s0 (see \fBdes_modes\fR\|(7)). Blowfish is currently one of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much faster than \s-1IDEA\s0 or \s-1RC2.\s0 .PP Blowfish consists of a key setup phase and the actual encryption or decryption phase. .PP -\&\fIBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key +\&\fBBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key at \fBdata\fR. .PP -\&\fIBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. +\&\fBBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by \&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, everything after the first 64 bits is ignored. .PP -The mode functions \fIBF_cbc_encrypt()\fR, \fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR +The mode functions \fBBF_cbc_encrypt()\fR, \fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR all operate on variable length data. They all take an initialization vector \&\fBivec\fR which needs to be passed along into the next call of the same function for the same message. \fBivec\fR may be initialized with anything, but the recipient needs to know what it was initialized with, or it won't be able to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where \&\fBivec\fR is simply initialized to zero. -\&\fIBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while -\&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable +\&\fBBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while +\&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt an variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter \fBnum\fR, which is a pointer to an integer where the current offset in \fBivec\fR is stored between calls. This integer must be initialized to zero when \fBivec\fR is initialized. .PP -\&\fIBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It +\&\fBBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte long initialization vector. .PP -\&\fIBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. +\&\fBBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an 8 byte long initialization vector. \fBnum\fR must point at an integer which must be initially zero. .PP -\&\fIBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. -It uses the same parameters as \fIBF_cfb64_encrypt()\fR, which must be initialized +\&\fBBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. +It uses the same parameters as \fBBF_cfb64_encrypt()\fR, which must be initialized the same way. .PP -\&\fIBF_encrypt()\fR and \fIBF_decrypt()\fR are the lowest level functions for Blowfish +\&\fBBF_encrypt()\fR and \fBBF_decrypt()\fR are the lowest level functions for Blowfish encryption. They encrypt/decrypt the first 64 bits of the vector pointed by \&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you -implement 'modes' of Blowfish. The alternative is to use \fIBF_ecb_encrypt()\fR. +implement 'modes' of Blowfish. The alternative is to use \fBBF_ecb_encrypt()\fR. If you still want to use these functions, you should be aware that they take each 32\-bit chunk in host-byte order, which is little-endian on little-endian platforms and big-endian on big-endian ones. @@ -228,11 +232,11 @@ None of the functions presented here return any value. .SH "NOTE" .IX Header "NOTE" Applications should use the higher level functions -\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling the +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling the blowfish functions directly. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdes_modes\fR\|(7) +\&\fBdes_modes\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The Blowfish functions are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 index 987faf0de3f..bc09558677f 100644 --- a/secure/lib/libcrypto/man/bn.3 +++ b/secure/lib/libcrypto/man/bn.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bn 3" -.TH bn 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH bn 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -289,23 +293,23 @@ The basic object in this library is a \fB\s-1BIGNUM\s0\fR. It is used to hold a single large integer. This type should be considered opaque and fields should not be modified or accessed directly. .PP -The creation of \fB\s-1BIGNUM\s0\fR objects is described in \fIBN_new\fR\|(3); -\&\fIBN_add\fR\|(3) describes most of the arithmetic operations. -Comparison is described in \fIBN_cmp\fR\|(3); \fIBN_zero\fR\|(3) -describes certain assignments, \fIBN_rand\fR\|(3) the generation of -random numbers, \fIBN_generate_prime\fR\|(3) deals with prime -numbers and \fIBN_set_bit\fR\|(3) with bit operations. The conversion -of \fB\s-1BIGNUM\s0\fRs to external formats is described in \fIBN_bn2bin\fR\|(3). +The creation of \fB\s-1BIGNUM\s0\fR objects is described in \fBBN_new\fR\|(3); +\&\fBBN_add\fR\|(3) describes most of the arithmetic operations. +Comparison is described in \fBBN_cmp\fR\|(3); \fBBN_zero\fR\|(3) +describes certain assignments, \fBBN_rand\fR\|(3) the generation of +random numbers, \fBBN_generate_prime\fR\|(3) deals with prime +numbers and \fBBN_set_bit\fR\|(3) with bit operations. The conversion +of \fB\s-1BIGNUM\s0\fRs to external formats is described in \fBBN_bn2bin\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn_internal\fR\|(3), -\&\fIdh\fR\|(3), \fIerr\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3), -\&\fIBN_new\fR\|(3), \fIBN_CTX_new\fR\|(3), -\&\fIBN_copy\fR\|(3), \fIBN_swap\fR\|(3), \fIBN_num_bytes\fR\|(3), -\&\fIBN_add\fR\|(3), \fIBN_add_word\fR\|(3), -\&\fIBN_cmp\fR\|(3), \fIBN_zero\fR\|(3), \fIBN_rand\fR\|(3), -\&\fIBN_generate_prime\fR\|(3), \fIBN_set_bit\fR\|(3), -\&\fIBN_bn2bin\fR\|(3), \fIBN_mod_inverse\fR\|(3), -\&\fIBN_mod_mul_reciprocal\fR\|(3), -\&\fIBN_mod_mul_montgomery\fR\|(3), -\&\fIBN_BLINDING_new\fR\|(3) +\&\fBbn_internal\fR\|(3), +\&\fBdh\fR\|(3), \fBerr\fR\|(3), \fBrand\fR\|(3), \fBrsa\fR\|(3), +\&\fBBN_new\fR\|(3), \fBBN_CTX_new\fR\|(3), +\&\fBBN_copy\fR\|(3), \fBBN_swap\fR\|(3), \fBBN_num_bytes\fR\|(3), +\&\fBBN_add\fR\|(3), \fBBN_add_word\fR\|(3), +\&\fBBN_cmp\fR\|(3), \fBBN_zero\fR\|(3), \fBBN_rand\fR\|(3), +\&\fBBN_generate_prime\fR\|(3), \fBBN_set_bit\fR\|(3), +\&\fBBN_bn2bin\fR\|(3), \fBBN_mod_inverse\fR\|(3), +\&\fBBN_mod_mul_reciprocal\fR\|(3), +\&\fBBN_mod_mul_montgomery\fR\|(3), +\&\fBBN_BLINDING_new\fR\|(3) diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 index 87df101ec7a..e2af3ee6d87 100644 --- a/secure/lib/libcrypto/man/bn_internal.3 +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH bn_internal 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -218,7 +222,7 @@ applications. \& }; .Ve .PP -The integer value is stored in \fBd\fR, a \fImalloc()\fRed array of words (\fB\s-1BN_ULONG\s0\fR), +The integer value is stored in \fBd\fR, a \fBmalloc()\fRed array of words (\fB\s-1BN_ULONG\s0\fR), least significant word first. A \fB\s-1BN_ULONG\s0\fR can be either 16, 32 or 64 bits in size, depending on the 'number of bits' (\fB\s-1BITS2\s0\fR) specified in \&\f(CW\*(C`openssl/bn.h\*(C'\fR. @@ -238,7 +242,7 @@ Various routines in this library require the use of temporary allocation to create \fB\s-1BIGNUM\s0\fRs is rather expensive when used in conjunction with repeated subroutine calls, the \fB\s-1BN_CTX\s0\fR structure is used. This structure contains \fB\s-1BN_CTX_NUM\s0\fR \fB\s-1BIGNUM\s0\fRs, see -\&\fIBN_CTX_start\fR\|(3). +\&\fBBN_CTX_start\fR\|(3). .SS "Low-level arithmetic operations" .IX Subsection "Low-level arithmetic operations" These functions are implemented in C and for several platforms in @@ -314,11 +318,11 @@ bn_mul_high(\fBr\fR, \fBa\fR, \fBb\fR, \fBl\fR, \fBn2\fR, \fBtmp\fR) operates on \&\fBn2\fR word arrays \fBr\fR, \fBa\fR, \fBb\fR and \fBl\fR (?) and the 3*\fBn2\fR word array \fBtmp\fR. .PP -\&\fIBN_mul()\fR calls \fIbn_mul_normal()\fR, or an optimized implementation if the -factors have the same size: \fIbn_mul_comba8()\fR is used if they are 8 -words long, \fIbn_mul_recursive()\fR if they are larger than +\&\fBBN_mul()\fR calls \fBbn_mul_normal()\fR, or an optimized implementation if the +factors have the same size: \fBbn_mul_comba8()\fR is used if they are 8 +words long, \fBbn_mul_recursive()\fR if they are larger than \&\fB\s-1BN_MULL_SIZE_NORMAL\s0\fR and the size is an exact multiple of the word -size, and \fIbn_mul_part_recursive()\fR for others that are larger than +size, and \fBbn_mul_part_recursive()\fR for others that are larger than \&\fB\s-1BN_MULL_SIZE_NORMAL\s0\fR. .PP bn_sqr_normal(\fBr\fR, \fBa\fR, \fBn\fR, \fBtmp\fR) operates on the \fBn\fR word array @@ -338,28 +342,28 @@ sqr(\fBr0\fR, \fBr1\fR, \fBa\fR) computes \fBa\fR*\fBa\fR and places the low wor of the result in \fBr0\fR and the high word in \fBr1\fR. .SS "Size changes" .IX Subsection "Size changes" -\&\fIbn_expand()\fR ensures that \fBb\fR has enough space for a \fBbits\fR bit -number. \fIbn_wexpand()\fR ensures that \fBb\fR has enough space for an +\&\fBbn_expand()\fR ensures that \fBb\fR has enough space for a \fBbits\fR bit +number. \fBbn_wexpand()\fR ensures that \fBb\fR has enough space for an \&\fBn\fR word number. If the number has to be expanded, both macros -call \fIbn_expand2()\fR, which allocates a new \fBd\fR array and copies the +call \fBbn_expand2()\fR, which allocates a new \fBd\fR array and copies the data. They return \fB\s-1NULL\s0\fR on error, \fBb\fR otherwise. .PP -The \fIbn_fix_top()\fR macro reduces \fBa\->top\fR to point to the most +The \fBbn_fix_top()\fR macro reduces \fBa\->top\fR to point to the most significant non-zero word plus one when \fBa\fR has shrunk. .SS "Debugging" .IX Subsection "Debugging" -\&\fIbn_check_top()\fR verifies that \f(CW\*(C`((a)\->top >= 0 && (a)\->top +\&\fBbn_check_top()\fR verifies that \f(CW\*(C`((a)\->top >= 0 && (a)\->top <= (a)\->dmax)\*(C'\fR. A violation will cause the program to abort. .PP -\&\fIbn_print()\fR prints \fBa\fR to stderr. \fIbn_dump()\fR prints \fBn\fR words at \fBd\fR +\&\fBbn_print()\fR prints \fBa\fR to stderr. \fBbn_dump()\fR prints \fBn\fR words at \fBd\fR (in reverse order, i.e. most significant word first) to stderr. .PP -\&\fIbn_set_max()\fR makes \fBa\fR a static number with a \fBdmax\fR of its current size. -This is used by \fIbn_set_low()\fR and \fIbn_set_high()\fR to make \fBr\fR a read-only +\&\fBbn_set_max()\fR makes \fBa\fR a static number with a \fBdmax\fR of its current size. +This is used by \fBbn_set_low()\fR and \fBbn_set_high()\fR to make \fBr\fR a read-only \&\fB\s-1BIGNUM\s0\fR that contains the \fBn\fR low or high words of \fBa\fR. .PP -If \fB\s-1BN_DEBUG\s0\fR is not defined, \fIbn_check_top()\fR, \fIbn_print()\fR, \fIbn_dump()\fR -and \fIbn_set_max()\fR are defined as empty macros. +If \fB\s-1BN_DEBUG\s0\fR is not defined, \fBbn_check_top()\fR, \fBbn_print()\fR, \fBbn_dump()\fR +and \fBbn_set_max()\fR are defined as empty macros. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3) +\&\fBbn\fR\|(3) diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 index 128b6e97b32..cf5f6904cad 100644 --- a/secure/lib/libcrypto/man/buffer.3 +++ b/secure/lib/libcrypto/man/buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH buffer 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,37 +172,37 @@ standard C library equivalents The buffer library handles simple character arrays. Buffers are used for various purposes in the library, most notably memory BIOs. .PP -\&\fIBUF_MEM_new()\fR allocates a new buffer of zero size. +\&\fBBUF_MEM_new()\fR allocates a new buffer of zero size. .PP -\&\fIBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed +\&\fBBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed before freeing up in case the buffer contains sensitive data. .PP -\&\fIBUF_MEM_grow()\fR changes the size of an already existing buffer to +\&\fBBUF_MEM_grow()\fR changes the size of an already existing buffer to \&\fBlen\fR. Any data already in the buffer is preserved if it increases in size. .PP -\&\fIBUF_strdup()\fR, \fIBUF_strndup()\fR, \fIBUF_memdup()\fR, \fIBUF_strlcpy()\fR, -\&\fIBUF_strlcat()\fR and BUF_strnlen are equivalents of the standard C -library functions. The \fIdup()\fR functions use \fIOPENSSL_malloc()\fR underneath +\&\fBBUF_strdup()\fR, \fBBUF_strndup()\fR, \fBBUF_memdup()\fR, \fBBUF_strlcpy()\fR, +\&\fBBUF_strlcat()\fR and BUF_strnlen are equivalents of the standard C +library functions. The \fBdup()\fR functions use \fBOPENSSL_malloc()\fR underneath and so should be used in preference to the standard library for memory -leak checking or replacing the \fImalloc()\fR function. +leak checking or replacing the \fBmalloc()\fR function. .PP Memory allocated from these functions should be freed up using the -\&\fIOPENSSL_free()\fR function. +\&\fBOPENSSL_free()\fR function. .PP BUF_strndup makes the explicit guarantee that it will never read past the first \fBsiz\fR bytes of \fBstr\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. +\&\fBBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. .PP -\&\fIBUF_MEM_free()\fR has no return value. +\&\fBBUF_MEM_free()\fR has no return value. .PP -\&\fIBUF_MEM_grow()\fR returns zero on error or the new size (i.e. \fBlen\fR). +\&\fBBUF_MEM_grow()\fR returns zero on error or the new size (i.e. \fBlen\fR). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbio\fR\|(3) +\&\fBbio\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBUF_MEM_new()\fR, \fIBUF_MEM_free()\fR and \fIBUF_MEM_grow()\fR are available in all -versions of SSLeay and OpenSSL. \fIBUF_strdup()\fR was added in SSLeay 0.8. +\&\fBBUF_MEM_new()\fR, \fBBUF_MEM_free()\fR and \fBBUF_MEM_grow()\fR are available in all +versions of SSLeay and OpenSSL. \fBBUF_strdup()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 index e3c2a50a920..24362b095f0 100644 --- a/secure/lib/libcrypto/man/crypto.3 +++ b/secure/lib/libcrypto/man/crypto.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH crypto 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,32 +159,32 @@ cryptography and key agreement, certificate handling, cryptographic hash functions and a cryptographic pseudo-random number generator. .IP "\s-1SYMMETRIC CIPHERS\s0" 4 .IX Item "SYMMETRIC CIPHERS" -\&\fIblowfish\fR\|(3), \fIcast\fR\|(3), \fIdes\fR\|(3), -\&\fIidea\fR\|(3), \fIrc2\fR\|(3), \fIrc4\fR\|(3), \fIrc5\fR\|(3) +\&\fBblowfish\fR\|(3), \fBcast\fR\|(3), \fBdes\fR\|(3), +\&\fBidea\fR\|(3), \fBrc2\fR\|(3), \fBrc4\fR\|(3), \fBrc5\fR\|(3) .IP "\s-1PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT\s0" 4 .IX Item "PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT" -\&\fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrsa\fR\|(3) +\&\fBdsa\fR\|(3), \fBdh\fR\|(3), \fBrsa\fR\|(3) .IP "\s-1CERTIFICATES\s0" 4 .IX Item "CERTIFICATES" -\&\fIx509\fR\|(3), \fIx509v3\fR\|(3) +\&\fBx509\fR\|(3), \fBx509v3\fR\|(3) .IP "\s-1AUTHENTICATION CODES, HASH FUNCTIONS\s0" 4 .IX Item "AUTHENTICATION CODES, HASH FUNCTIONS" -\&\fIhmac\fR\|(3), \fImd2\fR\|(3), \fImd4\fR\|(3), -\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), -\&\fIsha\fR\|(3) +\&\fBhmac\fR\|(3), \fBmd2\fR\|(3), \fBmd4\fR\|(3), +\&\fBmd5\fR\|(3), \fBmdc2\fR\|(3), \fBripemd\fR\|(3), +\&\fBsha\fR\|(3) .IP "\s-1AUXILIARY FUNCTIONS\s0" 4 .IX Item "AUXILIARY FUNCTIONS" -\&\fIerr\fR\|(3), \fIthreads\fR\|(3), \fIrand\fR\|(3), -\&\s-1\fIOPENSSL_VERSION_NUMBER\s0\fR\|(3) +\&\fBerr\fR\|(3), \fBthreads\fR\|(3), \fBrand\fR\|(3), +\&\s-1\fBOPENSSL_VERSION_NUMBER\s0\fR\|(3) .IP "\s-1INPUT/OUTPUT, DATA ENCODING\s0" 4 .IX Item "INPUT/OUTPUT, DATA ENCODING" -\&\fIasn1\fR\|(3), \fIbio\fR\|(3), \fIevp\fR\|(3), \fIpem\fR\|(3), -\&\fIpkcs7\fR\|(3), \fIpkcs12\fR\|(3) +\&\fBasn1\fR\|(3), \fBbio\fR\|(3), \fBevp\fR\|(3), \fBpem\fR\|(3), +\&\fBpkcs7\fR\|(3), \fBpkcs12\fR\|(3) .IP "\s-1INTERNAL FUNCTIONS\s0" 4 .IX Item "INTERNAL FUNCTIONS" -\&\fIbn\fR\|(3), \fIbuffer\fR\|(3), \fIec\fR\|(3), \fIlhash\fR\|(3), -\&\fIobjects\fR\|(3), \fIstack\fR\|(3), -\&\fItxt_db\fR\|(3) +\&\fBbn\fR\|(3), \fBbuffer\fR\|(3), \fBec\fR\|(3), \fBlhash\fR\|(3), +\&\fBobjects\fR\|(3), \fBstack\fR\|(3), +\&\fBtxt_db\fR\|(3) .SH "NOTES" .IX Header "NOTES" Some of the newer functions follow a naming convention using the numbers @@ -200,4 +204,4 @@ The \fB1\fR function uses a copy of the supplied structure pointer so both (\fBx\fR and \fBobj\fR above) should be freed up. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIopenssl\fR\|(1), \fIssl\fR\|(3) +\&\fBopenssl\fR\|(1), \fBssl\fR\|(3) diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 index 7f9aace031b..970346d47df 100644 --- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 +++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ASN1_OBJECT 3" -.TH d2i_ASN1_OBJECT 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_ASN1_OBJECT 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,11 +152,11 @@ d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- ASN1 OBJECT IDENTIFIER functions .IX Header "DESCRIPTION" These functions decode and encode an \s-1ASN1 OBJECT IDENTIFIER.\s0 .PP -Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -described in the \fId2i_X509\fR\|(3) manual page. +Othewise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 b/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 index d17c281306c..603315c4157 100644 --- a/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 +++ b/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_CMS_ContentInfo 3" -.TH d2i_CMS_ContentInfo 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_CMS_ContentInfo 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,11 +152,11 @@ d2i_CMS_ContentInfo, i2d_CMS_ContentInfo \- CMS ContentInfo functions .IX Header "DESCRIPTION" These functions decode and encode an \s-1CMS\s0 ContentInfo structure. .PP -Otherwise they behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -described in the \fId2i_X509\fR\|(3) manual page. +Otherwise they behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 31fbed4d844..17f07de4da6 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_DHparams 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,11 +153,11 @@ d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions. These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the DHparameter structure described in PKCS#3. .PP -Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -described in the \fId2i_X509\fR\|(3) manual page. +Othewise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 index 962894342fc..2f18e2aaac9 100644 --- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DSAPublicKey 3" -.TH d2i_DSAPublicKey 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_DSAPublicKey 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -166,23 +170,23 @@ and parsing functions. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fId2i_DSAPublicKey()\fR and \fIi2d_DSAPublicKey()\fR decode and encode the \s-1DSA\s0 public key +\&\fBd2i_DSAPublicKey()\fR and \fBi2d_DSAPublicKey()\fR decode and encode the \s-1DSA\s0 public key components structure. .PP -\&\fId2i_DSA_PUBKEY()\fR and \fIi2d_DSA_PUBKEY()\fR decode and encode an \s-1DSA\s0 public key using +\&\fBd2i_DSA_PUBKEY()\fR and \fBi2d_DSA_PUBKEY()\fR decode and encode an \s-1DSA\s0 public key using a SubjectPublicKeyInfo (certificate public key) structure. .PP -\&\fId2i_DSAPrivateKey()\fR, \fIi2d_DSAPrivateKey()\fR decode and encode the \s-1DSA\s0 private key +\&\fBd2i_DSAPrivateKey()\fR, \fBi2d_DSAPrivateKey()\fR decode and encode the \s-1DSA\s0 private key components. .PP -\&\fId2i_DSAparams()\fR, \fIi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using +\&\fBd2i_DSAparams()\fR, \fBi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using a \fBDss-Parms\fR structure as defined in \s-1RFC2459.\s0 .PP -\&\fId2i_DSA_SIG()\fR, \fIi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a +\&\fBd2i_DSA_SIG()\fR, \fBi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a \&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459.\s0 .PP -The usage of all of these functions is similar to the \fId2i_X509()\fR and -\&\fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page. +The usage of all of these functions is similar to the \fBd2i_X509()\fR and +\&\fBi2d_X509()\fR described in the \fBd2i_X509\fR\|(3) manual page. .SH "NOTES" .IX Header "NOTES" The \fB\s-1DSA\s0\fR structure passed to the private key encoding functions should have @@ -205,7 +209,7 @@ consisting of a \s-1SEQUENCE\s0 containing the \fBp\fR, \fBq\fR, \fBg\fR and \fB \&\fBpriv_key\fR fields respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_ECPKParameters.3 b/secure/lib/libcrypto/man/d2i_ECPKParameters.3 index c9030675a69..1e4854ced78 100644 --- a/secure/lib/libcrypto/man/d2i_ECPKParameters.3 +++ b/secure/lib/libcrypto/man/d2i_ECPKParameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ECPKParameters 3" -.TH d2i_ECPKParameters 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_ECPKParameters 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,7 +161,7 @@ d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParamete The ECPKParameters encode and decode routines encode and parse the public parameters for an \&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. .PP -\&\fId2i_ECPKParameters()\fR attempts to decode \fBlen\fR bytes at \fB*in\fR. If +\&\fBd2i_ECPKParameters()\fR attempts to decode \fBlen\fR bytes at \fB*in\fR. If successful a pointer to the \fB\s-1EC_GROUP\s0\fR structure is returned. If an error occurred then \fB\s-1NULL\s0\fR is returned. If \fBpx\fR is not \fB\s-1NULL\s0\fR then the returned structure is written to \fB*px\fR. If \fB*px\fR is not \fB\s-1NULL\s0\fR @@ -166,7 +170,7 @@ structure and an attempt is made to reuse it. If the call is successful \fB*in\fR is incremented to the byte following the parsed data. .PP -\&\fIi2d_ECPKParameters()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format. +\&\fBi2d_ECPKParameters()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format. If \fBout\fR is not \fB\s-1NULL\s0\fR is writes the \s-1DER\s0 encoded data to the buffer at \fB*out\fR, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it @@ -176,37 +180,37 @@ If \fB*out\fR is \fB\s-1NULL\s0\fR memory will be allocated for a buffer and the data written to it. In this case \fB*out\fR is not incremented and it points to the start of the data just written. .PP -\&\fId2i_ECPKParameters_bio()\fR is similar to \fId2i_ECPKParameters()\fR except it attempts +\&\fBd2i_ECPKParameters_bio()\fR is similar to \fBd2i_ECPKParameters()\fR except it attempts to parse data from \s-1BIO\s0 \fBbp\fR. .PP -\&\fId2i_ECPKParameters_fp()\fR is similar to \fId2i_ECPKParameters()\fR except it attempts +\&\fBd2i_ECPKParameters_fp()\fR is similar to \fBd2i_ECPKParameters()\fR except it attempts to parse data from \s-1FILE\s0 pointer \fBfp\fR. .PP -\&\fIi2d_ECPKParameters_bio()\fR is similar to \fIi2d_ECPKParameters()\fR except it writes +\&\fBi2d_ECPKParameters_bio()\fR is similar to \fBi2d_ECPKParameters()\fR except it writes the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it returns 1 for success and 0 for failure. .PP -\&\fIi2d_ECPKParameters_fp()\fR is similar to \fIi2d_ECPKParameters()\fR except it writes +\&\fBi2d_ECPKParameters_fp()\fR is similar to \fBi2d_ECPKParameters()\fR except it writes the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it returns 1 for success and 0 for failure. .PP -These functions are very similar to the X509 functions described in \fId2i_X509\fR\|(3), +These functions are very similar to the X509 functions described in \fBd2i_X509\fR\|(3), where further notes and examples are available. .PP The ECPKParameters_print and ECPKParameters_print_fp functions print a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR or \fBfp\fR. The output lines are indented by \fBoff\fR spaces. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_ECPKParameters()\fR, \fId2i_ECPKParameters_bio()\fR and \fId2i_ECPKParameters_fp()\fR return a valid \fB\s-1EC_GROUP\s0\fR structure +\&\fBd2i_ECPKParameters()\fR, \fBd2i_ECPKParameters_bio()\fR and \fBd2i_ECPKParameters_fp()\fR return a valid \fB\s-1EC_GROUP\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. .PP -\&\fIi2d_ECPKParameters()\fR returns the number of bytes successfully encoded or a negative +\&\fBi2d_ECPKParameters()\fR returns the number of bytes successfully encoded or a negative value if an error occurs. .PP -\&\fIi2d_ECPKParameters_bio()\fR, \fIi2d_ECPKParameters_fp()\fR, ECPKParameters_print and ECPKParameters_print_fp +\&\fBi2d_ECPKParameters_bio()\fR, \fBi2d_ECPKParameters_fp()\fR, ECPKParameters_print and ECPKParameters_print_fp return 1 for success and 0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_X509\fR\|(3) +\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_X509\fR\|(3) diff --git a/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 b/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 index 8afdb12ff25..052e98cd567 100644 --- a/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ECPrivateKey 3" -.TH d2i_ECPrivateKey 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_ECPrivateKey 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,12 +157,12 @@ reading EC_KEY structures The ECPrivateKey encode and decode routines encode and parse an \&\fB\s-1EC_KEY\s0\fR structure into a binary format (\s-1ASN.1 DER\s0) and back again. .PP -These functions are similar to the \fId2i_X509()\fR functions, and you should refer to -that page for a detailed description (see \fId2i_X509\fR\|(3)). +These functions are similar to the \fBd2i_X509()\fR functions, and you should refer to +that page for a detailed description (see \fBd2i_X509\fR\|(3)). .PP The format of the external representation of the public key written by i2d_ECPrivateKey (such as whether it is stored in a compressed form or not) is -described by the point_conversion_form. See \fIEC_GROUP_copy\fR\|(3) +described by the point_conversion_form. See \fBEC_GROUP_copy\fR\|(3) for a description of point_conversion_form. .PP When reading a private key encoded without an associated public key (e.g. if @@ -176,21 +180,21 @@ the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s set then the public key is not encoded along with the private key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_ECPrivateKey()\fR returns a valid \fB\s-1EC_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error +\&\fBd2i_ECPrivateKey()\fR returns a valid \fB\s-1EC_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .PP -\&\fIi2d_ECPrivateKey()\fR returns the number of bytes successfully encoded or a +\&\fBi2d_ECPrivateKey()\fR returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .PP EC_KEY_get_enc_flags returns the value of the current encoding flags for the \&\s-1EC_KEY.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3), \fIec\fR\|(3), \fIEC_GROUP_new\fR\|(3), -\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3), -\&\fIEC_POINT_add\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), -\&\fId2i_ECPKParameters\fR\|(3), -\&\fId2i_ECPrivateKey\fR\|(3) +\&\fBcrypto\fR\|(3), \fBec\fR\|(3), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3), +\&\fBd2i_ECPrivateKey\fR\|(3) diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 index 90fb7b755ee..6972edceda9 100644 --- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_PKCS8PrivateKey 3" -.TH d2i_PKCS8PrivateKey 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_PKCS8PrivateKey 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,10 +172,10 @@ The PKCS#8 functions encode and decode private keys in PKCS#8 format using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. .PP Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the -corresponding \fB\s-1PEM\s0\fR function as described in the \fIpem\fR\|(3) manual page. +corresponding \fB\s-1PEM\s0\fR function as described in the \fBpem\fR\|(3) manual page. .SH "NOTES" .IX Header "NOTES" -Before using these functions \fIOpenSSL_add_all_algorithms\fR\|(3) +Before using these functions \fBOpenSSL_add_all_algorithms\fR\|(3) should be called to initialize the internal algorithm lookup tables otherwise errors about unknown algorithms will occur if an attempt is made to decrypt a private key. .PP @@ -179,7 +183,7 @@ These functions are currently the only way to store encrypted private keys using .PP Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which work directly on memory: this can be readily worked around by converting the buffers -to memory BIOs, see \fIBIO_s_mem\fR\|(3) for details. +to memory BIOs, see \fBBIO_s_mem\fR\|(3) for details. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIpem\fR\|(3) +\&\fBpem\fR\|(3) diff --git a/secure/lib/libcrypto/man/d2i_PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PrivateKey.3 index e26b5cffa1f..cc48ac25308 100644 --- a/secure/lib/libcrypto/man/d2i_PrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_PrivateKey 3" -.TH d2i_PrivateKey 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_PrivateKey 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,38 +154,38 @@ functions for reading and saving EVP_PKEY structures. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fId2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to +\&\fBd2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The \&\fBtype\fR parameter should be a public key algorithm constant such as \&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR. .PP -\&\fId2i_AutoPrivateKey()\fR is similar to \fId2i_PrivateKey()\fR except it attempts to +\&\fBd2i_AutoPrivateKey()\fR is similar to \fBd2i_PrivateKey()\fR except it attempts to automatically detect the private key format. .PP -\&\fIi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is +\&\fBi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. .PP -These functions are similar to the \fId2i_X509()\fR functions, and you should refer to -that page for a detailed description (see \fId2i_X509\fR\|(3)). +These functions are similar to the \fBd2i_X509()\fR functions, and you should refer to +that page for a detailed description (see \fBd2i_X509\fR\|(3)). .SH "NOTES" .IX Header "NOTES" All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing to encrypt or decrypt private keys should use other functions such as -\&\fId2i_PKC8PrivateKey()\fR instead. +\&\fBd2i_PKC8PrivateKey()\fR instead. .PP -If the \fB*a\fR is not \s-1NULL\s0 when calling \fId2i_PrivateKey()\fR or \fId2i_AutoPrivateKey()\fR +If the \fB*a\fR is not \s-1NULL\s0 when calling \fBd2i_PrivateKey()\fR or \fBd2i_AutoPrivateKey()\fR (i.e. an existing structure is being reused) and the key format is PKCS#8 then \fB*a\fR will be freed and replaced on a successful call. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_PrivateKey()\fR and \fId2i_AutoPrivateKey()\fR return a valid \fB\s-1EVP_KEY\s0\fR structure +\&\fBd2i_PrivateKey()\fR and \fBd2i_AutoPrivateKey()\fR return a valid \fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. The error code can be obtained by calling -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .PP -\&\fIi2d_PrivateKey()\fR returns the number of bytes successfully encoded or a +\&\fBi2d_PrivateKey()\fR returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by calling -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3), -\&\fId2i_PKCS8PrivateKey\fR\|(3) +\&\fBcrypto\fR\|(3), +\&\fBd2i_PKCS8PrivateKey\fR\|(3) diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 index cdab71cdce8..621159c72ba 100644 --- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_RSAPublicKey 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,20 +166,20 @@ d2i_Netscape_RSA \- RSA public and private key encoding functions. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fId2i_RSAPublicKey()\fR and \fIi2d_RSAPublicKey()\fR decode and encode a PKCS#1 RSAPublicKey +\&\fBd2i_RSAPublicKey()\fR and \fBi2d_RSAPublicKey()\fR decode and encode a PKCS#1 RSAPublicKey structure. .PP -\&\fId2i_RSA_PUBKEY()\fR and \fIi2d_RSA_PUBKEY()\fR decode and encode an \s-1RSA\s0 public key using +\&\fBd2i_RSA_PUBKEY()\fR and \fBi2d_RSA_PUBKEY()\fR decode and encode an \s-1RSA\s0 public key using a SubjectPublicKeyInfo (certificate public key) structure. .PP -\&\fId2i_RSAPrivateKey()\fR, \fIi2d_RSAPrivateKey()\fR decode and encode a PKCS#1 RSAPrivateKey +\&\fBd2i_RSAPrivateKey()\fR, \fBi2d_RSAPrivateKey()\fR decode and encode a PKCS#1 RSAPrivateKey structure. .PP -\&\fId2i_Netscape_RSA()\fR, \fIi2d_Netscape_RSA()\fR decode and encode an \s-1RSA\s0 private key in +\&\fBd2i_Netscape_RSA()\fR, \fBi2d_Netscape_RSA()\fR decode and encode an \s-1RSA\s0 private key in \&\s-1NET\s0 format. .PP -The usage of all of these functions is similar to the \fId2i_X509()\fR and -\&\fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page. +The usage of all of these functions is similar to the \fBd2i_X509()\fR and +\&\fBi2d_X509()\fR described in the \fBd2i_X509\fR\|(3) manual page. .SH "NOTES" .IX Header "NOTES" The \fB\s-1RSA\s0\fR structure passed to the private key encoding functions should have @@ -189,7 +193,7 @@ old software. This format has some severe security weaknesses and should be avoided if possible. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index 581505eaebb..e7768d0e391 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509 3" -.TH d2i_X509 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_X509 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,7 +164,7 @@ i2d_X509_fp \- X509 encode and decode functions The X509 encode and decode routines encode and parse an \&\fBX509\fR structure, which represents an X509 certificate. .PP -\&\fId2i_X509()\fR attempts to decode \fBlen\fR bytes at \fB*in\fR. If +\&\fBd2i_X509()\fR attempts to decode \fBlen\fR bytes at \fB*in\fR. If successful a pointer to the \fBX509\fR structure is returned. If an error occurred then \fB\s-1NULL\s0\fR is returned. If \fBpx\fR is not \fB\s-1NULL\s0\fR then the returned structure is written to \fB*px\fR. If \fB*px\fR is not \fB\s-1NULL\s0\fR @@ -172,12 +176,12 @@ below, and the discussion in the \s-1RETURN VALUES\s0 section). If the call is successful \fB*in\fR is incremented to the byte following the parsed data. .PP -\&\fId2i_X509_AUX()\fR is similar to \fId2i_X509()\fR but the input is expected to consist of +\&\fBd2i_X509_AUX()\fR is similar to \fBd2i_X509()\fR but the input is expected to consist of an X509 certificate followed by auxiliary trust information. This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. This function should not be called on untrusted input. .PP -\&\fIi2d_X509()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format. +\&\fBi2d_X509()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format. If \fBout\fR is not \fB\s-1NULL\s0\fR is writes the \s-1DER\s0 encoded data to the buffer at \fB*out\fR, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it @@ -188,26 +192,26 @@ allocated for a buffer and the encoded data written to it. In this case \fB*out\fR is not incremented and it points to the start of the data just written. .PP -\&\fIi2d_X509_AUX()\fR is similar to \fIi2d_X509()\fR, but the encoded output contains both +\&\fBi2d_X509_AUX()\fR is similar to \fBi2d_X509()\fR, but the encoded output contains both the certificate and any auxiliary trust information. This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. Note, this is a non-standard OpenSSL-specific data format. .PP -\&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts +\&\fBd2i_X509_bio()\fR is similar to \fBd2i_X509()\fR except it attempts to parse data from \s-1BIO\s0 \fBbp\fR. .PP -\&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts +\&\fBd2i_X509_fp()\fR is similar to \fBd2i_X509()\fR except it attempts to parse data from \s-1FILE\s0 pointer \fBfp\fR. .PP -\&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes +\&\fBi2d_X509_bio()\fR is similar to \fBi2d_X509()\fR except it writes the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it returns 1 for success and 0 for failure. .PP -\&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes +\&\fBi2d_X509_fp()\fR is similar to \fBi2d_X509()\fR except it writes the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it returns 1 for success and 0 for failure. .PP -\&\fIi2d_re_X509_tbs()\fR is similar to \fIi2d_X509()\fR except it encodes +\&\fBi2d_re_X509_tbs()\fR is similar to \fBi2d_X509()\fR except it encodes only the TBSCertificate portion of the certificate. .SH "NOTES" .IX Header "NOTES" @@ -220,13 +224,13 @@ creation (see the \s-1BUGS\s0 section). .PP The functions can also understand \fB\s-1BER\s0\fR forms. .PP -The actual X509 structure passed to \fIi2d_X509()\fR must be a valid +The actual X509 structure passed to \fBi2d_X509()\fR must be a valid populated \fBX509\fR structure it can \fBnot\fR simply be fed with an -empty structure such as that returned by \fIX509_new()\fR. +empty structure such as that returned by \fBX509_new()\fR. .PP The encoded data is in binary form and may contain embedded zeroes. Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. -Functions such as \fB\f(BIstrlen()\fB\fR will \fBnot\fR return the correct length +Functions such as \fB\fBstrlen()\fB\fR will \fBnot\fR return the correct length of the encoded structure. .PP The ways that \fB*in\fR and \fB*out\fR are incremented after the operation @@ -333,14 +337,14 @@ mistake is to attempt to use a buffer directly as follows: .PP This code will result in \fBbuf\fR apparently containing garbage because it was incremented after the call to point after the data just written. -Also \fBbuf\fR will no longer contain the pointer allocated by \fB\f(BIOPENSSL_malloc()\fB\fR -and the subsequent call to \fB\f(BIOPENSSL_free()\fB\fR may well crash. +Also \fBbuf\fR will no longer contain the pointer allocated by \fB\fBOPENSSL_malloc()\fB\fR +and the subsequent call to \fB\fBOPENSSL_free()\fB\fR may well crash. .PP The auto allocation feature (setting buf to \s-1NULL\s0) only works on OpenSSL 0.9.7 and later. Attempts to use it on earlier versions will typically cause a segmentation violation. .PP -Another trap to avoid is misuse of the \fBxp\fR argument to \fB\f(BId2i_X509()\fB\fR: +Another trap to avoid is misuse of the \fBxp\fR argument to \fB\fBd2i_X509()\fB\fR: .PP .Vb 1 \& X509 *x; @@ -349,23 +353,23 @@ Another trap to avoid is misuse of the \fBxp\fR argument to \fB\f(BId2i_X509()\f \& /* Some error */ .Ve .PP -This will probably crash somewhere in \fB\f(BId2i_X509()\fB\fR. The reason for this +This will probably crash somewhere in \fB\fBd2i_X509()\fB\fR. The reason for this is that the variable \fBx\fR is uninitialized and an attempt will be made to interpret its (invalid) value as an \fBX509\fR structure, typically causing a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not happen. .SH "BUGS" .IX Header "BUGS" -In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fId2i_X509()\fR when +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_X509()\fR when \&\fB*px\fR is valid is broken and some parts of the reused structure may persist if they are not present in the new one. As a result the use of this \*(L"reuse\*(R" behaviour is strongly discouraged. .PP -\&\fIi2d_X509()\fR will not return an error in many versions of OpenSSL, +\&\fBi2d_X509()\fR will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the -fields entirely and will not be parsed by \fId2i_X509()\fR. This may be -fixed in future so code should not assume that \fIi2d_X509()\fR will +fields entirely and will not be parsed by \fBd2i_X509()\fR. This may be +fixed in future so code should not assume that \fBi2d_X509()\fR will always succeed. .PP The encoding of the TBSCertificate portion of a certificate is cached @@ -373,33 +377,33 @@ in the \fBX509\fR structure internally to improve encoding performance and to ensure certificate signatures are verified correctly in some certificates with broken (non-DER) encodings. .PP -Any function which encodes an X509 structure such as \fIi2d_X509()\fR, -\&\fIi2d_X509_fp()\fR or \fIi2d_X509_bio()\fR may return a stale encoding if the +Any function which encodes an X509 structure such as \fBi2d_X509()\fR, +\&\fBi2d_X509_fp()\fR or \fBi2d_X509_bio()\fR may return a stale encoding if the \&\fBX509\fR structure has been modified after deserialization or previous serialization. .PP -If, after modification, the \fBX509\fR object is re-signed with \fIX509_sign()\fR, +If, after modification, the \fBX509\fR object is re-signed with \fBX509_sign()\fR, the encoding is automatically renewed. Otherwise, the encoding of the TBSCertificate portion of the \fBX509\fR can be manually renewed by calling -\&\fIi2d_re_X509_tbs()\fR. +\&\fBi2d_re_X509_tbs()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure +\&\fBd2i_X509()\fR, \fBd2i_X509_bio()\fR and \fBd2i_X509_fp()\fR return a valid \fBX509\fR structure or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by -\&\fIERR_get_error\fR\|(3). If the \*(L"reuse\*(R" capability has been used +\&\fBERR_get_error\fR\|(3). If the \*(L"reuse\*(R" capability has been used with a valid X509 structure being passed in via \fBpx\fR then the object is not freed in the event of error but may be in a potentially invalid or inconsistent state. .PP -\&\fIi2d_X509()\fR returns the number of bytes successfully encoded or a negative +\&\fBi2d_X509()\fR returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fBERR_get_error\fR\|(3). .PP -\&\fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR return 1 for success and 0 if an error -occurs The error code can be obtained by \fIERR_get_error\fR\|(3). +\&\fBi2d_X509_bio()\fR and \fBi2d_X509_fp()\fR return 1 for success and 0 if an error +occurs The error code can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 index b0058b83407..03068e4f2ab 100644 --- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 +++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_ALGOR 3" -.TH d2i_X509_ALGOR 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_X509_ALGOR 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,11 +153,11 @@ d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions. These functions decode and encode an \fBX509_ALGOR\fR structure which is equivalent to the \fBAlgorithmIdentifier\fR structure. .PP -Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -described in the \fId2i_X509\fR\|(3) manual page. +Othewise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3 index 0c6a59ec41e..31b779b8a8b 100644 --- a/secure/lib/libcrypto/man/d2i_X509_CRL.3 +++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_CRL 3" -.TH d2i_X509_CRL 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_X509_CRL 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,11 +160,11 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions. These functions decode and encode an X509 \s-1CRL\s0 (certificate revocation list). .PP -Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -described in the \fId2i_X509\fR\|(3) manual page. +Othewise the functions behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3 index 50cd641a9cf..fa6fd02e835 100644 --- a/secure/lib/libcrypto/man/d2i_X509_NAME.3 +++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_NAME 3" -.TH d2i_X509_NAME 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_X509_NAME 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,11 +154,11 @@ These functions decode and encode an \fBX509_NAME\fR structure which is the same as the \fBName\fR type defined in \s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject and issuer names. .PP -Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -described in the \fId2i_X509\fR\|(3) manual page. +Othewise the functions behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3 index f1a457c8388..64de67963b5 100644 --- a/secure/lib/libcrypto/man/d2i_X509_REQ.3 +++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_REQ 3" -.TH d2i_X509_REQ 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_X509_REQ 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,11 +159,11 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp \- PKCS#10 certificate request functions. .IX Header "DESCRIPTION" These functions decode and encode a PKCS#10 certificate request. .PP -Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -described in the \fId2i_X509\fR\|(3) manual page. +Othewise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3 index e2e94ea77d9..fd4d0a681bb 100644 --- a/secure/lib/libcrypto/man/d2i_X509_SIG.3 +++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_SIG 3" -.TH d2i_X509_SIG 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_X509_SIG 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,11 +153,11 @@ d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions. These functions decode and encode an X509_SIG structure which is equivalent to the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. .PP -Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -described in the \fId2i_X509\fR\|(3) manual page. +Othewise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fId2i_X509\fR\|(3) +\&\fBd2i_X509\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 index 1bbda86621b..be255b94a0d 100644 --- a/secure/lib/libcrypto/man/des.3 +++ b/secure/lib/libcrypto/man/des.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "des 3" -.TH des 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH des 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -247,34 +251,34 @@ consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. .PP -\&\fIDES_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded -prior to using this function (see \fIrand\fR\|(3)). If the \s-1PRNG\s0 +\&\fBDES_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded +prior to using this function (see \fBrand\fR\|(3)). If the \s-1PRNG\s0 could not generate a secure key, 0 is returned. .PP Before a \s-1DES\s0 key can be used, it must be converted into the architecture dependent \fIDES_key_schedule\fR via the -\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function. +\&\fBDES_set_key_checked()\fR or \fBDES_set_key_unchecked()\fR function. .PP -\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity +\&\fBDES_set_key_checked()\fR will check that the key passed is of odd parity and is not a weak or semi-weak key. If the parity is wrong, then \-1 is returned. If the key is a weak key, then \-2 is returned. If an error is returned, the key schedule is not generated. .PP -\&\fIDES_set_key()\fR works like -\&\fIDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, -otherwise like \fIDES_set_key_unchecked()\fR. These functions are available +\&\fBDES_set_key()\fR works like +\&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, +otherwise like \fBDES_set_key_unchecked()\fR. These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. .PP -\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. +\&\fBDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. .PP -\&\fIDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it +\&\fBDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it is ok. .PP The following routines mostly operate on an input and output stream of \&\fIDES_cblock\fRs. .PP -\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +\&\fBDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR (\s-1ECB\s0) mode. It always transforms the input data, pointed to by \&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. @@ -283,9 +287,9 @@ If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR key_schedule specified by the \fIschedule\fR argument, previously set via \&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input -and output may overlap. \fIDES_ecb_encrypt()\fR does not return a value. +and output may overlap. \fBDES_ecb_encrypt()\fR does not return a value. .PP -\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +\&\fBDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and then encrypting with \fIks3\fR. This routine greatly reduces the chances @@ -293,10 +297,10 @@ of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, \&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption using \s-1ECB\s0 mode and \fIks1\fR as the key. .PP -The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +The macro \fBDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES encryption by using \fIks1\fR for the final encryption. .PP -\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +\&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR (\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is non-zero, the routine cipher-block-chain encrypts the cleartext data pointed to by the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR @@ -306,24 +310,24 @@ and initialization vector provided by the \fIivec\fR argument. If the last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes. .PP -\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and +\&\fBDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and \&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret (unlike the iv) and are as such, part of the key. So the key is sort of 24 bytes. This is much better than \s-1CBC DES.\s0 .PP -\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with +\&\fBDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 .PP -The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +The \fBDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. This form of Triple-DES is used by the \s-1RSAREF\s0 library. .PP -\&\fIDES_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block +\&\fBDES_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as -\&\fIDES_ncbc_encrypt()\fR. +\&\fBDES_ncbc_encrypt()\fR. .PP -\&\fIDES_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This +\&\fBDES_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This method takes an array of characters as input and outputs and array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to @@ -331,7 +335,7 @@ be passed to the next call to this function. Since this function runs a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only suggested for use when sending small numbers of characters. .PP -\&\fIDES_cfb64_encrypt()\fR +\&\fBDES_cfb64_encrypt()\fR implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, no 8 byte padding. Each call to this @@ -339,10 +343,10 @@ routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does not make much sense, read more about cfb mode of \s-1DES :\-\s0). .PP -\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as -\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used. +\&\fBDES_ede3_cfb64_encrypt()\fR and \fBDES_ede2_cfb64_encrypt()\fR is the same as +\&\fBDES_cfb64_encrypt()\fR except that Triple-DES is used. .PP -\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode. This method +\&\fBDES_ofb_encrypt()\fR encrypts using output feedback mode. This method takes an array of characters as input and outputs and array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to @@ -350,22 +354,22 @@ be passed to the next call to this function. Since this function runs a complete \s-1DES ECB\s0 encryption per numbits, this function is only suggested for use when sending small numbers of characters. .PP -\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output +\&\fBDES_ofb64_encrypt()\fR is the same as \fBDES_cfb64_encrypt()\fR using Output Feed Back mode. .PP -\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as -\&\fIDES_ofb64_encrypt()\fR, using Triple-DES. +\&\fBDES_ede3_ofb64_encrypt()\fR and \fBDES_ede2_ofb64_encrypt()\fR is the same as +\&\fBDES_ofb64_encrypt()\fR, using Triple-DES. .PP The following functions are included in the \s-1DES\s0 library for compatibility with the \s-1MIT\s0 Kerberos library. .PP -\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +\&\fBDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream (via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned and the complete 8 bytes are placed in \fIoutput\fR. This function is used by Kerberos v4. Other applications should use -\&\fIEVP_DigestInit\fR\|(3) etc. instead. +\&\fBEVP_DigestInit\fR\|(3) etc. instead. .PP -\&\fIDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +\&\fBDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is non-NULL, the 8 bytes generated by each pass are written into @@ -373,19 +377,19 @@ non-NULL, the 8 bytes generated by each pass are written into .PP The following are DES-based transformations: .PP -\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This +\&\fBDES_fcrypt()\fR is a fast version of the Unix \fBcrypt\fR\|(3) function. This version takes only a small amount of space relative to other fast -\&\fIcrypt()\fR implementations. This is different to the normal crypt in +\&\fBcrypt()\fR implementations. This is different to the normal crypt in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function is thread safe, unlike the normal crypt. .PP -\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. -This function calls \fIDES_fcrypt()\fR with a static array passed as the +\&\fBDES_crypt()\fR is a faster replacement for the normal system \fBcrypt()\fR. +This function calls \fBDES_fcrypt()\fR with a static array passed as the third parameter. This emulates the normal non-thread safe semantics -of \fIcrypt\fR\|(3). +of \fBcrypt\fR\|(3). .PP -\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +\&\fBDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual data send down \fIfd\fR consists of 4 bytes (in network byte order) @@ -393,38 +397,38 @@ containing the length of the following encrypted data. The encrypted data then follows, padded with random data out to a multiple of 8 bytes. .PP -\&\fIDES_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor +\&\fBDES_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor \&\fIfd\fR into buffer \fIbuf\fR. The data being read from \fIfd\fR is assumed to -have come from \fIDES_enc_write()\fR and is decrypted using \fIsched\fR for +have come from \fBDES_enc_write()\fR and is decrypted using \fIsched\fR for the key schedule and \fIiv\fR for the initial vector. .PP -\&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR +\&\fBWarning:\fR The data format used by \fBDES_enc_write()\fR and \fBDES_enc_read()\fR has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0 -bytes, \fIDES_enc_write()\fR will split the data into several chunks that +bytes, \fBDES_enc_write()\fR will split the data into several chunks that are all encrypted using the same \s-1IV.\s0 So don't use these functions unless you are sure you know what you do (in which case you might not want to use them anyway). They cannot handle non-blocking sockets. -\&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on +\&\fBDES_enc_read()\fR uses an internal state and thus cannot be used on multiple files. .PP \&\fIDES_rw_mode\fR is used to specify the encryption mode to use with -\&\fIDES_enc_read()\fR and \fIDES_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the +\&\fBDES_enc_read()\fR and \fBDES_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the default), DES_pcbc_encrypt is used. If set to \fI\s-1DES_CBC_MODE\s0\fR DES_cbc_encrypt is used. .SH "NOTES" .IX Header "NOTES" Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is -not suitable for most applications; see \fIdes_modes\fR\|(7). +not suitable for most applications; see \fBdes_modes\fR\|(7). .PP -The \fIevp\fR\|(3) library provides higher-level encryption functions. +The \fBevp\fR\|(3) library provides higher-level encryption functions. .SH "BUGS" .IX Header "BUGS" -\&\fIDES_3cbc_encrypt()\fR is flawed and must not be used in applications. +\&\fBDES_3cbc_encrypt()\fR is flawed and must not be used in applications. .PP -\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR +\&\fBDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fBDES_ncbc_encrypt()\fR instead. .PP -\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits. +\&\fBDES_cfb_encrypt()\fR and \fBDES_ofb_encrypt()\fR operates on input of 8 bits. What this means is that if you set numbits to 12, and length to 2, the first 12 bits will come from the 1st input byte and the low half of the second input byte. The second 12 bits will have the low 8 bits @@ -434,9 +438,9 @@ implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly! .PP -\&\fIDES_string_to_key()\fR is available for backward compatibility with the +\&\fBDES_string_to_key()\fR is available for backward compatibility with the \&\s-1MIT\s0 library. New applications should use a cryptographic hash function. -The same applies for \fIDES_string_to_2key()\fR. +The same applies for \fBDES_string_to_2key()\fR. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ANSI X3.106\s0 @@ -445,35 +449,35 @@ The \fBdes\fR library was written to be source code compatible with the \s-1MIT\s0 Kerberos library. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypt\fR\|(3), \fIdes_modes\fR\|(7), \fIevp\fR\|(3), \fIrand\fR\|(3) +\&\fBcrypt\fR\|(3), \fBdes_modes\fR\|(7), \fBevp\fR\|(3), \fBrand\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" In OpenSSL 0.9.7, all des_ functions were renamed to \s-1DES_\s0 to avoid clashes with older versions of libdes. Compatibility des_ functions -are provided for a short while, as well as \fIcrypt()\fR. +are provided for a short while, as well as \fBcrypt()\fR. Declarations for these are in . There is no \s-1DES_\s0 -variant for \fIdes_random_seed()\fR. +variant for \fBdes_random_seed()\fR. This will happen to other functions -as well if they are deemed redundant (\fIdes_random_seed()\fR just calls -\&\fIRAND_seed()\fR and is present for backward compatibility only), buggy or +as well if they are deemed redundant (\fBdes_random_seed()\fR just calls +\&\fBRAND_seed()\fR and is present for backward compatibility only), buggy or already scheduled for removal. .PP -\&\fIdes_cbc_cksum()\fR, \fIdes_cbc_encrypt()\fR, \fIdes_ecb_encrypt()\fR, -\&\fIdes_is_weak_key()\fR, \fIdes_key_sched()\fR, \fIdes_pcbc_encrypt()\fR, -\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR and \fIdes_string_to_key()\fR +\&\fBdes_cbc_cksum()\fR, \fBdes_cbc_encrypt()\fR, \fBdes_ecb_encrypt()\fR, +\&\fBdes_is_weak_key()\fR, \fBdes_key_sched()\fR, \fBdes_pcbc_encrypt()\fR, +\&\fBdes_quad_cksum()\fR, \fBdes_random_key()\fR and \fBdes_string_to_key()\fR are available in the \s-1MIT\s0 Kerberos library; -\&\fIdes_check_key_parity()\fR, \fIdes_fixup_key_parity()\fR and \fIdes_is_weak_key()\fR +\&\fBdes_check_key_parity()\fR, \fBdes_fixup_key_parity()\fR and \fBdes_is_weak_key()\fR are available in newer versions of that library. .PP -\&\fIdes_set_key_checked()\fR and \fIdes_set_key_unchecked()\fR were added in +\&\fBdes_set_key_checked()\fR and \fBdes_set_key_unchecked()\fR were added in OpenSSL 0.9.5. .PP -\&\fIdes_generate_random_block()\fR, \fIdes_init_random_number_generator()\fR, -\&\fIdes_new_random_key()\fR, \fIdes_set_random_generator_seed()\fR and -\&\fIdes_set_sequence_number()\fR and \fIdes_rand_data()\fR are used in newer +\&\fBdes_generate_random_block()\fR, \fBdes_init_random_number_generator()\fR, +\&\fBdes_new_random_key()\fR, \fBdes_set_random_generator_seed()\fR and +\&\fBdes_set_sequence_number()\fR and \fBdes_rand_data()\fR are used in newer versions of Kerberos but are not implemented here. .PP -\&\fIdes_random_key()\fR generated cryptographically weak random data in +\&\fBdes_random_key()\fR generated cryptographically weak random data in SSLeay and in OpenSSL prior version 0.9.5, as well as in the original \&\s-1MIT\s0 library. .SH "AUTHOR" diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 index 62804203903..5d937431f2a 100644 --- a/secure/lib/libcrypto/man/dh.3 +++ b/secure/lib/libcrypto/man/dh.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "dh 3" -.TH dh 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH dh 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +179,7 @@ dh \- Diffie\-Hellman key agreement .IX Header "DESCRIPTION" These functions implement the Diffie-Hellman key agreement protocol. The generation of shared \s-1DH\s0 parameters is described in -\&\fIDH_generate_parameters\fR\|(3); \fIDH_generate_key\fR\|(3) describes how +\&\fBDH_generate_parameters\fR\|(3); \fBDH_generate_key\fR\|(3) describes how to perform a key agreement. .PP The \fB\s-1DH\s0\fR structure consists of several \s-1BIGNUM\s0 components. @@ -201,10 +205,10 @@ structure elements directly and instead use \s-1API\s0 functions to query or modify keys. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdhparam\fR\|(1), \fIbn\fR\|(3), \fIdsa\fR\|(3), \fIerr\fR\|(3), -\&\fIrand\fR\|(3), \fIrsa\fR\|(3), \fIengine\fR\|(3), -\&\fIDH_set_method\fR\|(3), \fIDH_new\fR\|(3), -\&\fIDH_get_ex_new_index\fR\|(3), -\&\fIDH_generate_parameters\fR\|(3), -\&\fIDH_compute_key\fR\|(3), \fId2i_DHparams\fR\|(3), -\&\fIRSA_print\fR\|(3) +\&\fBdhparam\fR\|(1), \fBbn\fR\|(3), \fBdsa\fR\|(3), \fBerr\fR\|(3), +\&\fBrand\fR\|(3), \fBrsa\fR\|(3), \fBengine\fR\|(3), +\&\fBDH_set_method\fR\|(3), \fBDH_new\fR\|(3), +\&\fBDH_get_ex_new_index\fR\|(3), +\&\fBDH_generate_parameters\fR\|(3), +\&\fBDH_compute_key\fR\|(3), \fBd2i_DHparams\fR\|(3), +\&\fBRSA_print\fR\|(3) diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 index 495b833b8f9..c2015bcd65e 100644 --- a/secure/lib/libcrypto/man/dsa.3 +++ b/secure/lib/libcrypto/man/dsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH dsa 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -198,10 +202,10 @@ dsa \- Digital Signature Algorithm .IX Header "DESCRIPTION" These functions implement the Digital Signature Algorithm (\s-1DSA\s0). The generation of shared \s-1DSA\s0 parameters is described in -\&\fIDSA_generate_parameters\fR\|(3); -\&\fIDSA_generate_key\fR\|(3) describes how to +\&\fBDSA_generate_parameters\fR\|(3); +\&\fBDSA_generate_key\fR\|(3) describes how to generate a signature key. Signature generation and verification are -described in \fIDSA_sign\fR\|(3). +described in \fBDSA_sign\fR\|(3). .PP The \fB\s-1DSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. .PP @@ -233,13 +237,13 @@ modify keys. Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIdh\fR\|(3), \fIerr\fR\|(3), \fIrand\fR\|(3), -\&\fIrsa\fR\|(3), \fIsha\fR\|(3), \fIengine\fR\|(3), -\&\fIDSA_new\fR\|(3), -\&\fIDSA_size\fR\|(3), -\&\fIDSA_generate_parameters\fR\|(3), -\&\fIDSA_dup_DH\fR\|(3), -\&\fIDSA_generate_key\fR\|(3), -\&\fIDSA_sign\fR\|(3), \fIDSA_set_method\fR\|(3), -\&\fIDSA_get_ex_new_index\fR\|(3), -\&\fIRSA_print\fR\|(3) +\&\fBbn\fR\|(3), \fBdh\fR\|(3), \fBerr\fR\|(3), \fBrand\fR\|(3), +\&\fBrsa\fR\|(3), \fBsha\fR\|(3), \fBengine\fR\|(3), +\&\fBDSA_new\fR\|(3), +\&\fBDSA_size\fR\|(3), +\&\fBDSA_generate_parameters\fR\|(3), +\&\fBDSA_dup_DH\fR\|(3), +\&\fBDSA_generate_key\fR\|(3), +\&\fBDSA_sign\fR\|(3), \fBDSA_set_method\fR\|(3), +\&\fBDSA_get_ex_new_index\fR\|(3), +\&\fBRSA_print\fR\|(3) diff --git a/secure/lib/libcrypto/man/ec.3 b/secure/lib/libcrypto/man/ec.3 index ca47106adf2..87e5a2ec47b 100644 --- a/secure/lib/libcrypto/man/ec.3 +++ b/secure/lib/libcrypto/man/ec.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ec 3" -.TH ec 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ec 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -312,18 +316,18 @@ for different scenarios. No matter which implementation is being used, the inter handles calling the correct implementation when an interface function is invoked. An implementation is represented by an \fB\s-1EC_METHOD\s0\fR structure. .PP -The creation and destruction of \fB\s-1EC_GROUP\s0\fR objects is described in \fIEC_GROUP_new\fR\|(3). Functions for -manipulating \fB\s-1EC_GROUP\s0\fR objects are described in \fIEC_GROUP_copy\fR\|(3). +The creation and destruction of \fB\s-1EC_GROUP\s0\fR objects is described in \fBEC_GROUP_new\fR\|(3). Functions for +manipulating \fB\s-1EC_GROUP\s0\fR objects are described in \fBEC_GROUP_copy\fR\|(3). .PP -Functions for creating, destroying and manipulating \fB\s-1EC_POINT\s0\fR objects are explained in \fIEC_POINT_new\fR\|(3), -whilst functions for performing mathematical operations and tests on \fBEC_POINTs\fR are coverd in \fIEC_POINT_add\fR\|(3). +Functions for creating, destroying and manipulating \fB\s-1EC_POINT\s0\fR objects are explained in \fBEC_POINT_new\fR\|(3), +whilst functions for performing mathematical operations and tests on \fBEC_POINTs\fR are coverd in \fBEC_POINT_add\fR\|(3). .PP -For working with private and public keys refer to \fIEC_KEY_new\fR\|(3). Implementations are covered in -\&\fIEC_GFp_simple_method\fR\|(3). +For working with private and public keys refer to \fBEC_KEY_new\fR\|(3). Implementations are covered in +\&\fBEC_GFp_simple_method\fR\|(3). .PP -For information on encoding and decoding curve parameters to and from \s-1ASN1\s0 see \fId2i_ECPKParameters\fR\|(3). +For information on encoding and decoding curve parameters to and from \s-1ASN1\s0 see \fBd2i_ECPKParameters\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), -\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), -\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +\&\fBcrypto\fR\|(3), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3 index ca77fffbbc0..4217466d981 100644 --- a/secure/lib/libcrypto/man/ecdsa.3 +++ b/secure/lib/libcrypto/man/ecdsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ecdsa 3" -.TH ecdsa 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ecdsa 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -193,69 +197,69 @@ r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0). \& } ECDSA_SIG; .Ve .PP -\&\fIECDSA_SIG_new()\fR allocates a new \fB\s-1ECDSA_SIG\s0\fR structure (note: this +\&\fBECDSA_SIG_new()\fR allocates a new \fB\s-1ECDSA_SIG\s0\fR structure (note: this function also allocates the BIGNUMs) and initialize it. .PP -\&\fIECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. +\&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. .PP -\&\fIi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature +\&\fBi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature \&\fBsig\fR and writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR is \s-1NULL\s0 \fBi2d_ECDSA_SIG\fR returns the expected length in bytes of the \s-1DER\s0 encoded signature). \fBi2d_ECDSA_SIG\fR returns the length of the \s-1DER\s0 encoded signature (or 0 on error). .PP -\&\fId2i_ECDSA_SIG()\fR decodes a \s-1DER\s0 encoded \s-1ECDSA\s0 signature and returns +\&\fBd2i_ECDSA_SIG()\fR decodes a \s-1DER\s0 encoded \s-1ECDSA\s0 signature and returns the decoded signature in a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure. \&\fB*sig\fR points to the buffer containing the \s-1DER\s0 encoded signature of size \fBlen\fR. .PP -\&\fIECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded +\&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \&\s-1ECDSA\s0 signature created with the private \s-1EC\s0 key \fBeckey\fR. .PP -\&\fIECDSA_sign_setup()\fR may be used to precompute parts of the +\&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. \fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure (or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be used in a later call to \fBECDSA_sign_ex\fR or \fBECDSA_do_sign_ex\fR. .PP -\&\fIECDSA_sign()\fR is wrapper function for ECDSA_sign_ex with \fBkinv\fR +\&\fBECDSA_sign()\fR is wrapper function for ECDSA_sign_ex with \fBkinv\fR and \fBrp\fR set to \s-1NULL.\s0 .PP -\&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes +\&\fBECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value \fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values \fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signatures is stored in \fBsig\fR and it's length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to \fBECDSA_size\fR bytes of memory. The parameter \fBtype\fR is ignored. .PP -\&\fIECDSA_verify()\fR verifies that the signature in \fBsig\fR of size +\&\fBECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \&\fBsiglen\fR is a valid \s-1ECDSA\s0 signature of the hash value \&\fBdgst\fR of size \fBdgstlen\fR using the public key \fBeckey\fR. The parameter \fBtype\fR is ignored. .PP -\&\fIECDSA_do_sign()\fR is wrapper function for ECDSA_do_sign_ex with \fBkinv\fR +\&\fBECDSA_do_sign()\fR is wrapper function for ECDSA_do_sign_ex with \fBkinv\fR and \fBrp\fR set to \s-1NULL.\s0 .PP -\&\fIECDSA_do_sign_ex()\fR computes a digital signature of the \fBdgst_len\fR +\&\fBECDSA_do_sign_ex()\fR computes a digital signature of the \fBdgst_len\fR bytes hash value \fBdgst\fR using the private key \fBeckey\fR and the optional pre-computed values \fBkinv\fR and \fBrp\fR. The signature is returned in a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). .PP -\&\fIECDSA_do_verify()\fR verifies that the signature \fBsig\fR is a valid +\&\fBECDSA_do_verify()\fR verifies that the signature \fBsig\fR is a valid \&\s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgst_len\fR using the public key \fBeckey\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. +\&\fBECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. .PP -\&\fIECDSA_size()\fR returns the maximum length signature or 0 on error. +\&\fBECDSA_size()\fR returns the maximum length signature or 0 on error. .PP -\&\fIECDSA_sign_setup()\fR and \fIECDSA_sign()\fR return 1 if successful or 0 +\&\fBECDSA_sign_setup()\fR and \fBECDSA_sign()\fR return 1 if successful or 0 on error. .PP -\&\fIECDSA_verify()\fR and \fIECDSA_do_verify()\fR return 1 for a valid +\&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid signature, 0 for an invalid signature and \-1 on error. -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "EXAMPLES" .IX Header "EXAMPLES" Creating a \s-1ECDSA\s0 signature of given \s-1SHA\-1\s0 hash value using the @@ -338,7 +342,7 @@ and finally evaluate the return value: (Digital Signature Standard, \s-1DSS\s0) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(3), \fIrsa\fR\|(3) +\&\fBdsa\fR\|(3), \fBrsa\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The ecdsa implementation was first introduced in OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3 index ad0c20cd239..8d88c3cf6fc 100644 --- a/secure/lib/libcrypto/man/engine.3 +++ b/secure/lib/libcrypto/man/engine.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "engine 3" -.TH engine 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH engine 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -347,11 +351,11 @@ ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structur reference is sufficient if you only need to query or manipulate the data of an \s-1ENGINE\s0 implementation rather than use its functionality. .PP -The \fIENGINE_new()\fR function returns a structural reference to a new (empty) +The \fBENGINE_new()\fR function returns a structural reference to a new (empty) \&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural -references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, -\&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be -released by a corresponding to call to the \fIENGINE_free()\fR function \- the +references such as; \fBENGINE_by_id()\fR, \fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, +\&\fBENGINE_get_next()\fR, \fBENGINE_get_prev()\fR. All structural references should be +released by a corresponding to call to the \fBENGINE_free()\fR function \- the \&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when the last structural reference is released. .PP @@ -359,13 +363,13 @@ It should also be noted that many \s-1ENGINE API\s0 function calls that accept a structural reference will internally obtain another reference \- typically this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to -OpenSSL's internal list is \fIENGINE_add()\fR \- if this function returns success, +OpenSSL's internal list is \fBENGINE_add()\fR \- if this function returns success, then OpenSSL will have stored a new structural reference internally so the caller is still responsible for freeing their own reference with -\&\fIENGINE_free()\fR when they are finished with it. In a similar way, some +\&\fBENGINE_free()\fR when they are finished with it. In a similar way, some functions will automatically release the structural reference passed to it -if part of the function's job is to do so. Eg. the \fIENGINE_get_next()\fR and -\&\fIENGINE_get_prev()\fR functions are used for iterating across the internal +if part of the function's job is to do so. Eg. the \fBENGINE_get_next()\fR and +\&\fBENGINE_get_prev()\fR functions are used for iterating across the internal \&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the list, but in either case the structural reference passed to the function is @@ -384,17 +388,17 @@ reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default operational \s-1ENGINE\s0 for a given cryptographic purpose. .PP To obtain a functional reference from an existing structural reference, -call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not +call the \fBENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not already operational and couldn't be successfully initialised (eg. lack of system drivers, no special hardware attached, etc), otherwise it will return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional -references are released by calling \fIENGINE_finish()\fR (which removes the +references are released by calling \fBENGINE_finish()\fR (which removes the implicit structural reference as well). .PP The second way to get a functional reference is by asking OpenSSL for a -default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR, -\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next +default implementation for a given task, eg. by \fBENGINE_get_default_RSA()\fR, +\&\fBENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc. @@ -429,10 +433,10 @@ needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 response if no \s-1ENGINE\s0 was available so that future queries won't repeat the same iteration unless the state table changes. This behaviour can also be changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using -\&\fIENGINE_set_table_flags()\fR), no attempted initialisations will take place, +\&\fBENGINE_set_table_flags()\fR), no attempted initialisations will take place, instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the \&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. -\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except +\&\fBENGINE_set_default_RSA()\fR does the same job as \fBENGINE_register_RSA()\fR except that it also sets the state table's cached response for the \*(L"get_default\*(R" query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are indexed by 'nid', these flags and cached-responses are distinct for each 'nid' @@ -476,12 +480,12 @@ mention an important \s-1API\s0 function; If no \s-1ENGINE API\s0 functions are called at all in an application, then there are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality, however if any ENGINEs are loaded, even if they are never registered or -used, it is necessary to use the \fIENGINE_cleanup()\fR function to +used, it is necessary to use the \fBENGINE_cleanup()\fR function to correspondingly cleanup before program exit, if the caller wishes to avoid memory leaks. This mechanism uses an internal callback registration table so that any \s-1ENGINE API\s0 functionality that knows it requires cleanup can -register its cleanup details to be called during \fIENGINE_cleanup()\fR. This -approach allows \fIENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality +register its cleanup details to be called during \fBENGINE_cleanup()\fR. This +approach allows \fBENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality at all that your program uses, yet doesn't automatically create linker dependencies to all possible \s-1ENGINE\s0 functionality \- only the cleanup callbacks required by the functionality you do use will be required by the @@ -551,7 +555,7 @@ it should be used. The following code illustrates how this can work; .PP That's all that's required. Eg. the next time OpenSSL tries to set up an \&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to -\&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the +\&\fBENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the default for \s-1RSA\s0 use from then on. .SS "Advanced configuration support" .IX Subsection "Advanced configuration support" @@ -580,9 +584,9 @@ driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before -calling \fIENGINE_init()\fR. The other class of commands consist of settings or +calling \fBENGINE_init()\fR. The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take -place, and these commands may work either before or after \fIENGINE_init()\fR, or +place, and these commands may work either before or after \fBENGINE_init()\fR, or in some cases both. \s-1ENGINE\s0 implementations should provide indications of this in the descriptions attached to builtin control commands and/or in external product documentation. @@ -638,7 +642,7 @@ boolean success or failure. \& } .Ve .PP -Note that \fIENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can +Note that \fBENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can relax the semantics of the function \- if set non-zero it will only return failure if the \s-1ENGINE\s0 supported the given command name but failed while executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply @@ -652,7 +656,7 @@ It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported by an \s-1ENGINE\s0 using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the -\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command. +\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a \*(L"generic\*(R" command is handled directly by the @@ -676,10 +680,10 @@ commands implemented by a given \s-1ENGINE,\s0 specifically the commands; Whilst these commands are automatically processed by the OpenSSL framework code, they use various properties exposed by each \s-1ENGINE\s0 to process these queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; -it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in +it can supply a \fBctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will -simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fIctrl()\fR +simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fBctrl()\fR handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the OpenSSL framework code will work with the following rules; @@ -718,10 +722,10 @@ possible values; .PP If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely informational to the caller \- this flag will prevent the command being usable -for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR. +for any higher-level \s-1ENGINE\s0 functions such as \fBENGINE_ctrl_cmd_string()\fR. \&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration by applications, administrations, users, etc. These can support arbitrary -operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control +operations via \fBENGINE_ctrl()\fR, including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications determinie if an \s-1ENGINE\s0 supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" @@ -739,4 +743,4 @@ applications to explicitly use the \*(L"dynamic\*(R" \s-1ENGINE\s0 to bind to sh implementations. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrsa\fR\|(3), \fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrand\fR\|(3) +\&\fBrsa\fR\|(3), \fBdsa\fR\|(3), \fBdh\fR\|(3), \fBrand\fR\|(3) diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 index 6cd0c8e938b..37145f710a3 100644 --- a/secure/lib/libcrypto/man/err.3 +++ b/secure/lib/libcrypto/man/err.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "err 3" -.TH err 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH err 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -184,33 +188,33 @@ by the return value, and an error code is stored in an error queue associated with the current thread. The \fBerr\fR library provides functions to obtain these error codes and textual error messages. .PP -The \fIERR_get_error\fR\|(3) manpage describes how to +The \fBERR_get_error\fR\|(3) manpage describes how to access error codes. .PP Error codes contain information about where the error occurred, and -what went wrong. \s-1\fIERR_GET_LIB\s0\fR\|(3) describes how to +what went wrong. \s-1\fBERR_GET_LIB\s0\fR\|(3) describes how to extract this information. A method to obtain human-readable error -messages is described in \fIERR_error_string\fR\|(3). +messages is described in \fBERR_error_string\fR\|(3). .PP -\&\fIERR_clear_error\fR\|(3) can be used to clear the +\&\fBERR_clear_error\fR\|(3) can be used to clear the error queue. .PP -Note that \fIERR_remove_state\fR\|(3) should be used to +Note that \fBERR_remove_state\fR\|(3) should be used to avoid memory leaks when threads are terminated. .SH "ADDING NEW ERROR CODES TO OPENSSL" .IX Header "ADDING NEW ERROR CODES TO OPENSSL" -See \fIERR_put_error\fR\|(3) if you want to record error codes in the +See \fBERR_put_error\fR\|(3) if you want to record error codes in the OpenSSL error system from within your application. .PP The remainder of this section is of interest only if you want to add new error codes to OpenSSL or add error codes from external libraries. .SS "Reporting errors" .IX Subsection "Reporting errors" -Each sub-library has a specific macro \fIXXXerr()\fR that is used to report +Each sub-library has a specific macro \fBXXXerr()\fR that is used to report errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived from the function names; reason codes consist of textual error -descriptions. For example, the function \fIssl23_read()\fR reports a +descriptions. For example, the function \fBssl23_read()\fR reports a \&\*(L"handshake failure\*(R" as follows: .PP .Vb 1 @@ -233,13 +237,13 @@ sub-library's header file. Although a library will normally report errors using its own specific XXXerr macro, another library's macro can be used. This is normally only done when a library wants to include \s-1ASN1\s0 code which must use -the \fIASN1err()\fR macro. +the \fBASN1err()\fR macro. .SS "Adding new libraries" .IX Subsection "Adding new libraries" When adding a new sub-library to OpenSSL, assign it a library number -\&\fB\s-1ERR_LIB_XXX\s0\fR, define a macro \fIXXXerr()\fR (both in \fBerr.h\fR), add its +\&\fB\s-1ERR_LIB_XXX\s0\fR, define a macro \fBXXXerr()\fR (both in \fBerr.h\fR), add its name to \fBERR_str_libraries[]\fR (in \fBcrypto/err/err.c\fR), and add -\&\f(CW\*(C`ERR_load_XXX_strings()\*(C'\fR to the \fIERR_load_crypto_strings()\fR function +\&\f(CW\*(C`ERR_load_XXX_strings()\*(C'\fR to the \fBERR_load_crypto_strings()\fR function (in \fBcrypto/err/err_all.c\fR). Finally, add an entry .PP .Vb 1 @@ -294,7 +298,7 @@ but it can also be used to add more general purpose error code handling. .SH "INTERNALS" .IX Header "INTERNALS" The error queues are stored in a hash table with one \fB\s-1ERR_STATE\s0\fR -entry for each pid. \fIERR_get_state()\fR returns the current thread's +entry for each pid. \fBERR_get_state()\fR returns the current thread's \&\fB\s-1ERR_STATE\s0\fR. An \fB\s-1ERR_STATE\s0\fR can hold up to \fB\s-1ERR_NUM_ERRORS\s0\fR error codes. When more error codes are added, the old ones are overwritten, on the assumption that the most recent errors are most important. @@ -304,14 +308,14 @@ be obtained by calling ERR_get_err_state_table(void) and ERR_get_string_table(void) respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fICRYPTO_set_locking_callback\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\s-1\fIERR_GET_LIB\s0\fR\|(3), -\&\fIERR_clear_error\fR\|(3), -\&\fIERR_error_string\fR\|(3), -\&\fIERR_print_errors\fR\|(3), -\&\fIERR_load_crypto_strings\fR\|(3), -\&\fIERR_remove_state\fR\|(3), -\&\fIERR_put_error\fR\|(3), -\&\fIERR_load_strings\fR\|(3), -\&\fISSL_get_error\fR\|(3) +\&\fBCRYPTO_set_locking_callback\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\s-1\fBERR_GET_LIB\s0\fR\|(3), +\&\fBERR_clear_error\fR\|(3), +\&\fBERR_error_string\fR\|(3), +\&\fBERR_print_errors\fR\|(3), +\&\fBERR_load_crypto_strings\fR\|(3), +\&\fBERR_remove_state\fR\|(3), +\&\fBERR_put_error\fR\|(3), +\&\fBERR_load_strings\fR\|(3), +\&\fBSSL_get_error\fR\|(3) diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 index 27d4b8c9058..b8820ad1f3c 100644 --- a/secure/lib/libcrypto/man/evp.3 +++ b/secure/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "evp 3" -.TH evp 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH evp 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,25 +164,25 @@ functions. The \fBEVP_Digest\fR\fI...\fR functions provide message digests. .PP The \fB\s-1EVP_PKEY\s0\fR\fI...\fR functions provide a high level interface to asymmetric algorithms. To create a new \s-1EVP_PKEY\s0 see -\&\fIEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated +\&\fBEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions -described on the \fIEVP_PKEY_set1_RSA\fR\|(3) page, or -new keys can be generated using \fIEVP_PKEY_keygen\fR\|(3). -EVP_PKEYs can be compared using \fIEVP_PKEY_cmp\fR\|(3), or printed using -\&\fIEVP_PKEY_print_private\fR\|(3). +described on the \fBEVP_PKEY_set1_RSA\fR\|(3) page, or +new keys can be generated using \fBEVP_PKEY_keygen\fR\|(3). +EVP_PKEYs can be compared using \fBEVP_PKEY_cmp\fR\|(3), or printed using +\&\fBEVP_PKEY_print_private\fR\|(3). .PP The \s-1EVP_PKEY\s0 functions support the full range of asymmetric algorithm operations: -.IP "For key agreement see \fIEVP_PKEY_derive\fR\|(3)" 4 +.IP "For key agreement see \fBEVP_PKEY_derive\fR\|(3)" 4 .IX Item "For key agreement see EVP_PKEY_derive" .PD 0 -.IP "For signing and verifying see \fIEVP_PKEY_sign\fR\|(3), \fIEVP_PKEY_verify\fR\|(3) and \fIEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the \fBEVP_DigestSign\fR\fI...\fR functions for this purpose." 4 +.IP "For signing and verifying see \fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the \fBEVP_DigestSign\fR\fI...\fR functions for this purpose." 4 .IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSign... functions for this purpose." -.ie n .IP "For encryption and decryption see \fIEVP_PKEY_encrypt\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fBEVP_Seal\fR\fI...\fR and \fBEVP_Open\fR\fI...\fR functions." 4 -.el .IP "For encryption and decryption see \fIEVP_PKEY_encrypt\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fBEVP_Seal\fR\fI...\fR and \fBEVP_Open\fR\fI...\fR functions." 4 +.ie n .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fBEVP_Seal\fR\fI...\fR and \fBEVP_Open\fR\fI...\fR functions." 4 +.el .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fBEVP_Seal\fR\fI...\fR and \fBEVP_Open\fR\fI...\fR functions." 4 .IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_Seal... and EVP_Open... functions." .PD .PP -The \fIEVP_BytesToKey\fR\|(3) function provides some limited support for password +The \fBEVP_BytesToKey\fR\|(3) function provides some limited support for password based encryption. Careful selection of the parameters will provide a PKCS#5 \s-1PBKDF1\s0 compatible implementation. However, new applications should not typically use this (preferring, for example, \&\s-1PBKDF2\s0 from PCKS#5). @@ -187,14 +191,14 @@ The \fBEVP_Encode\fR\fI...\fR and \&\fBEVP_Decode\fR\fI...\fR functions implement base 64 encoding and decoding. .PP -Algorithms are loaded with \fIOpenSSL_add_all_algorithms\fR\|(3). +Algorithms are loaded with \fBOpenSSL_add_all_algorithms\fR\|(3). .PP All the symmetric algorithms (ciphers), digests and asymmetric algorithms (public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered as defaults, then the various \s-1EVP\s0 functions will automatically use those implementations automatically in preference to built in software -implementations. For more information, consult the \fIengine\fR\|(3) man page. +implementations. For more information, consult the \fBengine\fR\|(3) man page. .PP Although low level algorithm specific functions exist for many algorithms their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0 @@ -204,24 +208,24 @@ cleanly supported at the low level and some operations are more efficient using the high level interface. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_DigestInit\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_OpenInit\fR\|(3), -\&\fIEVP_SealInit\fR\|(3), -\&\fIEVP_DigestSignInit\fR\|(3), -\&\fIEVP_SignInit\fR\|(3), -\&\fIEVP_VerifyInit\fR\|(3), -\&\fIEVP_EncodeInit\fR\|(3), -\&\fIEVP_PKEY_new\fR\|(3), -\&\fIEVP_PKEY_set1_RSA\fR\|(3), -\&\fIEVP_PKEY_keygen\fR\|(3), -\&\fIEVP_PKEY_print_private\fR\|(3), -\&\fIEVP_PKEY_decrypt\fR\|(3), -\&\fIEVP_PKEY_encrypt\fR\|(3), -\&\fIEVP_PKEY_sign\fR\|(3), -\&\fIEVP_PKEY_verify\fR\|(3), -\&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3), -\&\fIEVP_BytesToKey\fR\|(3), -\&\fIOpenSSL_add_all_algorithms\fR\|(3), -\&\fIengine\fR\|(3) +\&\fBEVP_DigestInit\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_OpenInit\fR\|(3), +\&\fBEVP_SealInit\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_SignInit\fR\|(3), +\&\fBEVP_VerifyInit\fR\|(3), +\&\fBEVP_EncodeInit\fR\|(3), +\&\fBEVP_PKEY_new\fR\|(3), +\&\fBEVP_PKEY_set1_RSA\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3), +\&\fBEVP_PKEY_print_private\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_BytesToKey\fR\|(3), +\&\fBOpenSSL_add_all_algorithms\fR\|(3), +\&\fBengine\fR\|(3) diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 index 0906fcdf9de..db6e8445434 100644 --- a/secure/lib/libcrypto/man/hmac.3 +++ b/secure/lib/libcrypto/man/hmac.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH hmac 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,7 +168,7 @@ HMAC_cleanup \- HMAC message authentication code function used for message authentication, which is based on a hash function. .PP -\&\s-1\fIHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at +\&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at \&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is \&\fBkey_len\fR bytes long. .PP @@ -174,65 +178,65 @@ If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0 value for \fBmd\fR to use the static array is not thread safe. .PP -\&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc. +\&\fBevp_md\fR can be \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc. .PP -\&\fIHMAC_CTX_init()\fR initialises a \fB\s-1HMAC_CTX\s0\fR before first use. It must be +\&\fBHMAC_CTX_init()\fR initialises a \fB\s-1HMAC_CTX\s0\fR before first use. It must be called. .PP -\&\fIHMAC_CTX_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR +\&\fBHMAC_CTX_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR and releases any associated resources. It must be called when an \&\fB\s-1HMAC_CTX\s0\fR is no longer required. .PP -\&\fIHMAC_cleanup()\fR is an alias for \fIHMAC_CTX_cleanup()\fR included for back +\&\fBHMAC_cleanup()\fR is an alias for \fBHMAC_CTX_cleanup()\fR included for back compatibility with 0.9.6b, it is deprecated. .PP The following functions may be used if the message is not completely stored in memory: .PP -\&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +\&\fBHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes long. It is deprecated and only included for backward compatibility with OpenSSL 0.9.6b. .PP -\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +\&\fBHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL\s0 (or \fBevp_md\fR is the same as the previous digest used by \fBctx\fR and \fBkey\fR is \s-1NULL\s0) the existing key is -reused. \fBctx\fR must have been created with \fIHMAC_CTX_new()\fR before the first use -of an \fB\s-1HMAC_CTX\s0\fR in this function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented -behaviour in previous versions of OpenSSL \- failure to switch to \f(BIHMAC_Init_ex()\fB +reused. \fBctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use +of an \fB\s-1HMAC_CTX\s0\fR in this function. \fBN.B. \fBHMAC_Init()\fB had this undocumented +behaviour in previous versions of OpenSSL \- failure to switch to \fBHMAC_Init_ex()\fB in programs that expect it will cause them to stop working\fR. .PP -\&\fB\s-1NB:\s0 if \f(BIHMAC_Init_ex()\fB is called with \fBkey\fB \s-1NULL\s0 and \fBevp_md\fB is not the +\&\fB\s-1NB:\s0 if \fBHMAC_Init_ex()\fB is called with \fBkey\fB \s-1NULL\s0 and \fBevp_md\fB is not the same as the previous digest used by \fBctx\fB then an error is returned because reuse of an existing key with a different digest is not supported.\fR .PP -\&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to +\&\fBHMAC_Update()\fR can be called repeatedly with chunks of the message to be authenticated (\fBlen\fR bytes at \fBdata\fR). .PP -\&\fIHMAC_Final()\fR places the message authentication code in \fBmd\fR, which +\&\fBHMAC_Final()\fR places the message authentication code in \fBmd\fR, which must have space for the hash function output. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if +\&\s-1\fBHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if an error occurred. .PP -\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR return 1 for success or 0 if +\&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR and \fBHMAC_Final()\fR return 1 for success or 0 if an error occurred. .PP -\&\fIHMAC_CTX_init()\fR and \fIHMAC_CTX_cleanup()\fR do not return values. +\&\fBHMAC_CTX_init()\fR and \fBHMAC_CTX_cleanup()\fR do not return values. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC 2104\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIsha\fR\|(3), \fIevp\fR\|(3) +\&\fBsha\fR\|(3), \fBevp\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fIHMAC\s0()\fR, \fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR +\&\s-1\fBHMAC\s0()\fR, \fBHMAC_Init()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR and \fBHMAC_cleanup()\fR are available since SSLeay 0.9.0. .PP -\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR and \fIHMAC_CTX_cleanup()\fR are available +\&\fBHMAC_CTX_init()\fR, \fBHMAC_Init_ex()\fR and \fBHMAC_CTX_cleanup()\fR are available since OpenSSL 0.9.7. .PP -\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR did not return values in +\&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR and \fBHMAC_Final()\fR did not return values in versions of OpenSSL before 1.0.0. diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 index 425ad6c0fdf..58e50407c71 100644 --- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "i2d_CMS_bio_stream 3" -.TH i2d_CMS_bio_stream 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH i2d_CMS_bio_stream 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,26 +151,26 @@ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. +\&\fBi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. .PP -It is otherwise identical to the function \fISMIME_write_CMS()\fR. +It is otherwise identical to the function \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" -This function is effectively a version of the \fIi2d_CMS_bio()\fR supporting +This function is effectively a version of the \fBi2d_CMS_bio()\fR supporting streaming. .SH "BUGS" .IX Header "BUGS" The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. +\&\fBi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) -\&\fICMS_decrypt\fR\|(3), -\&\fISMIME_write_CMS\fR\|(3), -\&\fIPEM_write_bio_CMS_stream\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBPEM_write_bio_CMS_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIi2d_CMS_bio_stream()\fR was added to OpenSSL 1.0.0 +\&\fBi2d_CMS_bio_stream()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 index 25545929c71..b8682a6e022 100644 --- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "i2d_PKCS7_bio_stream 3" -.TH i2d_PKCS7_bio_stream 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH i2d_PKCS7_bio_stream 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,26 +149,26 @@ i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. +\&\fBi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. .PP -It is otherwise identical to the function \fISMIME_write_PKCS7()\fR. +It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. .SH "NOTES" .IX Header "NOTES" -This function is effectively a version of the \fId2i_PKCS7_bio()\fR supporting +This function is effectively a version of the \fBd2i_PKCS7_bio()\fR supporting streaming. .SH "BUGS" .IX Header "BUGS" The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. +\&\fBi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3), -\&\fISMIME_write_PKCS7\fR\|(3), -\&\fIPEM_write_bio_PKCS7_stream\fR\|(3) +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3), +\&\fBPEM_write_bio_PKCS7_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIi2d_PKCS7_bio_stream()\fR was added to OpenSSL 1.0.0 +\&\fBi2d_PKCS7_bio_stream()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 index ec233b12ebb..d0f62be39da 100644 --- a/secure/lib/libcrypto/man/lh_stats.3 +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH lh_stats 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,14 +161,14 @@ accessing the hash table. This is mostly a legacy of Eric Young writing this library for the reasons of implementing what looked like a nice algorithm rather than for a particular software product. .PP -\&\fIlh_stats()\fR prints out statistics on the size of the hash table, how +\&\fBlh_stats()\fR prints out statistics on the size of the hash table, how many entries are in it, and the number and result of calls to the routines in this library. .PP -\&\fIlh_node_stats()\fR prints the number of entries for each 'bucket' in the +\&\fBlh_node_stats()\fR prints the number of entries for each 'bucket' in the hash table. .PP -\&\fIlh_node_usage_stats()\fR prints out a short summary of the state of the +\&\fBlh_node_usage_stats()\fR prints out a short summary of the state of the hash table. It prints the 'load' and the 'actual load'. The load is the average number of data items per 'bucket' in the hash table. The \&'actual load' is the average number of items per 'bucket', but only @@ -173,14 +177,14 @@ average number of searches that will need to find an item in the hash table, while the 'load' is the average number that will be done to record a miss. .PP -\&\fIlh_stats_bio()\fR, \fIlh_node_stats_bio()\fR and \fIlh_node_usage_stats_bio()\fR +\&\fBlh_stats_bio()\fR, \fBlh_node_stats_bio()\fR and \fBlh_node_usage_stats_bio()\fR are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions do not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbio\fR\|(3), \fIlhash\fR\|(3) +\&\fBbio\fR\|(3), \fBlhash\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 index ea99524e209..dbd7836c2fd 100644 --- a/secure/lib/libcrypto/man/lhash.3 +++ b/secure/lib/libcrypto/man/lhash.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH lhash 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +171,7 @@ This library implements type-checked dynamic hash tables. The hash table entries can be arbitrary structures. Usually they consist of key and value fields. .PP -lh_\fI_new()\fR creates a new \fB\s-1LHASH_OF\s0( structure to store +lh_\fB_new()\fR creates a new \fB\s-1LHASH_OF\s0( structure to store arbitrary data entries, and provides the 'hash' and 'compare' callbacks to be used in organising the table's entries. The \fBhash\fR callback takes a pointer to a table entry as its argument and returns @@ -180,7 +184,7 @@ will contain items of some particular type and the \fBhash\fR and \&\fBcompare\fR callbacks hash/compare these types, then the \&\fB\s-1DECLARE_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be used to create callback wrappers of the prototypes required by -lh_\fI_new()\fR. These provide per-variable casts before calling the +lh_\fB_new()\fR. These provide per-variable casts before calling the type-specific callbacks written by the application author. These macros, as well as those used for the \*(L"doall\*(R" callbacks, are defined as; @@ -239,25 +243,25 @@ as; \& } .Ve .PP -lh_\fI_free()\fR frees the \fB\s-1LHASH_OF\s0( structure +lh_\fB_free()\fR frees the \fB\s-1LHASH_OF\s0( structure \&\fBtable\fR. Allocated hash table entries will not be freed; consider -using lh_\fI_doall()\fR to deallocate any remaining entries in the +using lh_\fB_doall()\fR to deallocate any remaining entries in the hash table (see below). .PP -lh_\fI_insert()\fR inserts the structure pointed to by \fBdata\fR into +lh_\fB_insert()\fR inserts the structure pointed to by \fBdata\fR into \&\fBtable\fR. If there already is an entry with the same key, the old -value is replaced. Note that lh_\fI_insert()\fR stores pointers, the +value is replaced. Note that lh_\fB_insert()\fR stores pointers, the data are not copied. .PP -lh_\fI_delete()\fR deletes an entry from \fBtable\fR. +lh_\fB_delete()\fR deletes an entry from \fBtable\fR. .PP -lh_\fI_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR +lh_\fB_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR is a structure with the key field(s) set; the function will return a pointer to a fully populated structure. .PP -lh_\fI_doall()\fR will, for every entry in the hash table, call -\&\fBfunc\fR with the data item as its parameter. For lh_\fI_doall()\fR -and lh_\fI_doall_arg()\fR, function pointer casting should be avoided +lh_\fB_doall()\fR will, for every entry in the hash table, call +\&\fBfunc\fR with the data item as its parameter. For lh_\fB_doall()\fR +and lh_\fB_doall_arg()\fR, function pointer casting should be avoided in the callbacks (see \fB\s-1NOTE\s0\fR) \- instead use the declare/implement macros to create type-checked wrappers that cast variables prior to calling your type-specific callbacks. An example of this is @@ -286,11 +290,11 @@ you start (which will stop the hash table ever decreasing in size). The best solution is probably to avoid deleting items from the hash table inside a \*(L"doall\*(R" callback! .PP -lh_\fI_doall_arg()\fR is the same as lh_\fI_doall()\fR except that +lh_\fB_doall_arg()\fR is the same as lh_\fB_doall()\fR except that \&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype that is passed both the table entry and an extra argument). As with -\&\fIlh_doall()\fR, you can instead choose to declare your callback with a +\&\fBlh_doall()\fR, you can instead choose to declare your callback with a prototype matching the types you are dealing with and use the declare/implement macros to create compatible wrappers that cast variables before calling your type-specific callbacks. An example of @@ -308,26 +312,26 @@ that is provided by the caller): \& logging_bio); .Ve .PP -lh_\fI_error()\fR can be used to determine if an error occurred in the last -operation. lh_\fI_error()\fR is a macro. +lh_\fB_error()\fR can be used to determine if an error occurred in the last +operation. lh_\fB_error()\fR is a macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -lh_\fI_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new +lh_\fB_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new \&\fB\s-1LHASH\s0\fR structure. .PP -When a hash table entry is replaced, lh_\fI_insert()\fR returns the value +When a hash table entry is replaced, lh_\fB_insert()\fR returns the value being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error. .PP -lh_\fI_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if +lh_\fB_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if there is no such value in the hash table. .PP -lh_\fI_retrieve()\fR returns the hash table entry if it has been found, +lh_\fB_retrieve()\fR returns the hash table entry if it has been found, \&\fB\s-1NULL\s0\fR otherwise. .PP -lh_\fI_error()\fR returns 1 if an error occurred in the last operation, 0 +lh_\fB_error()\fR returns 1 if an error occurred in the last operation, 0 otherwise. .PP -lh_\fI_free()\fR, lh_\fI_doall()\fR and lh_\fI_doall_arg()\fR return no values. +lh_\fB_free()\fR, lh_\fB_doall()\fR and lh_\fB_doall_arg()\fR return no values. .SH "NOTE" .IX Header "NOTE" The various \s-1LHASH\s0 macros and callback types exist to make it possible @@ -338,9 +342,9 @@ corruption and other hard-to-find bugs. It also, apparently, violates ANSI-C. .PP The \s-1LHASH\s0 code regards table entries as constant data. As such, it -internally represents \fIlh_insert()\fR'd items with a \*(L"const void *\*(R" -pointer type. This is why callbacks such as those used by \fIlh_doall()\fR -and \fIlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the +internally represents \fBlh_insert()\fR'd items with a \*(L"const void *\*(R" +pointer type. This is why callbacks such as those used by \fBlh_doall()\fR +and \fBlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the parameters that pass back the table items' data pointers \- for consistency, user-provided data is \*(L"const\*(R" at all times as far as the \&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing @@ -353,8 +357,8 @@ indexed in the hash table (ie. it is returned as \*(L"const\*(R" from elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are appropriate as-is. Conversely, if the caller is responsible for the life-time of the data in question, then they may well wish to make -modifications to table item passed back in the \fIlh_doall()\fR or -\&\fIlh_doall_arg()\fR callbacks (see the \*(L"STUFF_cleanup\*(R" example above). If +modifications to table item passed back in the \fBlh_doall()\fR or +\&\fBlh_doall_arg()\fR callbacks (see the \*(L"STUFF_cleanup\*(R" example above). If so, the caller can either cast the \*(L"const\*(R" away (if they're providing the raw callbacks themselves) or use the macros to declare/implement the wrapper functions without \*(L"const\*(R" types. @@ -368,7 +372,7 @@ DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types without any \*(L"const\*(R" qualifiers. .SH "BUGS" .IX Header "BUGS" -lh_\fI_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. +lh_\fB_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. .SH "INTERNALS" .IX Header "INTERNALS" The following description is based on the SSLeay documentation: @@ -376,7 +380,7 @@ The following description is based on the SSLeay documentation: The \fBlhash\fR library implements a hash table described in the \&\fICommunications of the \s-1ACM\s0\fR in 1991. What makes this hash table different is that as the table fills, the hash table is increased (or -decreased) in size via \fIOPENSSL_realloc()\fR. When a 'resize' is done, instead of +decreased) in size via \fBOPENSSL_realloc()\fR. When a 'resize' is done, instead of all hashes being redistributed over twice as many 'buckets', one bucket is split. So when an 'expand' is done, there is only a minimal cost to redistribute some values. Subsequent inserts will cause more @@ -407,22 +411,22 @@ even if your hash table has 10 items in a 'bucket', it can be searched with 10 \fBunsigned long\fR compares and 10 linked list traverses. This will be much less expensive that 10 calls to your compare function. .PP -\&\fIlh_strhash()\fR is a demo string hashing function: +\&\fBlh_strhash()\fR is a demo string hashing function: .PP .Vb 1 \& unsigned long lh_strhash(const char *c); .Ve .PP Since the \fB\s-1LHASH\s0\fR routines would normally be passed structures, this -routine would not normally be passed to lh_\fI_new()\fR, rather it would be -used in the function passed to lh_\fI_new()\fR. +routine would not normally be passed to lh_\fB_new()\fR, rather it would be +used in the function passed to lh_\fB_new()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIlh_stats\fR\|(3) +\&\fBlh_stats\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBlhash\fR library is available in all versions of SSLeay and OpenSSL. -\&\fIlh_error()\fR was added in SSLeay 0.9.1b. +\&\fBlh_error()\fR was added in SSLeay 0.9.1b. .PP This manpage is derived from the SSLeay documentation. .PP diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 index 4c3cee08270..d76addaf27a 100644 --- a/secure/lib/libcrypto/man/md5.3 +++ b/secure/lib/libcrypto/man/md5.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "md5 3" -.TH md5 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH md5 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +180,7 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions .IX Header "DESCRIPTION" \&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. .PP -\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest +\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static @@ -185,19 +189,19 @@ array. The following functions may be used if the message is not completely stored in memory: .PP -\&\fIMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. +\&\fBMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. .PP -\&\fIMD2_Update()\fR can be called repeatedly with chunks of the message to +\&\fBMD2_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP -\&\fIMD2_Final()\fR places the message digest in \fBmd\fR, which must have space +\&\fBMD2_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. .PP -\&\fIMD4_Init()\fR, \fIMD4_Update()\fR, \fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and -\&\fIMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. +\&\fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and +\&\fBMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. .PP Applications should use the higher level functions -\&\fIEVP_DigestInit\fR\|(3) +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .SH "NOTE" .IX Header "NOTE" @@ -206,22 +210,22 @@ applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be preferred. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR return pointers to the hash value. +\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR return pointers to the hash value. .PP -\&\fIMD2_Init()\fR, \fIMD2_Update()\fR, \fIMD2_Final()\fR, \fIMD4_Init()\fR, \fIMD4_Update()\fR, -\&\fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and \fIMD5_Final()\fR return 1 for +\&\fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR, +\&\fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and \fBMD5_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC 1319, RFC 1320, RFC 1321\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIsha\fR\|(3), \fIripemd\fR\|(3), \fIEVP_DigestInit\fR\|(3) +\&\fBsha\fR\|(3), \fBripemd\fR\|(3), \fBEVP_DigestInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fIMD2\s0()\fR, \fIMD2_Init()\fR, \fIMD2_Update()\fR \fIMD2_Final()\fR, \s-1\fIMD5\s0()\fR, \fIMD5_Init()\fR, -\&\fIMD5_Update()\fR and \fIMD5_Final()\fR are available in all versions of SSLeay +\&\s-1\fBMD2\s0()\fR, \fBMD2_Init()\fR, \fBMD2_Update()\fR \fBMD2_Final()\fR, \s-1\fBMD5\s0()\fR, \fBMD5_Init()\fR, +\&\fBMD5_Update()\fR and \fBMD5_Final()\fR are available in all versions of SSLeay and OpenSSL. .PP -\&\s-1\fIMD4\s0()\fR, \fIMD4_Init()\fR, and \fIMD4_Update()\fR are available in OpenSSL 0.9.6 and +\&\s-1\fBMD4\s0()\fR, \fBMD4_Init()\fR, and \fBMD4_Update()\fR are available in OpenSSL 0.9.6 and above. diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 index b2c047ecf9d..b22375f3e04 100644 --- a/secure/lib/libcrypto/man/mdc2.3 +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH mdc2 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +159,7 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function block ciphers. These functions are an implementation of \s-1MDC2\s0 with \&\s-1DES.\s0 .PP -\&\s-1\fIMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR +\&\s-1\fBMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for \&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. @@ -163,29 +167,29 @@ is placed in a static array. The following functions may be used if the message is not completely stored in memory: .PP -\&\fIMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. +\&\fBMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. .PP -\&\fIMDC2_Update()\fR can be called repeatedly with chunks of the message to +\&\fBMDC2_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP -\&\fIMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space +\&\fBMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. .PP Applications should use the higher level functions -\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fIMDC2\s0()\fR returns a pointer to the hash value. +\&\s-1\fBMDC2\s0()\fR returns a pointer to the hash value. .PP -\&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR return 1 for success, 0 otherwise. +\&\fBMDC2_Init()\fR, \fBMDC2_Update()\fR and \fBMDC2_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-2,\s0 with \s-1DES\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIsha\fR\|(3), \fIEVP_DigestInit\fR\|(3) +\&\fBsha\fR\|(3), \fBEVP_DigestInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fIMDC2\s0()\fR, \fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR are available since +\&\s-1\fBMDC2\s0()\fR, \fBMDC2_Init()\fR, \fBMDC2_Update()\fR and \fBMDC2_Final()\fR are available since SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3 index e3d46c0e078..355235e21a5 100644 --- a/secure/lib/libcrypto/man/pem.3 +++ b/secure/lib/libcrypto/man/pem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "pem 3" -.TH pem 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH pem 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -344,8 +348,8 @@ For more details about the meaning of arguments see the .PP Each operation has four functions associated with it. For clarity the term "\fBfoobar\fR functions" will be used to collectively -refer to the \fIPEM_read_bio_foobar()\fR, \fIPEM_read_foobar()\fR, -\&\fIPEM_write_bio_foobar()\fR and \fIPEM_write_foobar()\fR functions. +refer to the \fBPEM_read_bio_foobar()\fR, \fBPEM_read_foobar()\fR, +\&\fBPEM_write_bio_foobar()\fR and \fBPEM_write_foobar()\fR functions. .PP The \fBPrivateKey\fR functions read or write a private key in \&\s-1PEM\s0 format using an \s-1EVP_PKEY\s0 structure. The write routines use @@ -353,7 +357,7 @@ The \fBPrivateKey\fR functions read or write a private key in private keys. The read functions can additionally transparently handle PKCS#8 format encrypted and unencrypted keys too. .PP -\&\fIPEM_write_bio_PKCS8PrivateKey()\fR and \fIPEM_write_PKCS8PrivateKey()\fR +\&\fBPEM_write_bio_PKCS8PrivateKey()\fR and \fBPEM_write_PKCS8PrivateKey()\fR write a private key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption algorithms. The \fBcipher\fR argument specifies the encryption algorithm to @@ -361,7 +365,7 @@ use: unlike all other \s-1PEM\s0 routines the encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If \fBcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. .PP -\&\fIPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fIPEM_write_PKCS8PrivateKey_nid()\fR +\&\fBPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fBPEM_write_PKCS8PrivateKey_nid()\fR also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the @@ -580,7 +584,7 @@ Skeleton pass phrase callback: .IX Header "NOTES" The old \fBPrivateKey\fR write routines are retained for compatibility. New applications should write private keys using the -\&\fIPEM_write_bio_PKCS8PrivateKey()\fR or \fIPEM_write_PKCS8PrivateKey()\fR routines +\&\fBPEM_write_bio_PKCS8PrivateKey()\fR or \fBPEM_write_PKCS8PrivateKey()\fR routines because they are more secure (they use an iteration count of 2048 whereas the traditional routines use a count of 1) unless compatibility with older versions of OpenSSL is important. @@ -614,14 +618,14 @@ The private key (or other data) takes the following form: .Ve .PP The line beginning DEK-Info contains two comma separated pieces of information: -the encryption algorithm name as used by \fIEVP_get_cipherbyname()\fR and an 8 +the encryption algorithm name as used by \fBEVP_get_cipherbyname()\fR and an 8 byte \fBsalt\fR encoded as a set of hexadecimal digits. .PP After this is the base64 encoded encrypted data. .PP -The encryption key is determined using \fIEVP_BytesToKey()\fR, using \fBsalt\fR and an +The encryption key is determined using \fBEVP_BytesToKey()\fR, using \fBsalt\fR and an iteration count of 1. The \s-1IV\s0 used is the value of \fBsalt\fR and *not* the \s-1IV\s0 -returned by \fIEVP_BytesToKey()\fR. +returned by \fBEVP_BytesToKey()\fR. .SH "BUGS" .IX Header "BUGS" The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse @@ -647,4 +651,4 @@ if an error occurred. The write routines return 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_get_cipherbyname\fR\|(3), \fIEVP_BytesToKey\fR\|(3) +\&\fBEVP_get_cipherbyname\fR\|(3), \fBEVP_BytesToKey\fR\|(3) diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 index 3502fc9599d..d6aca10dffb 100644 --- a/secure/lib/libcrypto/man/rand.3 +++ b/secure/lib/libcrypto/man/rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rand 3" -.TH rand 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH rand 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,8 +174,8 @@ rand \- pseudo\-random number generator .IX Header "DESCRIPTION" Since the introduction of the \s-1ENGINE API,\s0 the recommended way of controlling default implementations is by using the \s-1ENGINE API\s0 functions. The default -\&\fB\s-1RAND_METHOD\s0\fR, as set by \fIRAND_set_rand_method()\fR and returned by -\&\fIRAND_get_rand_method()\fR, is only used if no \s-1ENGINE\s0 has been set as the default +\&\fB\s-1RAND_METHOD\s0\fR, as set by \fBRAND_set_rand_method()\fR and returned by +\&\fBRAND_get_rand_method()\fR, is only used if no \s-1ENGINE\s0 has been set as the default \&\*(L"rand\*(R" implementation. Hence, these two functions are no longer the recommended way to control defaults. .PP @@ -188,15 +192,15 @@ need randomness. .PP A cryptographic \s-1PRNG\s0 must be seeded with unpredictable data such as mouse movements or keys pressed at random by the user. This is -described in \fIRAND_add\fR\|(3). Its state can be saved in a seed file -(see \fIRAND_load_file\fR\|(3)) to avoid having to go through the +described in \fBRAND_add\fR\|(3). Its state can be saved in a seed file +(see \fBRAND_load_file\fR\|(3)) to avoid having to go through the seeding process whenever the application is started. .PP -\&\fIRAND_bytes\fR\|(3) describes how to obtain random data from the +\&\fBRAND_bytes\fR\|(3) describes how to obtain random data from the \&\s-1PRNG.\s0 .SH "INTERNALS" .IX Header "INTERNALS" -The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic +The \fBRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic hash function. .PP The following description of its design is based on the SSLeay @@ -276,11 +280,11 @@ overwritten) and 7 (by not using the 10 bytes given to the caller to update the 'state', but they are used to update 'md'). .PP So of the points raised, only 2 is not addressed (but see -\&\fIRAND_add\fR\|(3)). +\&\fBRAND_add\fR\|(3)). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIBN_rand\fR\|(3), \fIRAND_add\fR\|(3), -\&\fIRAND_load_file\fR\|(3), \fIRAND_egd\fR\|(3), -\&\fIRAND_bytes\fR\|(3), -\&\fIRAND_set_rand_method\fR\|(3), -\&\fIRAND_cleanup\fR\|(3) +\&\fBBN_rand\fR\|(3), \fBRAND_add\fR\|(3), +\&\fBRAND_load_file\fR\|(3), \fBRAND_egd\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_set_rand_method\fR\|(3), +\&\fBRAND_cleanup\fR\|(3) diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 index 3a9239e5b6f..94616474610 100644 --- a/secure/lib/libcrypto/man/rc4.3 +++ b/secure/lib/libcrypto/man/rc4.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH rc4 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,11 +163,11 @@ key sizes have been widely used due to export restrictions. \&\s-1RC4\s0 consists of a key setup phase and the actual encryption or decryption phase. .PP -\&\fIRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long +\&\fBRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key at \fBdata\fR. .PP -\&\s-1\fIRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using -\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fIRC4\s0()\fR calls with +\&\s-1\fBRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using +\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fBRC4\s0()\fR calls with the same \fBkey\fR yield a continuous key stream. .PP Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random @@ -171,11 +175,11 @@ key stream to produce the output), decryption uses the same function calls as encryption. .PP Applications should use the higher level functions -\&\fIEVP_EncryptInit\fR\|(3) +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling the \s-1RC4\s0 functions directly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRC4_set_key()\fR and \s-1\fIRC4\s0()\fR do not return values. +\&\fBRC4_set_key()\fR and \s-1\fBRC4\s0()\fR do not return values. .SH "NOTE" .IX Header "NOTE" Certain conditions have to be observed to securely use stream ciphers. @@ -183,7 +187,7 @@ It is not permissible to perform multiple encryptions using the same key stream. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIblowfish\fR\|(3), \fIdes\fR\|(3), \fIrc2\fR\|(3) +\&\fBblowfish\fR\|(3), \fBdes\fR\|(3), \fBrc2\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRC4_set_key()\fR and \s-1\fIRC4\s0()\fR are available in all versions of SSLeay and OpenSSL. +\&\fBRC4_set_key()\fR and \s-1\fBRC4\s0()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 index 6aa480ee35e..f6178e14ee1 100644 --- a/secure/lib/libcrypto/man/ripemd.3 +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ripemd 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +159,7 @@ RIPEMD\-160 hash function \&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a 160 bit output. .PP -\&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR +\&\s-1\fBRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for \&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. @@ -163,31 +167,31 @@ is placed in a static array. The following functions may be used if the message is not completely stored in memory: .PP -\&\fIRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. +\&\fBRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. .PP -\&\fIRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to +\&\fBRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP -\&\fIRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have +\&\fBRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1RIPEMD160_CTX\s0\fR. .PP Applications should use the higher level functions -\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fIRIPEMD160\s0()\fR returns a pointer to the hash value. +\&\s-1\fBRIPEMD160\s0()\fR returns a pointer to the hash value. .PP -\&\fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and \fIRIPEMD160_Final()\fR return 1 for +\&\fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR and \fBRIPEMD160_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-3\s0 (draft) (??) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIsha\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3) +\&\fBsha\fR\|(3), \fBhmac\fR\|(3), \fBEVP_DigestInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fIRIPEMD160\s0()\fR, \fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and -\&\fIRIPEMD160_Final()\fR are available since SSLeay 0.9.0. +\&\s-1\fBRIPEMD160\s0()\fR, \fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR and +\&\fBRIPEMD160_Final()\fR are available since SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 index 20639c3b649..9aa81e6c3da 100644 --- a/secure/lib/libcrypto/man/rsa.3 +++ b/secure/lib/libcrypto/man/rsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH rsa 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -239,15 +243,15 @@ modify keys. \&\s-1RSA\s0 was covered by a \s-1US\s0 patent which expired in September 2000. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrsa\fR\|(1), \fIbn\fR\|(3), \fIdsa\fR\|(3), \fIdh\fR\|(3), -\&\fIrand\fR\|(3), \fIengine\fR\|(3), \fIRSA_new\fR\|(3), -\&\fIRSA_public_encrypt\fR\|(3), -\&\fIRSA_sign\fR\|(3), \fIRSA_size\fR\|(3), -\&\fIRSA_generate_key\fR\|(3), -\&\fIRSA_check_key\fR\|(3), -\&\fIRSA_blinding_on\fR\|(3), -\&\fIRSA_set_method\fR\|(3), \fIRSA_print\fR\|(3), -\&\fIRSA_get_ex_new_index\fR\|(3), -\&\fIRSA_private_encrypt\fR\|(3), -\&\fIRSA_sign_ASN1_OCTET_STRING\fR\|(3), -\&\fIRSA_padding_add_PKCS1_type_1\fR\|(3) +\&\fBrsa\fR\|(1), \fBbn\fR\|(3), \fBdsa\fR\|(3), \fBdh\fR\|(3), +\&\fBrand\fR\|(3), \fBengine\fR\|(3), \fBRSA_new\fR\|(3), +\&\fBRSA_public_encrypt\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_size\fR\|(3), +\&\fBRSA_generate_key\fR\|(3), +\&\fBRSA_check_key\fR\|(3), +\&\fBRSA_blinding_on\fR\|(3), +\&\fBRSA_set_method\fR\|(3), \fBRSA_print\fR\|(3), +\&\fBRSA_get_ex_new_index\fR\|(3), +\&\fBRSA_private_encrypt\fR\|(3), +\&\fBRSA_sign_ASN1_OCTET_STRING\fR\|(3), +\&\fBRSA_padding_add_PKCS1_type_1\fR\|(3) diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 index 725d751be90..eba5ec4a21f 100644 --- a/secure/lib/libcrypto/man/sha.3 +++ b/secure/lib/libcrypto/man/sha.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "sha 3" -.TH sha 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH sha 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,13 +181,13 @@ SHA512_Final \- Secure Hash Algorithm .SH "DESCRIPTION" .IX Header "DESCRIPTION" Applications should use the higher level functions -\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the hash +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .PP \&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. .PP -\&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR +\&\s-1\fBSHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for \&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR. @@ -191,12 +195,12 @@ is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thr The following functions may be used if the message is not completely stored in memory: .PP -\&\fISHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. +\&\fBSHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. .PP -\&\fISHA1_Update()\fR can be called repeatedly with chunks of the message to +\&\fBSHA1_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP -\&\fISHA1_Final()\fR places the message digest in \fBmd\fR, which must have space +\&\fBSHA1_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. .PP The \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 families of functions operate in the @@ -204,18 +208,18 @@ same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA25 \&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR. The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used (defined by \s-1SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH\s0 and -\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fISHA1\s0()\fR function above, the -\&\s-1\fISHA224\s0()\fR, \s-1\fISHA256\s0()\fR, \s-1\fISHA384\s0()\fR and \s-1\fISHA512\s0()\fR functions are not thread safe if +\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fBSHA1\s0()\fR function above, the +\&\s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR functions are not thread safe if \&\fBmd\fR is \s-1NULL.\s0 .PP The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be used only when backward compatibility is required. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fISHA1\s0()\fR, \s-1\fISHA224\s0()\fR, \s-1\fISHA256\s0()\fR, \s-1\fISHA384\s0()\fR and \s-1\fISHA512\s0()\fR return a pointer to the hash +\&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR return a pointer to the hash value. .PP -\&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR and equivalent \s-1SHA224, SHA256, +\&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR and equivalent \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -224,8 +228,8 @@ Standard), \&\s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIripemd\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3) +\&\fBripemd\fR\|(3), \fBhmac\fR\|(3), \fBEVP_DigestInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fISHA1\s0()\fR, \fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR are available in all +\&\s-1\fBSHA1\s0()\fR, \fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 index 30d044f8d05..b3d7476ec2a 100644 --- a/secure/lib/libcrypto/man/threads.3 +++ b/secure/lib/libcrypto/man/threads.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "threads 3" -.TH threads 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH threads 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -210,7 +214,7 @@ needed to perform locking on shared data structures. will be implicitly shared whenever multiple threads use OpenSSL.) Multi-threaded applications will crash at random if it is not set. .PP -\&\fIlocking_function()\fR must be able to handle up to \fICRYPTO_num_locks()\fR +\&\fBlocking_function()\fR must be able to handle up to \fBCRYPTO_num_locks()\fR different mutex locks. It sets the \fBn\fR\-th lock if \fBmode\fR & \&\fB\s-1CRYPTO_LOCK\s0\fR, and releases it otherwise. .PP @@ -219,27 +223,27 @@ lock. They can be useful for debugging. .PP threadid_func(\s-1CRYPTO_THREADID\s0 *id) is needed to record the currently-executing thread's identifier into \fBid\fR. The implementation of this callback should not -fill in \fBid\fR directly, but should use \fICRYPTO_THREADID_set_numeric()\fR if thread -IDs are numeric, or \fICRYPTO_THREADID_set_pointer()\fR if they are pointer-based. +fill in \fBid\fR directly, but should use \fBCRYPTO_THREADID_set_numeric()\fR if thread +IDs are numeric, or \fBCRYPTO_THREADID_set_pointer()\fR if they are pointer-based. If the application does not register such a callback using -\&\fICRYPTO_THREADID_set_callback()\fR, then a default implementation is used \- on +\&\fBCRYPTO_THREADID_set_callback()\fR, then a default implementation is used \- on Windows and BeOS this uses the system's default thread identifying APIs, and on all other platforms it uses the address of \fBerrno\fR. The latter is satisfactory for thread-safety if and only if the platform has a thread-local error number facility. .PP -Once \fIthreadid_func()\fR is registered, or if the built-in default implementation is +Once \fBthreadid_func()\fR is registered, or if the built-in default implementation is to be used; .IP "\(bu" 4 -\&\fICRYPTO_THREADID_current()\fR records the currently-executing thread \s-1ID\s0 into the +\&\fBCRYPTO_THREADID_current()\fR records the currently-executing thread \s-1ID\s0 into the given \fBid\fR object. .IP "\(bu" 4 -\&\fICRYPTO_THREADID_cmp()\fR compares two thread IDs (returning zero for equality, ie. -the same semantics as \fImemcmp()\fR). +\&\fBCRYPTO_THREADID_cmp()\fR compares two thread IDs (returning zero for equality, ie. +the same semantics as \fBmemcmp()\fR). .IP "\(bu" 4 -\&\fICRYPTO_THREADID_cpy()\fR duplicates a thread \s-1ID\s0 value, +\&\fBCRYPTO_THREADID_cpy()\fR duplicates a thread \s-1ID\s0 value, .IP "\(bu" 4 -\&\fICRYPTO_THREADID_hash()\fR returns a numeric value usable as a hash-table key. This +\&\fBCRYPTO_THREADID_hash()\fR returns a numeric value usable as a hash-table key. This is usually the exact numeric or pointer-based thread \s-1ID\s0 used internally, however this also handles the unusual case where pointers are larger than 'long' variables and the platform's thread IDs are pointer-based \- in this case, mixing @@ -269,15 +273,15 @@ dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is needed to destroy the lock l. Multi-threaded applications might crash at random if it is not set. .PP -\&\fICRYPTO_get_new_dynlockid()\fR is used to create locks. It will call +\&\fBCRYPTO_get_new_dynlockid()\fR is used to create locks. It will call dyn_create_function for the actual creation. .PP -\&\fICRYPTO_destroy_dynlockid()\fR is used to destroy locks. It will call +\&\fBCRYPTO_destroy_dynlockid()\fR is used to destroy locks. It will call dyn_destroy_function for the actual destruction. .PP -\&\fICRYPTO_lock()\fR is used to lock and unlock the locks. mode is a bitfield +\&\fBCRYPTO_lock()\fR is used to lock and unlock the locks. mode is a bitfield describing what should be done with the lock. n is the number of the -lock as returned from \fICRYPTO_get_new_dynlockid()\fR. mode can be combined +lock as returned from \fBCRYPTO_get_new_dynlockid()\fR. mode can be combined from the following values. These values are pairwise exclusive, with undefined behaviour if misused (for example, \s-1CRYPTO_READ\s0 and \s-1CRYPTO_WRITE\s0 should not be used together): @@ -290,9 +294,9 @@ should not be used together): .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICRYPTO_num_locks()\fR returns the required number of locks. +\&\fBCRYPTO_num_locks()\fR returns the required number of locks. .PP -\&\fICRYPTO_get_new_dynlockid()\fR returns the index to the newly created lock. +\&\fBCRYPTO_get_new_dynlockid()\fR returns the index to the newly created lock. .PP The other functions return no values. .SH "NOTES" @@ -317,14 +321,14 @@ may do so in the future. Solaris, Irix and Win32. .SH "HISTORY" .IX Header "HISTORY" -\&\fICRYPTO_set_locking_callback()\fR is +\&\fBCRYPTO_set_locking_callback()\fR is available in all versions of SSLeay and OpenSSL. -\&\fICRYPTO_num_locks()\fR was added in OpenSSL 0.9.4. +\&\fBCRYPTO_num_locks()\fR was added in OpenSSL 0.9.4. All functions dealing with dynamic locks were added in OpenSSL 0.9.5b\-dev. \&\fB\s-1CRYPTO_THREADID\s0\fR and associated functions were introduced in OpenSSL 1.0.0 -to replace (actually, deprecate) the previous \fICRYPTO_set_id_callback()\fR, -\&\fICRYPTO_get_id_callback()\fR, and \fICRYPTO_thread_id()\fR functions which assumed +to replace (actually, deprecate) the previous \fBCRYPTO_set_id_callback()\fR, +\&\fBCRYPTO_get_id_callback()\fR, and \fBCRYPTO_thread_id()\fR functions which assumed thread IDs to always be represented by 'unsigned long'. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(3) +\&\fBcrypto\fR\|(3) diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3 index 2dba35d949a..580485041ad 100644 --- a/secure/lib/libcrypto/man/ui.3 +++ b/secure/lib/libcrypto/man/ui.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ui 3" -.TH ui 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ui 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,7 +206,7 @@ UI_set_method, UI_OpenSSL, ERR_load_UI_strings \- New User Interface .IX Header "DESCRIPTION" \&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to prompt the user for text-based information. Through user-written methods -(see \fIui_create\fR\|(3)), prompting can be done in any way +(see \fBui_create\fR\|(3)), prompting can be done in any way imaginable, be it plain text prompting, through dialog boxes or from a cell phone. .PP @@ -211,70 +215,70 @@ contains all the information needed to prompt correctly as well as a reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that carry out the actual prompting. .PP -The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR, +The first thing to do is to create a \s-1UI\s0 with \fBUI_new()\fR or \fBUI_new_method()\fR, then add information to it with the UI_add or UI_dup functions. Also, user-defined random data can be passed down to the underlying method through calls to UI_add_user_data. The default \s-1UI\s0 method doesn't care -about these data, but other methods might. Finally, use \fIUI_process()\fR -to actually perform the prompting and \fIUI_get0_result()\fR to find the result +about these data, but other methods might. Finally, use \fBUI_process()\fR +to actually perform the prompting and \fBUI_get0_result()\fR to find the result to the prompt. .PP A \s-1UI\s0 can contain more than one prompt, which are performed in the given sequence. Each prompt gets an index number which is returned by the UI_add and UI_dup functions, and has to be used to get the corresponding -result with \fIUI_get0_result()\fR. +result with \fBUI_get0_result()\fR. .PP The functions are as follows: .PP -\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with -this \s-1UI,\s0 it should be freed using \fIUI_free()\fR. +\&\fBUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with +this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. .PP -\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with -this \s-1UI,\s0 it should be freed using \fIUI_free()\fR. +\&\fBUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with +this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. .PP -\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not the default one, +\&\fBUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not the default one, since the default can be changed. See further on). This method is the most machine/OS dependent part of OpenSSL and normally generates the most problems when porting. .PP -\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory +\&\fBUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory that's connected to it, like duplicated input strings, results and others. .PP -\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 +\&\fBUI_add_input_string()\fR and \fBUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 as well as flags and a result buffer and the desired minimum and maximum sizes of the result, not counting the final \s-1NUL\s0 character. The given information is used to prompt for information, for example a password, and to verify a password (i.e. having the user enter it twice and check -that the same string was entered twice). \fIUI_add_verify_string()\fR takes +that the same string was entered twice). \fBUI_add_verify_string()\fR takes and extra argument that should be a pointer to the result buffer of the input string that it's supposed to verify, or verification will fail. .PP -\&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +\&\fBUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered in a boolean way, with a single character for yes and a different character for no. A set of characters that can be used to cancel the prompt is given as well. The prompt itself is divided in two, one part being the descriptive text (given through the \fIprompt\fR argument) and one describing the possible answers (given through the \fIaction_desc\fR argument). .PP -\&\fIUI_add_info_string()\fR and \fIUI_add_error_string()\fR add strings that are shown at +\&\fBUI_add_info_string()\fR and \fBUI_add_error_string()\fR add strings that are shown at the same time as the prompt for extra information or to show an error string. The difference between the two is only conceptual. With the builtin method, there's no technical difference between them. Other methods may make a difference between them, however. .PP The flags currently supported are \s-1UI_INPUT_FLAG_ECHO,\s0 which is relevant for -\&\fIUI_add_input_string()\fR and will have the users response be echoed (when +\&\fBUI_add_input_string()\fR and will have the users response be echoed (when prompting for a password, this flag should obviously not be used, and \&\s-1UI_INPUT_FLAG_DEFAULT_PWD,\s0 which means that a default password of some sort will be used (completely depending on the application and the \s-1UI\s0 method). .PP -\&\fIUI_dup_input_string()\fR, \fIUI_dup_verify_string()\fR, \fIUI_dup_input_boolean()\fR, -\&\fIUI_dup_info_string()\fR and \fIUI_dup_error_string()\fR are basically the same +\&\fBUI_dup_input_string()\fR, \fBUI_dup_verify_string()\fR, \fBUI_dup_input_boolean()\fR, +\&\fBUI_dup_info_string()\fR and \fBUI_dup_error_string()\fR are basically the same as their UI_add counterparts, except that they make their own copies of all strings. .PP -\&\fIUI_construct_prompt()\fR is a helper function that can be used to create +\&\fBUI_construct_prompt()\fR is a helper function that can be used to create a prompt from two pieces of information: an description and a name. The default constructor (if there is none provided by the method used) creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the @@ -283,36 +287,36 @@ description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that beco string and may include encodings that will be processed by the other method functions. .PP -\&\fIUI_add_user_data()\fR adds a piece of memory for the method to use at any +\&\fBUI_add_user_data()\fR adds a piece of memory for the method to use at any time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several calls to this function doesn't add data, it replaces the previous blob with the one given as argument. .PP -\&\fIUI_get0_user_data()\fR retrieves the data that has last been given to the -\&\s-1UI\s0 with \fIUI_add_user_data()\fR. +\&\fBUI_get0_user_data()\fR retrieves the data that has last been given to the +\&\s-1UI\s0 with \fBUI_add_user_data()\fR. .PP -\&\fIUI_get0_result()\fR returns a pointer to the result buffer associated with +\&\fBUI_get0_result()\fR returns a pointer to the result buffer associated with the information indexed by \fIi\fR. .PP -\&\fIUI_process()\fR goes through the information given so far, does all the printing +\&\fBUI_process()\fR goes through the information given so far, does all the printing and prompting and returns. .PP -\&\fIUI_ctrl()\fR adds extra control for the application author. For now, it -understands two commands: \s-1UI_CTRL_PRINT_ERRORS,\s0 which makes \fIUI_process()\fR +\&\fBUI_ctrl()\fR adds extra control for the application author. For now, it +understands two commands: \s-1UI_CTRL_PRINT_ERRORS,\s0 which makes \fBUI_process()\fR print the OpenSSL error stack as part of processing the \s-1UI,\s0 and \&\s-1UI_CTRL_IS_REDOABLE,\s0 which returns a flag saying if the used \s-1UI\s0 can be used again or not. .PP -\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. +\&\fBUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. .PP -\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +\&\fBUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. .PP -\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 +\&\fBUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 .PP -\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 +\&\fBUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIui_create\fR\|(3), \fIui_compat\fR\|(3) +\&\fBui_create\fR\|(3), \fBui_compat\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \s-1UI\s0 section was first introduced in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3 index cfe67108f58..ff24cafb681 100644 --- a/secure/lib/libcrypto/man/ui_compat.3 +++ b/secure/lib/libcrypto/man/ui_compat.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ui_compat 3" -.TH ui_compat 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ui_compat 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,30 +159,30 @@ The \s-1DES\s0 library contained a few routines to prompt for passwords. These aren't necessarely dependent on \s-1DES,\s0 and have therefore become part of the \&\s-1UI\s0 compatibility library. .PP -\&\fIdes_read_pw()\fR writes the string specified by \fIprompt\fR to standard output +\&\fBdes_read_pw()\fR writes the string specified by \fIprompt\fR to standard output turns echo off and reads an input string from the terminal. The string is returned in \fIbuf\fR, which must have spac for at least \fIsize\fR bytes. If \fIverify\fR is set, the user is asked for the password twice and unless the two copies match, an error is returned. The second password is stored in \fIbuff\fR, which must therefore also be at least \fIsize\fR bytes. A return code of \-1 indicates a system error, 1 failure due to use interaction, and -0 is success. All other functions described here use \fIdes_read_pw()\fR to do +0 is success. All other functions described here use \fBdes_read_pw()\fR to do the work. .PP -\&\fIdes_read_pw_string()\fR is a variant of \fIdes_read_pw()\fR that provides a buffer +\&\fBdes_read_pw_string()\fR is a variant of \fBdes_read_pw()\fR that provides a buffer for you if \fIverify\fR is set. .PP -\&\fIdes_read_password()\fR calls \fIdes_read_pw()\fR and converts the password to a -\&\s-1DES\s0 key by calling \fIDES_string_to_key()\fR; \fIdes_read_2password()\fR operates in -the same way as \fIdes_read_password()\fR except that it generates two keys -by using the \fIDES_string_to_2key()\fR function. +\&\fBdes_read_password()\fR calls \fBdes_read_pw()\fR and converts the password to a +\&\s-1DES\s0 key by calling \fBDES_string_to_key()\fR; \fBdes_read_2password()\fR operates in +the same way as \fBdes_read_password()\fR except that it generates two keys +by using the \fBDES_string_to_2key()\fR function. .SH "NOTES" .IX Header "NOTES" -\&\fIdes_read_pw_string()\fR is available in the \s-1MIT\s0 Kerberos library as well, and -is also available under the name \fIEVP_read_pw_string()\fR. +\&\fBdes_read_pw_string()\fR is available in the \s-1MIT\s0 Kerberos library as well, and +is also available under the name \fBEVP_read_pw_string()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIui\fR\|(3), \fIui_create\fR\|(3) +\&\fBui\fR\|(3), \fBui_create\fR\|(3) .SH "AUTHOR" .IX Header "AUTHOR" Richard Levitte (richard@levitte.org) for the OpenSSL project diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3 index ead11f775de..d657675b9d3 100644 --- a/secure/lib/libcrypto/man/x509.3 +++ b/secure/lib/libcrypto/man/x509.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "x509 3" -.TH x509 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH x509 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -179,16 +183,16 @@ handle PKCS#10 certificate requests. \&\fBX509_EXTENSION_\fR\fI...\fR handle certificate extensions. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_NAME_ENTRY_get_object\fR\|(3), -\&\fIX509_NAME_add_entry_by_txt\fR\|(3), -\&\fIX509_NAME_add_entry_by_NID\fR\|(3), -\&\fIX509_NAME_print_ex\fR\|(3), -\&\fIX509_NAME_new\fR\|(3), -\&\fId2i_X509\fR\|(3), -\&\fId2i_X509_ALGOR\fR\|(3), -\&\fId2i_X509_CRL\fR\|(3), -\&\fId2i_X509_NAME\fR\|(3), -\&\fId2i_X509_REQ\fR\|(3), -\&\fId2i_X509_SIG\fR\|(3), -\&\fIcrypto\fR\|(3), -\&\fIx509v3\fR\|(3) +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_add_entry_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_NAME_new\fR\|(3), +\&\fBd2i_X509\fR\|(3), +\&\fBd2i_X509_ALGOR\fR\|(3), +\&\fBd2i_X509_CRL\fR\|(3), +\&\fBd2i_X509_NAME\fR\|(3), +\&\fBd2i_X509_REQ\fR\|(3), +\&\fBd2i_X509_SIG\fR\|(3), +\&\fBcrypto\fR\|(3), +\&\fBx509v3\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index 518749beea2..b53ceb92199 100644 --- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,26 +152,26 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_des .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the +\&\fBSSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\*(R"\s0 is returned. .PP -\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If +\&\fBSSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If \&\fBalg_bits\fR is not \s-1NULL,\s0 it contains the number of bits processed by the chosen algorithm. If \fBcipher\fR is \s-1NULL, 0\s0 is returned. .PP -\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol +\&\fBSSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol version that first defined the cipher. This is currently \fBSSLv2\fR or \fBTLSv1/SSLv3\fR. In some cases it should possibly return \*(L"TLSv1.2\*(R" but does not; -use \fISSL_CIPHER_description()\fR instead. +use \fBSSL_CIPHER_description()\fR instead. If \fBcipher\fR is \s-1NULL, \*(L"\s0(\s-1NONE\s0)\*(R" is returned. .PP -\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used +\&\fBSSL_CIPHER_description()\fR returns a textual description of the cipher used into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least 128 bytes, otherwise a pointer to the string \*(L"Buffer too small\*(R" is returned. If \fBbuf\fR is \s-1NULL,\s0 a buffer of 128 bytes is allocated using -\&\fIOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string +\&\fBOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string \&\*(L"OPENSSL_malloc Error\*(R" is returned. .SH "NOTES" .IX Header "NOTES" @@ -176,7 +180,7 @@ export cipher like e.g. \s-1EXP\-RC4\-MD5\s0 has only 40 secret bits. The algori does use the full 128 bits (which would be returned for \fBalg_bits\fR), of which however 88bits are fixed. The search space is hence only 40 bits. .PP -The string returned by \fISSL_CIPHER_description()\fR in case of success consists +The string returned by \fBSSL_CIPHER_description()\fR in case of success consists of cleartext information separated by one or more blanks in the following sequence: .IP "" 4 @@ -209,7 +213,7 @@ If the cipher is flagged exportable with respect to old \s-1US\s0 crypto regulations, the word "\fBexport\fR" is printed. .SH "EXAMPLES" .IX Header "EXAMPLES" -Some examples for the output of \fISSL_CIPHER_description()\fR: +Some examples for the output of \fBSSL_CIPHER_description()\fR: .PP .Vb 4 \& EDH\-RSA\-DES\-CBC3\-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 @@ -225,10 +229,10 @@ A comp[lete list can be retrieved by invoking the following command: .Ve .SH "BUGS" .IX Header "BUGS" -If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL,\s0 the +If \fBSSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL,\s0 the library crashes. .PP -If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according +If \fBSSL_CIPHER_description()\fR cannot handle a built-in cipher, the according description of the cipher property is \fBunknown\fR. This case should not occur. .PP @@ -246,6 +250,6 @@ terms via SSL_CIPHER_get_name and SSL_CIPHER_description. See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_get_current_cipher\fR\|(3), -\&\fISSL_get_ciphers\fR\|(3), \fIciphers\fR\|(1), -\&\fISSL_CTX_set_cipher_list\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_get_current_cipher\fR\|(3), +\&\fBSSL_get_ciphers\fR\|(3), \fBciphers\fR\|(1), +\&\fBSSL_CTX_set_cipher_list\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index cb5e6f54d3c..e3e8ddfb56a 100644 --- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,14 +151,14 @@ SSL_COMP_add_compression_method, SSL_COMP_free_compression_methods \- handle SSL .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with +\&\fBSSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with the identifier \fBid\fR to the list of available compression methods. This list is globally maintained for all \s-1SSL\s0 operations within this application. It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. .PP -\&\fISSL_COMP_free_compression_methods()\fR frees the internal table of +\&\fBSSL_COMP_free_compression_methods()\fR frees the internal table of compression methods that were built internally, and possibly -augmented by adding \fISSL_COMP_add_compression_method()\fR. +augmented by adding \fBSSL_COMP_add_compression_method()\fR. .SH "NOTES" .IX Header "NOTES" The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods @@ -167,7 +171,7 @@ compression methods with the same identifier will lead to connection failure. .PP An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) will unconditionally send the list of all compression methods enabled with -\&\fISSL_COMP_add_compression_method()\fR to the server during the handshake. +\&\fBSSL_COMP_add_compression_method()\fR to the server during the handshake. Unlike the mechanisms to set a cipher list, there is no method available to restrict the list of compression method on a per connection basis. .PP @@ -177,7 +181,7 @@ when a matching identifier is found. There is no way to restrict the list of compression methods supported on a per connection basis. .PP If enabled during compilation, the OpenSSL library will have the -\&\fICOMP_zlib()\fR compression method available. +\&\fBCOMP_zlib()\fR compression method available. .SH "WARNINGS" .IX Header "WARNINGS" Once the identities of the compression methods for the \s-1TLS\s0 protocol have @@ -185,7 +189,7 @@ been standardized, the compression \s-1API\s0 will most likely be changed. Using it in the current state is not recommended. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_COMP_add_compression_method()\fR may return the following values: +\&\fBSSL_COMP_add_compression_method()\fR may return the following values: .IP "0" 4 The operation succeeded. .IP "1" 4 @@ -193,4 +197,4 @@ The operation succeeded. The operation failed. Check the error queue to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3) +\&\fBssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_new.3 b/secure/lib/libssl/man/SSL_CONF_CTX_new.3 index 03997480dbc..1eb1fdffd11 100644 --- a/secure/lib/libssl/man/SSL_CONF_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CONF_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_new 3" -.TH SSL_CONF_CTX_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CONF_CTX_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,23 +150,23 @@ SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fISSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR +The function \fBSSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR structure for use with the \s-1SSL_CONF\s0 functions. .PP -The function \fISSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. +The function \fBSSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure +\&\fBSSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. .PP -\&\fISSL_CONF_CTX_free()\fR does not return a value. +\&\fBSSL_CONF_CTX_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_set_flags\fR\|(3), -\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fISSL_CONF_cmd\fR\|(3), -\&\fISSL_CONF_cmd_argv\fR\|(3) +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 index 05a8005af62..16d4b8b64a3 100644 --- a/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 +++ b/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_set1_prefix 3" -.TH SSL_CONF_CTX_set1_prefix 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CONF_CTX_set1_prefix 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,11 +149,11 @@ SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fISSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR +The function \fBSSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. .SH "NOTES" .IX Header "NOTES" -Command prefixes alter the commands recognised by subsequent \fISSL_CTX_cmd()\fR +Command prefixes alter the commands recognised by subsequent \fBSSL_CTX_cmd()\fR calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then @@ -163,14 +167,14 @@ If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case insensitive and no prefix is the default. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. +\&\fBSSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_new\fR\|(3), -\&\fISSL_CONF_CTX_set_flags\fR\|(3), -\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fISSL_CONF_cmd\fR\|(3), -\&\fISSL_CONF_cmd_argv\fR\|(3) +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 index 9a2f7a7c3e9..23b0ae4ecfc 100644 --- a/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 +++ b/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_set_flags 3" -.TH SSL_CONF_CTX_set_flags 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CONF_CTX_set_flags 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,13 +150,13 @@ SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set of clear SSL configurati .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fISSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. +The function \fBSSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. .PP -The function \fISSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. +The function \fBSSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. .SH "NOTES" .IX Header "NOTES" -The flags set affect how subsequent calls to \fISSL_CONF_cmd()\fR or -\&\fISSL_CONF_argv()\fR behave. +The flags set affect how subsequent calls to \fBSSL_CONF_cmd()\fR or +\&\fBSSL_CONF_argv()\fR behave. .PP Currently the following \fBflags\fR values are recognised: .IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4 @@ -170,18 +174,18 @@ recognise certificate and private key options. .IX Item "SSL_CONF_FLAG_SHOW_ERRORS" indicate errors relating to unrecognised options or missing arguments in the error queue. If this option isn't set such errors are only reflected -in the return values of \fISSL_CONF_set_cmd()\fR or \fISSL_CONF_set_argv()\fR +in the return values of \fBSSL_CONF_set_cmd()\fR or \fBSSL_CONF_set_argv()\fR .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_CTX_set_flags()\fR and \fISSL_CONF_CTX_clear_flags()\fR returns the new flags +\&\fBSSL_CONF_CTX_set_flags()\fR and \fBSSL_CONF_CTX_clear_flags()\fR returns the new flags value after setting or clearing flags. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_new\fR\|(3), -\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fISSL_CONF_cmd\fR\|(3), -\&\fISSL_CONF_cmd_argv\fR\|(3) +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 index 5e5b0baed8e..526c1be4489 100644 --- a/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 +++ b/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_set_ssl_ctx 3" -.TH SSL_CONF_CTX_set_ssl_ctx 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CONF_CTX_set_ssl_ctx 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,14 +150,14 @@ SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the +\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the \&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with -\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to +\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to \&\fBctx\fR. .PP -\&\fISSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the +\&\fBSSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the \&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with -\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to +\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to \&\fBssl\fR. .SH "NOTES" .IX Header "NOTES" @@ -161,14 +165,14 @@ The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case syntax checking of commands is performed, where possible. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_CTX_set_ssl_ctx()\fR and \fISSL_CTX_set_ssl()\fR do not return a value. +\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR and \fBSSL_CTX_set_ssl()\fR do not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_new\fR\|(3), -\&\fISSL_CONF_CTX_set_flags\fR\|(3), -\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fISSL_CONF_cmd\fR\|(3), -\&\fISSL_CONF_cmd_argv\fR\|(3) +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CONF_cmd.3 b/secure/lib/libssl/man/SSL_CONF_cmd.3 index 533e5bed322..fa3c2d748ea 100644 --- a/secure/lib/libssl/man/SSL_CONF_cmd.3 +++ b/secure/lib/libssl/man/SSL_CONF_cmd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_cmd 3" -.TH SSL_CONF_cmd 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CONF_cmd 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,14 +151,14 @@ SSL_CONF_cmd \- send configuration command .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fISSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with +The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common framework for command line options or configuration files. .PP -\&\fISSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. +\&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. .PP -The function \fISSL_CONF_finish()\fR must be called after all configuration +The function \fBSSL_CONF_finish()\fR must be called after all configuration operations have been completed. It is used to finalise any operations or to process defaults. .SH "SUPPORTED COMMAND LINE COMMANDS" @@ -215,8 +219,8 @@ associated with \fBcctx\fR. .IP "\fB\-cert\fR" 4 .IX Item "-cert" Attempts to use the file \fBvalue\fR as the certificate for the appropriate -context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR -structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR structure is set. This option is only supported if certificate operations are permitted. .IP "\fB\-key\fR" 4 @@ -288,8 +292,8 @@ associated with \fBcctx\fR. .IP "\fBCertificate\fR" 4 .IX Item "Certificate" Attempts to use the file \fBvalue\fR as the certificate for the appropriate -context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR -structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR structure is set. This option is only supported if certificate operations are permitted. .IP "\fBPrivateKey\fR" 4 @@ -404,7 +408,7 @@ for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\f Set by default. .SH "SUPPORTED COMMAND TYPES" .IX Header "SUPPORTED COMMAND TYPES" -The function \fISSL_CONF_cmd_value_type()\fR currently returns one of the following +The function \fBSSL_CONF_cmd_value_type()\fR currently returns one of the following types: .IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 .IX Item "SSL_CONF_TYPE_UNKNOWN" @@ -440,28 +444,28 @@ however the call sequence is: then SSLv3 is \fBalways\fR disabled and attempt to override this by the user are ignored. .PP -By checking the return code of \fISSL_CTX_cmd()\fR it is possible to query if a -given \fBcmd\fR is recognised, this is useful is \fISSL_CTX_cmd()\fR values are +By checking the return code of \fBSSL_CTX_cmd()\fR it is possible to query if a +given \fBcmd\fR is recognised, this is useful is \fBSSL_CTX_cmd()\fR values are mixed with additional application specific operations. .PP -For example an application might call \fISSL_CTX_cmd()\fR and if it returns +For example an application might call \fBSSL_CTX_cmd()\fR and if it returns \&\-2 (unrecognised command) continue with processing of application specific commands. .PP -Applications can also use \fISSL_CTX_cmd()\fR to process command lines though the -utility function \fISSL_CTX_cmd_argv()\fR is normally used instead. One way +Applications can also use \fBSSL_CTX_cmd()\fR to process command lines though the +utility function \fBSSL_CTX_cmd_argv()\fR is normally used instead. One way to do this is to set the prefix to an appropriate value using -\&\fISSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the +\&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the following argument to \fBvalue\fR (which may be \s-1NULL\s0). .PP In this case if the return value is positive then it is used to skip that -number of arguments as they have been processed by \fISSL_CTX_cmd()\fR. If \-2 is +number of arguments as they have been processed by \fBSSL_CTX_cmd()\fR. If \-2 is returned then \fBcmd\fR is not recognised and application specific arguments can be checked instead. If \-3 is returned a required argument is missing and an error is indicated. If 0 is returned some other error occurred and this can be reported back to the user. .PP -The function \fISSL_CONF_cmd_value_type()\fR can be used by applications to +The function \fBSSL_CONF_cmd_value_type()\fR can be used by applications to check for the existence of a command or to perform additional syntax checking or translation of the command value. For example if the return value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative @@ -505,7 +509,7 @@ Set automatic support for any elliptic curve for key exchange: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is +\&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is \&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it returns the number of arguments processed. This is useful when processing command lines. @@ -520,14 +524,14 @@ error occurred attempting to perform the operation: for example due to an error in the syntax of \fBvalue\fR in this case the error queue may provide additional information. .PP -\&\fISSL_CONF_finish()\fR returns 1 for success and 0 for failure. +\&\fBSSL_CONF_finish()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_new\fR\|(3), -\&\fISSL_CONF_CTX_set_flags\fR\|(3), -\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fISSL_CONF_cmd_argv\fR\|(3) +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CONF_cmd()\fR was first added to OpenSSL 1.0.2 +\&\fBSSL_CONF_cmd()\fR was first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 b/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 index 0b9a125e143..5757bbd55b4 100644 --- a/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 +++ b/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_cmd_argv 3" -.TH SSL_CONF_cmd_argv 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CONF_cmd_argv 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,13 +149,13 @@ SSL_CONF_cmd_argv \- SSL configuration command line processing. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fISSL_CONF_cmd_argv()\fR processes at most two command line +The function \fBSSL_CONF_cmd_argv()\fR processes at most two command line arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR are updated to reflect the number of command options processed. The \fBpargc\fR argument can be set to \fB\s-1NULL\s0\fR is it is not used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 +\&\fBSSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 or a negative error code. .PP If \-2 is returned then an argument for a command is missing. @@ -160,11 +164,11 @@ If \-1 is returned the command is recognised but couldn't be processed due to an error: for example a syntax error in the argument. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CONF_CTX_new\fR\|(3), -\&\fISSL_CONF_CTX_set_flags\fR\|(3), -\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fISSL_CONF_cmd\fR\|(3) +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 index a91fe77aedd..c35d9d8d779 100644 --- a/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add1_chain_cert 3" -.TH SSL_CTX_add1_chain_cert 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_add1_chain_cert 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,21 +175,21 @@ chain certificate processing .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set0_chain()\fR and \fISSL_CTX_set1_chain()\fR set the certificate chain +\&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain associated with the current certificate of \fBctx\fR to \fBsk\fR. .PP -\&\fISSL_CTX_add0_chain_cert()\fR and \fISSL_CTX_add1_chain_cert()\fR append the single +\&\fBSSL_CTX_add0_chain_cert()\fR and \fBSSL_CTX_add1_chain_cert()\fR append the single certificate \fBx509\fR to the chain associated with the current certificate of \&\fBctx\fR. .PP -\&\fISSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current +\&\fBSSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current certificate of \fBctx\fR. .PP -\&\fISSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the +\&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the current certificate of \fBctx\fR. (This is implemented by calling -\&\fISSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). +\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). .PP -\&\fISSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally +\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally this uses the chain store or the verify store if the chain store is not set. If the function is successful the built chain will replace any existing chain. The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use @@ -201,22 +205,22 @@ Each of these functions operates on the \fIcurrent\fR end entity (i.e. server or client) certificate. This is the last certificate loaded or selected on the corresponding \fBctx\fR structure. .PP -\&\fISSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity +\&\fBSSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a -function such as \fISSL_CTX_use_certificate()\fR. +function such as \fBSSL_CTX_use_certificate()\fR. .PP -\&\fISSL_set0_chain()\fR, \fISSL_set1_chain()\fR, \fISSL_add0_chain_cert()\fR, -\&\fISSL_add1_chain_cert()\fR, \fISSL_get0_chain_certs()\fR, \fISSL_clear_chain_certs()\fR, -\&\fISSL_build_cert_chain()\fR, \fISSL_select_current_cert()\fR and \fISSL_set_current_cert()\fR +\&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR, +\&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR, +\&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. .PP -\&\fISSL_CTX_set_current_cert()\fR changes the current certificate to a value based +\&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid certificate after the current certificate. These two operations can be used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. .PP -\&\fISSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. +\&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. If \fBssl\fR is a server and has sent a certificate to a connected client this option sets that certificate to the current certificate and returns 1. If the negotiated ciphersuite is anonymous (and thus no certificate will @@ -232,45 +236,45 @@ not increment reference counts and the supplied certificate or chain .SH "NOTES" .IX Header "NOTES" The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 -structures when \fISSL_new()\fR is called. \s-1SSL\s0 structures will not be affected +structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected by any chains subsequently changed in the parent \s-1SSL_CTX.\s0 .PP One chain can be set for each key type supported by a server. So, for example, an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. .PP -The functions \fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR can +The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can be used to check application configuration and to ensure any necessary subordinate CAs are sent in the correct order. Misconfigured applications sending incorrect certificate chains often cause problems with peers. .PP For example an application can add any set of certificates using -\&\fISSL_CTX_use_certificate_chain_file()\fR then call \fISSL_CTX_build_cert_chain()\fR +\&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. .PP Applications can issue non fatal warnings when checking chains by setting the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return value. .PP -Calling \fISSL_CTX_build_cert_chain()\fR or \fISSL_build_cert_chain()\fR is more +Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more efficient than the automatic chain building as it is only performed once. Automatic chain building is performed on each new session. .PP If any certificates are added using these functions no certificates added -using \fISSL_CTX_add_extra_chain_cert()\fR will be used. +using \fBSSL_CTX_add_extra_chain_cert()\fR will be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if +\&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if no server certificate is used because the ciphersuites is anonymous and 0 for failure. .PP -\&\fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR return 1 for success +\&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and a verification error occurs then 2 is returned. .PP All other functions return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.2. diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index 368713dcc8d..7bf3281f61c 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,11 +151,11 @@ extra chain certificates .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain +\&\fBSSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain certificates associated with \fBctx\fR. Several certificates can be added one after another. .PP -\&\fISSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates +\&\fBSSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates associated with \fBctx\fR. .PP These functions are implemented as macros. @@ -162,9 +166,9 @@ following the end entity certificate. .PP If no chain is specified, the library will try to complete the chain from the available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see -\&\fISSL_CTX_load_verify_locations\fR\|(3). +\&\fBSSL_CTX_load_verify_locations\fR\|(3). .PP -The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be +The \fBx509\fR certificate provided to \fBSSL_CTX_add_extra_chain_cert()\fR will be freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application \&\fBshould not\fR free the \fBx509\fR object. .SH "RESTRICTIONS" @@ -173,26 +177,26 @@ Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 structure. Different chains for different certificates (for example if both \&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this -function. For more flexibility functions such as \fISSL_add1_chain_cert()\fR should +function. For more flexibility functions such as \fBSSL_add1_chain_cert()\fR should be used instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_add_extra_chain_cert()\fR and \fISSL_CTX_clear_extra_chain_certs()\fR return +\&\fBSSL_CTX_add_extra_chain_cert()\fR and \fBSSL_CTX_clear_extra_chain_certs()\fR return 1 on success and 0 for failure. Check out the error stack to find out the reason for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_use_certificate\fR\|(3), -\&\fISSL_CTX_set_client_cert_cb\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3) -\&\fISSL_CTX_set0_chain\fR\|(3) -\&\fISSL_CTX_set1_chain\fR\|(3) -\&\fISSL_CTX_add0_chain_cert\fR\|(3) -\&\fISSL_CTX_add1_chain_cert\fR\|(3) -\&\fISSL_set0_chain\fR\|(3) -\&\fISSL_set1_chain\fR\|(3) -\&\fISSL_add0_chain_cert\fR\|(3) -\&\fISSL_add1_chain_cert\fR\|(3) -\&\fISSL_CTX_build_cert_chain\fR\|(3) -\&\fISSL_build_cert_chain\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_set0_chain\fR\|(3) +\&\fBSSL_CTX_set1_chain\fR\|(3) +\&\fBSSL_CTX_add0_chain_cert\fR\|(3) +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) +\&\fBSSL_set0_chain\fR\|(3) +\&\fBSSL_set1_chain\fR\|(3) +\&\fBSSL_add0_chain_cert\fR\|(3) +\&\fBSSL_add1_chain_cert\fR\|(3) +\&\fBSSL_CTX_build_cert_chain\fR\|(3) +\&\fBSSL_build_cert_chain\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index b30ac82b808..928849a3b29 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_add_session 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,15 +153,15 @@ SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The +\&\fBSSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The reference count for session \fBc\fR is incremented by 1. If a session with the same session id already exists, the old session is removed by calling -\&\fISSL_SESSION_free\fR\|(3). +\&\fBSSL_SESSION_free\fR\|(3). .PP -\&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR. -\&\fISSL_SESSION_free\fR\|(3) is called once for \fBc\fR. +\&\fBSSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR. +\&\fBSSL_SESSION_free\fR\|(3) is called once for \fBc\fR. .PP -\&\fISSL_add_session()\fR and \fISSL_remove_session()\fR are synonyms for their +\&\fBSSL_add_session()\fR and \fBSSL_remove_session()\fR are synonyms for their SSL_CTX_*() counterparts. .SH "NOTES" .IX Header "NOTES" @@ -166,7 +170,7 @@ whether a session with the same session id already exists. In this case it is assumed that both sessions are identical. If the same session is stored in a different \s-1SSL_SESSION\s0 object, The old session is removed and replaced by the new session. If the session is actually -identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR +identical (the \s-1SSL_SESSION\s0 object is identical), \fBSSL_CTX_add_session()\fR is a no-op, and the return value is 0. .PP If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 @@ -174,7 +178,7 @@ flag then the internal cache will not be populated automatically by new sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal cache will be searched automatically for session-resume requests (the latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the -application can use \fISSL_CTX_add_session()\fR directly to have full control +application can use \fBSSL_CTX_add_session()\fR directly to have full control over the sessions that can be resumed if desired. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -192,6 +196,6 @@ The following values are returned by all functions: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_SESSION_free\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index b6a885a3643..6de32917fde 100644 --- a/secure/lib/libssl/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_ctrl 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,15 +153,15 @@ SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal han .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The SSL_*\fI_ctrl()\fR family of functions is used to manipulate settings of +The SSL_*\fB_ctrl()\fR family of functions is used to manipulate settings of the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments \&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never be called directly. All functionalities needed are made available via other functions or macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The return values of the SSL*\fI_ctrl()\fR functions depend on the command +The return values of the SSL*\fB_ctrl()\fR functions depend on the command supplied via the \fBcmd\fR parameter. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3) +\&\fBssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index b3d237a6a86..27175391eb3 100644 --- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,33 +150,33 @@ SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_flush_sessions()\fR causes a run through the session cache of +\&\fBSSL_CTX_flush_sessions()\fR causes a run through the session cache of \&\fBctx\fR to remove sessions expired at time \fBtm\fR. .PP -\&\fISSL_flush_sessions()\fR is a synonym for \fISSL_CTX_flush_sessions()\fR. +\&\fBSSL_flush_sessions()\fR is a synonym for \fBSSL_CTX_flush_sessions()\fR. .SH "NOTES" .IX Header "NOTES" If enabled, the internal session cache will collect all sessions established -up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR). +up to the specified maximum number (see \fBSSL_CTX_sess_set_cache_size()\fR). As sessions will not be reused ones they are expired, they should be removed from the cache to save resources. This can either be done automatically whenever 255 new sessions were established (see -\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) -or manually by calling \fISSL_CTX_flush_sessions()\fR. +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) +or manually by calling \fBSSL_CTX_flush_sessions()\fR. .PP The parameter \fBtm\fR specifies the time which should be used for the -expiration test, in most cases the actual time given by \fItime\fR\|(0) +expiration test, in most cases the actual time given by \fBtime\fR\|(0) will be used. .PP -\&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal +\&\fBSSL_CTX_flush_sessions()\fR will only check sessions stored in the internal cache. When a session is found and removed, the remove_session_cb is however called to synchronize with the external cache (see -\&\fISSL_CTX_sess_set_get_cb\fR\|(3)). +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_CTX_set_timeout\fR\|(3), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index 029c3b0ef61..ff13bc3dc5d 100644 --- a/secure/lib/libssl/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_free 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,25 +149,25 @@ SSL_CTX_free \- free an allocated SSL_CTX object .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the +\&\fBSSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the \&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the the reference count has reached 0. .PP -It also calls the \fIfree()\fRing procedures for indirectly affected items, if +It also calls the \fBfree()\fRing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys. .SH "WARNINGS" .IX Header "WARNINGS" -If a session-remove callback is set (\fISSL_CTX_sess_set_remove_cb()\fR), this +If a session-remove callback is set (\fBSSL_CTX_sess_set_remove_cb()\fR), this callback will be called for each session being freed from \fBctx\fR's session cache. This implies, that all corresponding sessions from an external session cache are removed as well. If this is not desired, the user should explicitly unset the callback by calling -SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fISSL_CTX_free()\fR. +SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fBSSL_CTX_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_free()\fR does not provide diagnostic information. +\&\fBSSL_CTX_free()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_new\fR\|(3), \fIssl\fR\|(3), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3) +\&\fBSSL_CTX_new\fR\|(3), \fBssl\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_get0_param.3 b/secure/lib/libssl/man/SSL_CTX_get0_param.3 index dde37d76c79..9a03aa376ab 100644 --- a/secure/lib/libssl/man/SSL_CTX_get0_param.3 +++ b/secure/lib/libssl/man/SSL_CTX_get0_param.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get0_param 3" -.TH SSL_CTX_get0_param 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_get0_param 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,16 +153,16 @@ get and set verification parameters .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR retrieve an internal pointer to +\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR retrieve an internal pointer to the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned pointer must not be freed by the calling application. .PP -\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR set the verification parameters +\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR set the verification parameters to \fBvpm\fR for \fBctx\fR or \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure -using \fISSL_CTX_get0_param()\fR or \fISSL_get0_param()\fR and an application modifies +using \fBSSL_CTX_get0_param()\fR or \fBSSL_get0_param()\fR and an application modifies them to suit its needs: for example to add a hostname check. .SH "EXAMPLE" .IX Header "EXAMPLE" @@ -170,14 +174,14 @@ Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR return a pointer to an +\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR return a pointer to an \&\fBX509_VERIFY_PARAM\fR structure. .PP -\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR return 1 for success and 0 +\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3) +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.2. diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index 98955e55394..c2372925bda 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,21 +167,21 @@ Several OpenSSL structures can have application specific data attached to them. These functions are used internally by OpenSSL to manipulate application specific data attached to a specific structure. .PP -\&\fISSL_CTX_get_ex_new_index()\fR is used to register a new index for application +\&\fBSSL_CTX_get_ex_new_index()\fR is used to register a new index for application specific data. .PP -\&\fISSL_CTX_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR +\&\fBSSL_CTX_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR into the \fBctx\fR object. .PP -\&\fISSL_CTX_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from +\&\fBSSL_CTX_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from \&\fBctx\fR. .PP -A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in \fIRSA_get_ex_new_index\fR\|(3). -The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -\&\fICRYPTO_set_ex_data\fR\|(3). +A detailed description for the \fB*\fB_get_ex_new_index()\fB\fR functionality +can be found in \fBRSA_get_ex_new_index\fR\|(3). +The \fB*\fB_get_ex_data()\fB\fR and \fB*\fB_set_ex_data()\fB\fR functionality is described in +\&\fBCRYPTO_set_ex_data\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fIRSA_get_ex_new_index\fR\|(3), -\&\fICRYPTO_set_ex_data\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBRSA_get_ex_new_index\fR\|(3), +\&\fBCRYPTO_set_ex_data\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index 7769f491132..db77a809fb3 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,25 +154,25 @@ SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_get_verify_mode()\fR returns the verification mode currently set in +\&\fBSSL_CTX_get_verify_mode()\fR returns the verification mode currently set in \&\fBctx\fR. .PP -\&\fISSL_get_verify_mode()\fR returns the verification mode currently set in +\&\fBSSL_get_verify_mode()\fR returns the verification mode currently set in \&\fBssl\fR. .PP -\&\fISSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set +\&\fBSSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the default value will be used. .PP -\&\fISSL_get_verify_depth()\fR returns the verification depth limit currently set +\&\fBSSL_get_verify_depth()\fR returns the verification depth limit currently set in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the default value will be used. .PP -\&\fISSL_CTX_get_verify_callback()\fR returns a function pointer to the verification +\&\fBSSL_CTX_get_verify_callback()\fR returns a function pointer to the verification callback currently set in \fBctx\fR. If no callback was explicitly set, the \&\s-1NULL\s0 pointer is returned and the default callback will be used. .PP -\&\fISSL_get_verify_callback()\fR returns a function pointer to the verification +\&\fBSSL_get_verify_callback()\fR returns a function pointer to the verification callback currently set in \fBssl\fR. If no callback was explicitly set, the \&\s-1NULL\s0 pointer is returned and the default callback will be used. .SH "RETURN VALUES" @@ -176,4 +180,4 @@ callback currently set in \fBssl\fR. If no callback was explicitly set, the See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index 85b41d3c9fb..fe06ff06244 100644 --- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ certificates .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at +\&\fBSSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at which \s-1CA\s0 certificates for verification purposes are located. The certificates available via \fBCAfile\fR and \fBCApath\fR are trusted. .SH "NOTES" @@ -164,7 +168,7 @@ format. The file can contain several \s-1CA\s0 certificates identified by sequences. Before, between, and after the certificates text is allowed which can be used e.g. for descriptions of the certificates. .PP -The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR +The \fBCAfile\fR is processed on execution of the \fBSSL_CTX_load_verify_locations()\fR function. .PP If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates @@ -193,14 +197,14 @@ In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must explicitly be set using the -\&\fISSL_CTX_set_client_CA_list\fR\|(3) +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) family of functions. .PP When building its own certificate chain, an OpenSSL client/server will try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the certificate chain was not explicitly specified (see -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), -\&\fISSL_CTX_use_certificate\fR\|(3). +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" If several \s-1CA\s0 certificates matching the name, key identifier, and serial @@ -241,9 +245,9 @@ stack to find out the reason. The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_set_client_CA_list\fR\|(3), -\&\fISSL_get_client_CA_list\fR\|(3), -\&\fISSL_CTX_use_certificate\fR\|(3), -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), -\&\fISSL_CTX_set_cert_store\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_set_cert_store\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index 5904a5d71ba..96f8406b052 100644 --- a/secure/lib/libssl/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,14 +191,14 @@ create a new SSL_CTX object as framework for TLS/SSL enabled functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish +\&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish \&\s-1TLS/SSL\s0 enabled connections. .SH "NOTES" .IX Header "NOTES" The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist in a generic type (for client and server use), a server only type, and a client only type. \fBmethod\fR can be of the following types: -.IP "\fISSLv23_method()\fR, \fISSLv23_server_method()\fR, \fISSLv23_client_method()\fR" 4 +.IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4 .IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. The actual protocol version used will be negotiated to the highest version @@ -206,7 +210,7 @@ methods described below. The list of protocols available can be further limited using the \&\fBSSL_OP_NO_SSLv2\fR, \fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \&\fBSSL_OP_NO_TLSv1_1\fR and \fBSSL_OP_NO_TLSv1_2\fR options of the -\&\fISSL_CTX_set_options\fR\|(3) or \fISSL_set_options\fR\|(3) functions. +\&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions. Clients should avoid creating \*(L"holes\*(R" in the set of protocols they support, when disabling a protocol, make sure that you also disable either all previous or all subsequent protocol versions. @@ -215,37 +219,37 @@ previous protocol versions, the effect is to also disable all subsequent protocol versions. .Sp The SSLv2 and SSLv3 protocols are deprecated and should generally not be used. -Applications should typically use \fISSL_CTX_set_options\fR\|(3) in combination with +Applications should typically use \fBSSL_CTX_set_options\fR\|(3) in combination with the \fBSSL_OP_NO_SSLv3\fR flag to disable negotiation of SSLv3 via the above \&\fIversion-flexible\fR \s-1SSL/TLS\s0 methods. The \fBSSL_OP_NO_SSLv2\fR option is set by default, and would need to be cleared -via \fISSL_CTX_clear_options\fR\|(3) in order to enable negotiation of SSLv2. -.IP "\fITLSv1_2_method()\fR, \fITLSv1_2_server_method()\fR, \fITLSv1_2_client_method()\fR" 4 +via \fBSSL_CTX_clear_options\fR\|(3) in order to enable negotiation of SSLv2. +.IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4 .IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages and will also indicate that it only understand TLSv1.2. A server will only understand TLSv1.2 client hello messages. -.IP "\fITLSv1_1_method()\fR, \fITLSv1_1_server_method()\fR, \fITLSv1_1_client_method()\fR" 4 +.IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4 .IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages and will also indicate that it only understand TLSv1.1. A server will only understand TLSv1.1 client hello messages. -.IP "\fITLSv1_method()\fR, \fITLSv1_server_method()\fR, \fITLSv1_client_method()\fR" 4 +.IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4 .IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1 protocol. A client will send out TLSv1 client hello messages and will indicate that it only understands TLSv1. A server will only understand TLSv1 client hello messages. -.IP "\fISSLv3_method()\fR, \fISSLv3_server_method()\fR, \fISSLv3_client_method()\fR" 4 +.IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4 .IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the SSLv3 protocol. A client will send out SSLv3 client hello messages and will indicate that it only understands SSLv3. A server will only understand SSLv3 client hello messages. The SSLv3 protocol is deprecated and should not be used. -.IP "\fISSLv2_method()\fR, \fISSLv2_server_method()\fR, \fISSLv2_client_method()\fR" 4 +.IP "\fBSSLv2_method()\fR, \fBSSLv2_server_method()\fR, \fBSSLv2_client_method()\fR" 4 .IX Item "SSLv2_method(), SSLv2_server_method(), SSLv2_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the SSLv2 protocol. A client will send out SSLv2 client hello messages and will @@ -254,17 +258,17 @@ SSLv2 client hello messages. The SSLv2 protocol offers little to no security and should not be used. As of OpenSSL 1.0.2g, \s-1EXPORT\s0 ciphers and 56\-bit \s-1DES\s0 are no longer available with SSLv2. -.IP "\fIDTLS_method()\fR, \fIDTLS_server_method()\fR, \fIDTLS_client_method()\fR" 4 +.IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4 .IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" These are the version-flexible \s-1DTLS\s0 methods. -.IP "\fIDTLSv1_2_method()\fR, \fIDTLSv1_2_server_method()\fR, \fIDTLSv1_2_client_method()\fR" 4 +.IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4 .IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" These are the version-specific methods for DTLSv1.2. -.IP "\fIDTLSv1_method()\fR, \fIDTLSv1_server_method()\fR, \fIDTLSv1_client_method()\fR" 4 +.IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4 .IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" These are the version-specific methods for DTLSv1. .PP -\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the +\&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates and the options to its default values. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -278,6 +282,6 @@ the reason. The return value points to an allocated \s-1SSL_CTX\s0 object. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CTX_clear_options\fR\|(3), \fISSL_set_options\fR\|(3), -\&\fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3), -\&\fIssl\fR\|(3), \fISSL_set_connect_state\fR\|(3) +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_clear_options\fR\|(3), \fBSSL_set_options\fR\|(3), +\&\fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBssl\fR\|(3), \fBSSL_set_connect_state\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index 6a8732b57ba..9821468e78f 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_sess_number 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,50 +160,50 @@ SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_se .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_sess_number()\fR returns the current number of sessions in the internal +\&\fBSSL_CTX_sess_number()\fR returns the current number of sessions in the internal session cache. .PP -\&\fISSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +\&\fBSSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in client mode. .PP -\&\fISSL_CTX_sess_connect_good()\fR returns the number of successfully established +\&\fBSSL_CTX_sess_connect_good()\fR returns the number of successfully established \&\s-1SSL/TLS\s0 sessions in client mode. .PP -\&\fISSL_CTX_sess_connect_renegotiate()\fR returns the number of start renegotiations +\&\fBSSL_CTX_sess_connect_renegotiate()\fR returns the number of start renegotiations in client mode. .PP -\&\fISSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +\&\fBSSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in server mode. .PP -\&\fISSL_CTX_sess_accept_good()\fR returns the number of successfully established +\&\fBSSL_CTX_sess_accept_good()\fR returns the number of successfully established \&\s-1SSL/TLS\s0 sessions in server mode. .PP -\&\fISSL_CTX_sess_accept_renegotiate()\fR returns the number of start renegotiations +\&\fBSSL_CTX_sess_accept_renegotiate()\fR returns the number of start renegotiations in server mode. .PP -\&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. -In client mode a session set with \fISSL_set_session\fR\|(3) +\&\fBSSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. +In client mode a session set with \fBSSL_set_session\fR\|(3) successfully reused is counted as a hit. In server mode a session successfully retrieved from internal or external cache is counted as a hit. .PP -\&\fISSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions +\&\fBSSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions from the external session cache in server mode. .PP -\&\fISSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients +\&\fBSSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients that were not found in the internal session cache in server mode. .PP -\&\fISSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients +\&\fBSSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients and either found in the internal or external session cache in server mode, but that were invalid due to timeout. These sessions are not included in -the \fISSL_CTX_sess_hits()\fR count. +the \fBSSL_CTX_sess_hits()\fR count. .PP -\&\fISSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed +\&\fBSSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed because the maximum session cache size was exceeded. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions return the values indicated in the \s-1DESCRIPTION\s0 section. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3) -\&\fISSL_CTX_sess_set_cache_size\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_set_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index 992d29af20e..ca237640027 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,22 +150,22 @@ SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session c .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache +\&\fBSSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache of context \fBctx\fR to \fBt\fR. This value is a hint and not an absolute; see the notes below. .PP -\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. +\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. .SH "NOTES" .IX Header "NOTES" The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0 currently 1024*20, so that up to 20000 sessions can be held. This size -can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special +can be modified using the \fBSSL_CTX_sess_set_cache_size()\fR call. A special case is the size 0, which is used for unlimited size. .PP If adding the session makes the cache exceed its size, then unused sessions are dropped from the end of the cache. Cache space may also be reclaimed by calling -\&\fISSL_CTX_flush_sessions\fR\|(3) to remove +\&\fBSSL_CTX_flush_sessions\fR\|(3) to remove expired sessions. .PP If the size of the session cache is reduced and more sessions are already @@ -170,12 +174,12 @@ session shall be added. This removal is not synchronized with the expiration of sessions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_sess_set_cache_size()\fR returns the previously valid size. +\&\fBSSL_CTX_sess_set_cache_size()\fR returns the previously valid size. .PP -\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size. +\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid size. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_CTX_sess_number\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index 84cceb3f7d8..0c8063110c9 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,22 +163,22 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically +\&\fBSSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically called whenever a new session was negotiated. .PP -\&\fISSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is +\&\fBSSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is automatically called whenever a session is removed by the \s-1SSL\s0 engine, because it is considered faulty or the session has become obsolete because of exceeding the timeout value. .PP -\&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, +\&\fBSSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session could not be found in the internal session cache (see -\&\fISSL_CTX_set_session_cache_mode\fR\|(3)). +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). (\s-1SSL/TLS\s0 server only.) .PP -\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and -\&\fISSL_CTX_sess_get_get_cb()\fR allow to retrieve the function pointers of the +\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR, and +\&\fBSSL_CTX_sess_get_get_cb()\fR allow to retrieve the function pointers of the provided callback functions. If a callback function has not been set, the \s-1NULL\s0 pointer is returned. .SH "NOTES" @@ -182,35 +186,35 @@ the \s-1NULL\s0 pointer is returned. In order to allow external session caching, synchronization with the internal session cache is realized via callback functions. Inside these callback functions, session can be saved to disk or put into a database using the -\&\fId2i_SSL_SESSION\fR\|(3) interface. +\&\fBd2i_SSL_SESSION\fR\|(3) interface. .PP -The \fInew_session_cb()\fR is called, whenever a new session has been negotiated +The \fBnew_session_cb()\fR is called, whenever a new session has been negotiated and session caching is enabled (see -\&\fISSL_CTX_set_session_cache_mode\fR\|(3)). -The \fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). +The \fBnew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session \&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately removed again. .PP -The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session +The \fBremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session from the internal cache. This happens when the session is removed because it is expired or when a connection was not shutdown cleanly. It also happens for all sessions in the internal session cache when -\&\fISSL_CTX_free\fR\|(3) is called. The \fIremove_session_cb()\fR is passed +\&\fBSSL_CTX_free\fR\|(3) is called. The \fBremove_session_cb()\fR is passed the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. .PP -The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id -proposed by the client. The \fIget_session_cb()\fR is always called, also when -session caching was disabled. The \fIget_session_cb()\fR is passed the +The \fBget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id +proposed by the client. The \fBget_session_cb()\fR is always called, also when +session caching was disabled. The \fBget_session_cb()\fR is passed the \&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location \&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the \&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, Normally the reference count is not incremented and therefore the session must not be explicitly freed with -\&\fISSL_SESSION_free\fR\|(3). +\&\fBSSL_SESSION_free\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fId2i_SSL_SESSION\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3), -\&\fISSL_SESSION_free\fR\|(3), -\&\fISSL_CTX_free\fR\|(3) +\&\fBssl\fR\|(3), \fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index 7629b6055c2..aa7e3bfd7d5 100644 --- a/secure/lib/libssl/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_sessions 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,19 +149,19 @@ SSL_CTX_sessions \- access internal session cache .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the +\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the internal session cache for \fBctx\fR. .SH "NOTES" .IX Header "NOTES" The sessions in the internal session cache are kept in an -\&\fIlhash\fR\|(3) type database. It is possible to directly +\&\fBlhash\fR\|(3) type database. It is possible to directly access this database e.g. for searching. In parallel, the sessions form a linked list which is maintained separately from the -\&\fIlhash\fR\|(3) operations, so that the database must not be +\&\fBlhash\fR\|(3) operations, so that the database must not be modified directly but by using the -\&\fISSL_CTX_add_session\fR\|(3) family of functions. +\&\fBSSL_CTX_add_session\fR\|(3) family of functions. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fIlhash\fR\|(3), -\&\fISSL_CTX_add_session\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBssl\fR\|(3), \fBlhash\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set1_curves.3 b/secure/lib/libssl/man/SSL_CTX_set1_curves.3 index 09b8f8d59bc..43547354bec 100644 --- a/secure/lib/libssl/man/SSL_CTX_set1_curves.3 +++ b/secure/lib/libssl/man/SSL_CTX_set1_curves.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set1_curves 3" -.TH SSL_CTX_set1_curves 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set1_curves 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,20 +161,20 @@ SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto \- EC supported curve functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set1_curves()\fR sets the supported curves for \fBctx\fR to \fBclistlen\fR +\&\fBSSL_CTX_set1_curves()\fR sets the supported curves for \fBctx\fR to \fBclistlen\fR curves in the array \fBclist\fR. The array consist of all NIDs of curves in preference order. For a \s-1TLS\s0 client the curves are used directly in the supported curves extension. For a \s-1TLS\s0 server the curves are used to determine the set of shared curves. .PP -\&\fISSL_CTX_set1_curves_list()\fR sets the supported curves for \fBctx\fR to +\&\fBSSL_CTX_set1_curves_list()\fR sets the supported curves for \fBctx\fR to string \fBlist\fR. The string is a colon separated list of curve NIDs or names, for example \*(L"P\-521:P\-384:P\-256\*(R". .PP -\&\fISSL_set1_curves()\fR and \fISSL_set1_curves_list()\fR are similar except they set +\&\fBSSL_set1_curves()\fR and \fBSSL_set1_curves_list()\fR are similar except they set supported curves for the \s-1SSL\s0 structure \fBssl\fR. .PP -\&\fISSL_get1_curves()\fR returns the set of supported curves sent by a client +\&\fBSSL_get1_curves()\fR returns the set of supported curves sent by a client in the supported curves extension. It returns the total number of supported curves. The \fBcurves\fR parameter can be \fB\s-1NULL\s0\fR to simply return the number of curves for memory allocation purposes. The @@ -178,14 +182,14 @@ return the number of curves for memory allocation purposes. The order. It can return zero if the client did not send a supported curves extension. .PP -\&\fISSL_get_shared_curve()\fR returns shared curve \fBn\fR for a server-side +\&\fBSSL_get_shared_curve()\fR returns shared curve \fBn\fR for a server-side \&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared curves is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared curve so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, NID_undef is returned. .PP -\&\fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR set automatic curve +\&\fBSSL_CTX_set_ecdh_auto()\fR and \fBSSL_set_ecdh_auto()\fR set automatic curve selection for server \fBctx\fR or \fBssl\fR to \fBonoff\fR. If \fBonoff\fR is 1 then the highest preference curve is automatically used for \s-1ECDH\s0 temporary keys used during key exchange. @@ -197,11 +201,11 @@ If an application wishes to make use of several of these functions for configuration purposes either on a command line or in a file it should consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. .PP -The functions \fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR can be used to +The functions \fBSSL_CTX_set_ecdh_auto()\fR and \fBSSL_set_ecdh_auto()\fR can be used to make a server always choose the most appropriate curve for a client. If set it will override any temporary \s-1ECDH\s0 parameters set by a server. Previous versions of OpenSSL could effectively only use a single \s-1ECDH\s0 curve set -using a function such as \fISSL_CTX_set_ecdh_tmp()\fR. Newer applications should +using a function such as \fBSSL_CTX_set_ecdh_tmp()\fR. Newer applications should just call: .PP .Vb 1 @@ -212,21 +216,21 @@ and they will automatically support \s-1ECDH\s0 using the most appropriate share curve. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set1_curves()\fR, \fISSL_CTX_set1_curves_list()\fR, \fISSL_set1_curves()\fR, -\&\fISSL_set1_curves_list()\fR, \fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR +\&\fBSSL_CTX_set1_curves()\fR, \fBSSL_CTX_set1_curves_list()\fR, \fBSSL_set1_curves()\fR, +\&\fBSSL_set1_curves_list()\fR, \fBSSL_CTX_set_ecdh_auto()\fR and \fBSSL_set_ecdh_auto()\fR return 1 for success and 0 for failure. .PP -\&\fISSL_get1_curves()\fR returns the number of curves, which may be zero. +\&\fBSSL_get1_curves()\fR returns the number of curves, which may be zero. .PP -\&\fISSL_get_shared_curve()\fR returns the \s-1NID\s0 of shared curve \fBn\fR or NID_undef if there +\&\fBSSL_get_shared_curve()\fR returns the \s-1NID\s0 of shared curve \fBn\fR or NID_undef if there is no shared curve \fBn\fR; or the total number of shared curves if \fBn\fR is \-1. .PP -When called on a client \fBssl\fR, \fISSL_get_shared_curve()\fR has no meaning and +When called on a client \fBssl\fR, \fBSSL_get_shared_curve()\fR has no meaning and returns \-1. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.2. diff --git a/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 index 46059d4a5fd..4350e77ce27 100644 --- a/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set1_verify_cert_store 3" -.TH SSL_CTX_set1_verify_cert_store 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set1_verify_cert_store 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,14 +161,14 @@ verification or chain store .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set0_verify_cert_store()\fR and \fISSL_CTX_set1_verify_cert_store()\fR +\&\fBSSL_CTX_set0_verify_cert_store()\fR and \fBSSL_CTX_set1_verify_cert_store()\fR set the certificate store used for certificate verification to \fBst\fR. .PP -\&\fISSL_CTX_set0_chain_cert_store()\fR and \fISSL_CTX_set1_chain_cert_store()\fR +\&\fBSSL_CTX_set0_chain_cert_store()\fR and \fBSSL_CTX_set1_chain_cert_store()\fR set the certificate store used for certificate chain building to \fBst\fR. .PP -\&\fISSL_set0_verify_cert_store()\fR, \fISSL_set1_verify_cert_store()\fR, -\&\fISSL_set0_chain_cert_store()\fR and \fISSL_set1_chain_cert_store()\fR are similar +\&\fBSSL_set0_verify_cert_store()\fR, \fBSSL_set1_verify_cert_store()\fR, +\&\fBSSL_set0_chain_cert_store()\fR and \fBSSL_set1_chain_cert_store()\fR are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. .PP All these functions are implemented as macros. Those containing a \fB1\fR @@ -175,7 +179,7 @@ after the operation. .SH "NOTES" .IX Header "NOTES" The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 -structures when \fISSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be +structures when \fBSSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. .PP The verification store is used to verify the certificate chain sent by the @@ -187,8 +191,8 @@ The chain store is used to build the certificate chain. .PP If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is configured already (for example using the functions such as -\&\fISSL_CTX_add1_chain_cert\fR\|(3) or -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)) then +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) or +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)) then automatic chain building is disabled. .PP If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building @@ -202,17 +206,17 @@ versions of OpenSSL. All these functions return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) -\&\fISSL_CTX_set0_chain\fR\|(3) -\&\fISSL_CTX_set1_chain\fR\|(3) -\&\fISSL_CTX_add0_chain_cert\fR\|(3) -\&\fISSL_CTX_add1_chain_cert\fR\|(3) -\&\fISSL_set0_chain\fR\|(3) -\&\fISSL_set1_chain\fR\|(3) -\&\fISSL_add0_chain_cert\fR\|(3) -\&\fISSL_add1_chain_cert\fR\|(3) -\&\fISSL_CTX_build_cert_chain\fR\|(3) -\&\fISSL_build_cert_chain\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_set0_chain\fR\|(3) +\&\fBSSL_CTX_set1_chain\fR\|(3) +\&\fBSSL_CTX_add0_chain_cert\fR\|(3) +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) +\&\fBSSL_set0_chain\fR\|(3) +\&\fBSSL_set1_chain\fR\|(3) +\&\fBSSL_add0_chain_cert\fR\|(3) +\&\fBSSL_add1_chain_cert\fR\|(3) +\&\fBSSL_CTX_build_cert_chain\fR\|(3) +\&\fBSSL_build_cert_chain\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were first added to OpenSSL 1.0.2. diff --git a/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 index 8b2671c94fe..8682f87cb2b 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_alpn_select_cb 3" -.TH SSL_CTX_set_alpn_select_cb 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_alpn_select_cb 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,12 +168,12 @@ protocol negotiation (ALPN) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR are used by the client to +\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR are used by the client to set the list of protocols available to be negotiated. The \fBprotos\fR must be in protocol-list format, described below. The length of \fBprotos\fR is specified in \&\fBprotos_len\fR. .PP -\&\fISSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a +\&\fBSSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a server to select which protocol to use for the incoming connection. When \fBcb\fR is \s-1NULL, ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to the application callback. @@ -178,9 +182,9 @@ the application callback. vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector should be set to the value of a single protocol selected from the \fBin\fR, \&\fBinlen\fR vector. The \fBarg\fR parameter is the pointer set via -\&\fISSL_CTX_set_alpn_select_cb()\fR. +\&\fBSSL_CTX_set_alpn_select_cb()\fR. .PP -\&\fISSL_select_next_proto()\fR is a helper function used to select protocols. It +\&\fBSSL_select_next_proto()\fR is a helper function used to select protocols. It implements the standard protocol selection. It is expected that this function is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR, \&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format @@ -191,7 +195,7 @@ in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This function can also be used in the \s-1NPN\s0 callback. .PP -\&\fISSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR +\&\fBSSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR is set to 0 if no protocol has been selected. \fBdata\fR must not be freed. .SH "NOTES" @@ -219,10 +223,10 @@ If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback invoked. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR return 0 on success, and +\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR return 0 on success, and non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention. .PP -\&\fISSL_select_next_proto()\fR returns one of the following: +\&\fBSSL_select_next_proto()\fR returns one of the following: .IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4 .IX Item "OPENSSL_NPN_NEGOTIATED" A match was found and is returned in \fBout\fR, \fBoutlen\fR. @@ -240,5 +244,5 @@ The \s-1ALPN\s0 select callback \fBcb\fR, must return one of the following: \&\s-1ALPN\s0 protocol not selected. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CTX_set_tlsext_servername_callback\fR\|(3), -\&\fISSL_CTX_set_tlsext_servername_arg\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), +\&\fBSSL_CTX_set_tlsext_servername_arg\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 index 07e476be8d6..e9d11d42995 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_cb 3" -.TH SSL_CTX_set_cert_cb 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_cert_cb 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,31 +152,31 @@ SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR sets the \fB\f(BIcert_cb()\fB\fR callback, +\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fB\fBcert_cb()\fB\fR callback, \&\fBarg\fR value is pointer which is passed to the application callback. .PP -When \fB\f(BIcert_cb()\fB\fR is \s-1NULL,\s0 no callback function is used. +When \fB\fBcert_cb()\fB\fR is \s-1NULL,\s0 no callback function is used. .PP -\&\fIcert_cb()\fR is the application defined callback. It is called before a +\&\fBcert_cb()\fR is the application defined callback. It is called before a certificate will be used by a client or server. The callback can then inspect the passed \fBssl\fR structure and set or clear any appropriate certificates. If the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake and the handshake function will return immediately. -\&\fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to +\&\fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake -function will again lead to the call of \fIcert_cb()\fR. It is the job of the -\&\fIcert_cb()\fR to store information about the state of the last call, +function will again lead to the call of \fBcert_cb()\fR. It is the job of the +\&\fBcert_cb()\fR to store information about the state of the last call, if required to continue. .SH "NOTES" .IX Header "NOTES" -An application will typically call \fISSL_use_certificate()\fR and -\&\fISSL_use_PrivateKey()\fR to set the end entity certificate and private key. +An application will typically call \fBSSL_use_certificate()\fR and +\&\fBSSL_use_PrivateKey()\fR to set the end entity certificate and private key. It can add intermediate and optionally the root \s-1CA\s0 certificates using -\&\fISSL_add1_chain_cert()\fR. +\&\fBSSL_add1_chain_cert()\fR. .PP -It might also call \fISSL_certs_clear()\fR to delete any certificates associated +It might also call \fBSSL_certs_clear()\fR to delete any certificates associated with the \fB\s-1SSL\s0\fR object. .PP The certificate callback functionality supercedes the (largely broken) @@ -191,7 +195,7 @@ by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not support it will \fBnot\fR be used. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_use_certificate\fR\|(3), -\&\fISSL_add1_chain_cert\fR\|(3), -\&\fISSL_get_client_CA_list\fR\|(3), -\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_use_certificate\fR\|(3), +\&\fBSSL_add1_chain_cert\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index 19a9e077c08..ac8506d1518 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,11 +150,11 @@ SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate ve .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage +\&\fBSSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently -set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed. +set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. .PP -\&\fISSL_CTX_get_cert_store()\fR returns a pointer to the current certificate +\&\fBSSL_CTX_get_cert_store()\fR returns a pointer to the current certificate verification storage. .SH "NOTES" .IX Header "NOTES" @@ -160,17 +164,17 @@ via lookup methods, handled inside the X509_STORE. From the X509_STORE the X509_STORE_CTX used when verifying certificates is created. .PP Typically the trusted certificate store is handled indirectly via using -\&\fISSL_CTX_load_verify_locations\fR\|(3). -Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +Using the \fBSSL_CTX_set_cert_store()\fR and \fBSSL_CTX_get_cert_store()\fR functions it is possible to manipulate the X509_STORE object beyond the -\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_load_verify_locations\fR\|(3) call. .PP Currently no detailed documentation on how to use the X509_STORE object is available. Not all members of the X509_STORE are used when -the verification takes place. So will e.g. the \fIverify_callback()\fR be -overridden with the \fIverify_callback()\fR set via the -\&\fISSL_CTX_set_verify\fR\|(3) family of functions. +the verification takes place. So will e.g. the \fBverify_callback()\fR be +overridden with the \fBverify_callback()\fR set via the +\&\fBSSL_CTX_set_verify\fR\|(3) family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. .SH "RESTRICTIONS" @@ -178,14 +182,14 @@ X509_STORE object and its handling becomes available. The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer certificates and building certificate chains, it is also shared by every child \s-1SSL\s0 structure. Applications wanting finer control can use -functions such as \fISSL_CTX_set1_verify_cert_store()\fR instead. +functions such as \fBSSL_CTX_set1_verify_cert_store()\fR instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_cert_store()\fR does not return diagnostic output. +\&\fBSSL_CTX_set_cert_store()\fR does not return diagnostic output. .PP -\&\fISSL_CTX_get_cert_store()\fR returns the current setting. +\&\fBSSL_CTX_get_cert_store()\fR returns the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3), -\&\fISSL_CTX_set_verify\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index 6a9324139a5..42cb5f40f1d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,16 +149,16 @@ SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for +\&\fBSSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for \&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at -the time when \fISSL_new\fR\|(3) is called. +the time when \fBSSL_new\fR\|(3) is called. .SH "NOTES" .IX Header "NOTES" Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification function is called. If the application does not explicitly specify a verification callback function, the built-in verification function is used. If a verification callback \fIcallback\fR is specified via -\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called +\&\fBSSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. .PP When the verification must be performed, \fIcallback\fR will be called with @@ -170,12 +174,12 @@ member of \fIx509_store_ctx\fR so that the calling application will be informed about the detailed result of the verification procedure! .PP Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR -function set using \fISSL_CTX_set_verify\fR\|(3). +function set using \fBSSL_CTX_set_verify\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" Do not mix the verification callback described in this function with the \&\fBverify_callback\fR function called during the verification process. The -latter is set using the \fISSL_CTX_set_verify\fR\|(3) +latter is set using the \fBSSL_CTX_set_verify\fR\|(3) family of functions. .PP Providing a complete verification procedure including certificate purpose @@ -186,12 +190,12 @@ the \fBverify_callback\fR function. .IX Header "BUGS" .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. +\&\fBSSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3), -\&\fISSL_get_verify_result\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" Previous to OpenSSL 0.9.7, the \fIarg\fR argument to \fBSSL_CTX_set_cert_verify_callback\fR diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index 8ea0f0573d3..bca6ac93aa1 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,12 +150,12 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIP .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers for \fBctx\fR +\&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers for \fBctx\fR using the control string \fBstr\fR. The format of the string is described -in \fIciphers\fR\|(1). The list of ciphers is inherited by all +in \fBciphers\fR\|(1). The list of ciphers is inherited by all \&\fBssl\fR objects created from \fBctx\fR. .PP -\&\fISSL_set_cipher_list()\fR sets the list of ciphers only for \fBssl\fR. +\&\fBSSL_set_cipher_list()\fR sets the list of ciphers only for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The control string \fBstr\fR should be universally usable and not depend @@ -172,13 +176,13 @@ A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is availab \&\s-1RSA\s0 export ciphers with a keylength of 512 bits for the \s-1RSA\s0 key require a temporary 512 bit \s-1RSA\s0 key, as typically the supplied key has a length of 1024 bit (see -\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3)). +\&\fBSSL_CTX_set_tmp_rsa_callback\fR\|(3)). \&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters -(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. \&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters -(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP When these conditions are not met for any cipher in the list (e.g. a client only supports export \s-1RSA\s0 ciphers with a asymmetric key length @@ -191,12 +195,12 @@ default) then SSLv2 is effectively disabled and neither clients nor servers will attempt to use SSLv2. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher +\&\fBSSL_CTX_set_cipher_list()\fR and \fBSSL_set_cipher_list()\fR return 1 if any cipher could be selected and 0 on complete failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_get_ciphers\fR\|(3), -\&\fISSL_CTX_use_certificate\fR\|(3), -\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), -\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), -\&\fIciphers\fR\|(1) +\&\fBssl\fR\|(3), \fBSSL_get_ciphers\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBciphers\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index b70ee9ffa19..0f26fde7bf4 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,49 +154,49 @@ client certificate .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +\&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when requesting a client certificate for \fBctx\fR. .PP -\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +\&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when requesting a client certificate for the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. .PP -\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +\&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the list of CAs sent to the client when requesting a client certificate for \&\fBctx\fR. .PP -\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +\&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the list of CAs sent to the client when requesting a client certificate for the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. .SH "NOTES" .IX Header "NOTES" When a \s-1TLS/SSL\s0 server requests a client certificate (see -\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which +\&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept certificates, to the client. .PP -This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for -\&\fBctx\fR and \fISSL_set_client_CA_list()\fR for the specific \fBssl\fR. The list +This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR for +\&\fBctx\fR and \fBSSL_set_client_CA_list()\fR for the specific \fBssl\fR. The list specified overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR only contains the names, not the complete certificates); use -\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. .PP If the list of acceptable CAs is compiled in a file, the -\&\fISSL_load_client_CA_file\fR\|(3) +\&\fBSSL_load_client_CA_file\fR\|(3) function can be used to help importing the necessary data. .PP -\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR can be used to add additional +\&\fBSSL_CTX_add_client_CA()\fR and \fBSSL_add_client_CA()\fR can be used to add additional items the list of client CAs. If no list was specified before using -\&\fISSL_CTX_set_client_CA_list()\fR or \fISSL_set_client_CA_list()\fR, a new client +\&\fBSSL_CTX_set_client_CA_list()\fR or \fBSSL_set_client_CA_list()\fR, a new client \&\s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. .PP These functions are only useful for \s-1TLS/SSL\s0 servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return +\&\fBSSL_CTX_set_client_CA_list()\fR and \fBSSL_set_client_CA_list()\fR do not return diagnostic information. .PP -\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return +\&\fBSSL_CTX_add_client_CA()\fR and \fBSSL_add_client_CA()\fR have the following return values: .IP "0" 4 A failure while manipulating the \s-1STACK_OF\s0(X509_NAME) object occurred or @@ -210,7 +214,7 @@ Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_get_client_CA_list\fR\|(3), -\&\fISSL_load_client_CA_file\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_load_client_CA_file\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index a92eee39496..864236009b7 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,25 +151,25 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certific .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_client_cert_cb()\fR sets the \fB\f(BIclient_cert_cb()\fB\fR callback, that is +\&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fB\fBclient_cert_cb()\fB\fR callback, that is called when a client certificate is requested by a server and no certificate was yet set for the \s-1SSL\s0 object. .PP -When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL,\s0 no callback function is used. +When \fB\fBclient_cert_cb()\fB\fR is \s-1NULL,\s0 no callback function is used. .PP -\&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback +\&\fBSSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback function. .PP -\&\fIclient_cert_cb()\fR is the application defined callback. If it wants to +\&\fBclient_cert_cb()\fR is the application defined callback. If it wants to set a certificate, a certificate/private key combination must be set using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the -handshake function will return immediately. \fISSL_get_error\fR\|(3) +handshake function will return immediately. \fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call -of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information +of \fBclient_cert_cb()\fR. It is the job of the \fBclient_cert_cb()\fR to store information about the state of the last call, if required to continue. .SH "NOTES" .IX Header "NOTES" @@ -174,7 +178,7 @@ from the client. A client certificate must only be sent, when the server did send the request. .PP When a certificate was set using the -\&\fISSL_CTX_use_certificate\fR\|(3) family of functions, +\&\fBSSL_CTX_use_certificate\fR\|(3) family of functions, it will be sent to the server. The \s-1TLS\s0 standard requires that only a certificate is sent, if it matches the list of acceptable CAs sent by the server. This constraint is violated by the default behavior of the OpenSSL @@ -186,14 +190,14 @@ If a callback function is defined and no certificate was yet defined for the \&\s-1SSL\s0 object, the callback function will be called. If the callback function returns a certificate, the OpenSSL library will try to load the private key and certificate data into the \s-1SSL\s0 -object using the \fISSL_use_certificate()\fR and \fISSL_use_private_key()\fR functions. +object using the \fBSSL_use_certificate()\fR and \fBSSL_use_private_key()\fR functions. Thus it will permanently install the certificate and key for this \s-1SSL\s0 -object. It will not be reset by calling \fISSL_clear\fR\|(3). +object. It will not be reset by calling \fBSSL_clear\fR\|(3). If the callback returns no certificate, the OpenSSL library will not send a certificate. .SH "BUGS" .IX Header "BUGS" -The \fIclient_cert_cb()\fR cannot return a complete certificate chain, it can +The \fBclient_cert_cb()\fR cannot return a complete certificate chain, it can only return one client certificate. If the chain only has a length of 2, the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and thus a standard conforming answer can be sent to the server. For a @@ -203,7 +207,7 @@ either adding the intermediate \s-1CA\s0 certificates into the trusted certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add \&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding the chain certificates using the -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that therefore probably can only apply for one client certificate, making the concept of the callback function (to allow the choice from several @@ -211,12 +215,12 @@ certificates) questionable. .PP Once the \s-1SSL\s0 object has been used in conjunction with the callback function, the certificate will be set for the \s-1SSL\s0 object and will not be cleared -even when \fISSL_clear\fR\|(3) is being called. It is therefore -mandatory to destroy the \s-1SSL\s0 object using \fISSL_free\fR\|(3) +even when \fBSSL_clear\fR\|(3) is being called. It is therefore +mandatory to destroy the \s-1SSL\s0 object using \fBSSL_free\fR\|(3) and create a new one to return to the previous state. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CTX_use_certificate\fR\|(3), -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), -\&\fISSL_get_client_CA_list\fR\|(3), -\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 b/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 index b4878e576e7..7ef814cbd3d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_custom_cli_ext 3" -.TH SSL_CTX_set_custom_cli_ext 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_custom_cli_ext 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,18 +175,18 @@ SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext \- custom TLS exten .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS\s0 client +\&\fBSSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS\s0 client with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and \&\fBparse_cb\fR. .PP -\&\fISSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS\s0 server +\&\fBSSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS\s0 server with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and \&\fBparse_cb\fR. .PP In both cases the extension type must not be handled by OpenSSL internally or an error occurs. .PP -\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled internally by OpenSSL and 0 otherwise. .SH "EXTENSION CALLBACKS" .IX Header "EXTENSION CALLBACKS" @@ -250,11 +254,11 @@ This behaviour ensures that each callback is called at most once and that an application can never send unsolicited extensions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_add_client_custom_ext()\fR and \fISSL_CTX_add_server_custom_ext()\fR return 1 for +\&\fBSSL_CTX_add_client_custom_ext()\fR and \fBSSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A failure can occur if an attempt is made to add the same \fBext_type\fR more than once, if an attempt is made to use an extension type handled internally by OpenSSL or if an internal error occurs (for example a memory allocation failure). .PP -\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled internally by OpenSSL and 0 otherwise. diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index d49173f7086..68bc22f3745 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,13 +152,13 @@ SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set pas .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_default_passwd_cb()\fR sets the default password callback called +\&\fBSSL_CTX_set_default_passwd_cb()\fR sets the default password callback called when loading/storing a \s-1PEM\s0 certificate with encryption. .PP -\&\fISSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to \fBuserdata\fR which +\&\fBSSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to \fBuserdata\fR which will be provided to the password callback on invocation. .PP -The \fIpem_passwd_cb()\fR, which must be provided by the application, hands back the +The \fBpem_passwd_cb()\fR, which must be provided by the application, hands back the password to be used during decryption. On invocation a pointer to \fBuserdata\fR is provided. The pem_passwd_cb must write the password into the provided buffer \&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must @@ -166,13 +170,13 @@ callback is used for reading/decryption (rwflag=0) or writing/encryption When loading or storing private keys, a password might be supplied to protect the private key. The way this password can be supplied may depend on the application. If only one private key is handled, it can be practical -to have \fIpem_passwd_cb()\fR handle the password dialog interactively. If several +to have \fBpem_passwd_cb()\fR handle the password dialog interactively. If several keys have to be handled, it can be practical to ask for the password once, then keep it in memory and use it several times. In the last case, the password could be stored into the \fBuserdata\fR storage and the -\&\fIpem_passwd_cb()\fR only returns the password already stored. +\&\fBpem_passwd_cb()\fR only returns the password already stored. .PP -When asking for the password interactively, \fIpem_passwd_cb()\fR can use +When asking for the password interactively, \fBpem_passwd_cb()\fR can use \&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). In this case the password dialog may ask for the same password twice for comparison in order to catch typos, that would make decryption @@ -182,7 +186,7 @@ Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is however not usual, as certificate information is considered public. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_default_passwd_cb()\fR and \fISSL_CTX_set_default_passwd_cb_userdata()\fR +\&\fBSSL_CTX_set_default_passwd_cb()\fR and \fBSSL_CTX_set_default_passwd_cb_userdata()\fR do not provide diagnostic information. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -201,5 +205,5 @@ truncated. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_use_certificate\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 index 2eec895e256..52130c43f3e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_generate_session_id 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,13 +155,13 @@ SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_s .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating +\&\fBSSL_CTX_set_generate_session_id()\fR sets the callback function for generating new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. .PP -\&\fISSL_set_generate_session_id()\fR sets the callback function for generating +\&\fBSSL_set_generate_session_id()\fR sets the callback function for generating new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. .PP -\&\fISSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR +\&\fBSSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR (of length \fBid_len\fR) is already contained in the internal session cache of the parent context of \fBssl\fR. .SH "NOTES" @@ -186,7 +190,7 @@ the callback \fBmust never\fR increase \fBid_len\fR or write to the location If a SSLv2 session id is generated and \fBid_len\fR is reduced, it will be restored after the callback has finished and the session id will be padded with 0x00. It is not recommended to change the \fBid_len\fR for SSLv2 sessions. -The callback can use the \fISSL_get_version\fR\|(3) function +The callback can use the \fBSSL_get_version\fR\|(3) function to check, whether the session is of type SSLv2. .PP The location \fBid\fR is filled with 0x00 before the callback is called, so the @@ -198,7 +202,7 @@ Without the callback a random number is used, so that the probability of generating the same session id is extremely small (2^128 possible ids for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the uniqueness of the generated session id, the callback must call -\&\fISSL_has_matching_session_id()\fR and generate another id if a conflict occurs. +\&\fBSSL_has_matching_session_id()\fR and generate another id if a conflict occurs. If an id conflict is not resolved, the handshake will fail. If the application codes e.g. a unique host id, a unique process number, and a unique sequence number into the session id, uniqueness could easily be @@ -208,16 +212,16 @@ guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and fill in the bytes not used to code special information with random data to avoid collisions. .PP -\&\fISSL_has_matching_session_id()\fR will only query the internal session cache, +\&\fBSSL_has_matching_session_id()\fR will only query the internal session cache, not the external one. Since the session id is generated before the handshake is completed, it is not immediately added to the cache. If another thread is using the same internal session cache, a race condition can occur in that another thread generates the same session id. Collisions can also occur when using an external session cache, since -the external cache is not tested with \fISSL_has_matching_session_id()\fR +the external cache is not tested with \fBSSL_has_matching_session_id()\fR and the same race condition applies. .PP -When calling \fISSL_has_matching_session_id()\fR for an SSLv2 session with +When calling \fBSSL_has_matching_session_id()\fR for an SSLv2 session with reduced \fBid_len\fR, the match operation will be performed using the fixed length required and with a 0x00 padded id. .PP @@ -262,16 +266,16 @@ server id given, and will fill the rest with pseudo random bytes: .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_generate_session_id()\fR and \fISSL_set_generate_session_id()\fR +\&\fBSSL_CTX_set_generate_session_id()\fR and \fBSSL_set_generate_session_id()\fR always return 1. .PP -\&\fISSL_has_matching_session_id()\fR returns 1 if another session with the +\&\fBSSL_has_matching_session_id()\fR returns 1 if another session with the same id is already in the cache. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_get_version\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_get_version\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CTX_set_generate_session_id()\fR, \fISSL_set_generate_session_id()\fR -and \fISSL_has_matching_session_id()\fR have been introduced in +\&\fBSSL_CTX_set_generate_session_id()\fR, \fBSSL_set_generate_session_id()\fR +and \fBSSL_has_matching_session_id()\fR have been introduced in OpenSSL 0.9.7. diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index 83958eb43fb..2b828ec18e2 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,21 +153,21 @@ SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +\&\fBSSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection setup and use. The setting for \fBctx\fR is overridden from the setting for a specific \s-1SSL\s0 object, if specified. When \fBcallback\fR is \s-1NULL,\s0 not callback function is used. .PP -\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +\&\fBSSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to obtain state information for \fBssl\fR during connection setup and use. When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for \&\fBctx\fR is used. .PP -\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information +\&\fBSSL_CTX_get_info_callback()\fR returns a pointer to the currently set information callback function for \fBctx\fR. .PP -\&\fISSL_get_info_callback()\fR returns a pointer to the currently set information +\&\fBSSL_get_info_callback()\fR returns a pointer to the currently set information callback function for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" @@ -216,15 +220,15 @@ Callback has been called because a new handshake is started. Callback has been called because a handshake is finished. .PP The current state information can be obtained using the -\&\fISSL_state_string\fR\|(3) family of functions. +\&\fBSSL_state_string\fR\|(3) family of functions. .PP The \fBret\fR information can be evaluated using the -\&\fISSL_alert_type_string\fR\|(3) family of functions. +\&\fBSSL_alert_type_string\fR\|(3) family of functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_info_callback()\fR does not provide diagnostic information. +\&\fBSSL_set_info_callback()\fR does not provide diagnostic information. .PP -\&\fISSL_get_info_callback()\fR returns the current setting. +\&\fBSSL_get_info_callback()\fR returns the current setting. .SH "EXAMPLES" .IX Header "EXAMPLES" The following example callback function prints state strings, information @@ -269,5 +273,5 @@ about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_state_string\fR\|(3), -\&\fISSL_alert_type_string\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_state_string\fR\|(3), +\&\fBSSL_alert_type_string\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 index 6c0a0aafd58..9a445125485 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_max_cert_list 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,18 +153,18 @@ SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's +\&\fBSSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be bytes. The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time -\&\fISSL_new\fR\|(3) is being called. +\&\fBSSL_new\fR\|(3) is being called. .PP -\&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. +\&\fBSSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. .PP -\&\fISSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +\&\fBSSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's certificate chain for \fBssl\fR to be bytes. This setting stays valid until a new value is set. .PP -\&\fISSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. +\&\fBSSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" During the handshake process, the peer may send a certificate chain. @@ -173,7 +177,7 @@ chain is set. The default value for the maximum certificate chain size is 100kB (30kB on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see -\&\fISSL_CTX_set_verify\fR\|(3), and certificates +\&\fBSSL_CTX_set_verify\fR\|(3), and certificates without special extensions have a typical size of 1\-2kB). .PP For special applications it can be necessary to extend the maximum certificate @@ -190,15 +194,15 @@ If the maximum certificate chain size allowed is exceeded, the handshake will fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_max_cert_list()\fR and \fISSL_set_max_cert_list()\fR return the previously +\&\fBSSL_CTX_set_max_cert_list()\fR and \fBSSL_set_max_cert_list()\fR return the previously set value. .PP -\&\fISSL_CTX_get_max_cert_list()\fR and \fISSL_get_max_cert_list()\fR return the currently +\&\fBSSL_CTX_get_max_cert_list()\fR and \fBSSL_get_max_cert_list()\fR return the currently set value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), -\&\fISSL_CTX_set_verify\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -SSL*_set/\fIget_max_cert_list()\fR have been introduced in OpenSSL 0.9.7. +SSL*_set/\fBget_max_cert_list()\fR have been introduced in OpenSSL 0.9.7. diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index c247973835a..9ad05683b0c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_mode 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,15 +153,15 @@ SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. +\&\fBSSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. Options already set before are not cleared. .PP -\&\fISSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. +\&\fBSSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. Options already set before are not cleared. .PP -\&\fISSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. +\&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. .PP -\&\fISSL_get_mode()\fR returns the mode set for \fBssl\fR. +\&\fBSSL_get_mode()\fR returns the mode set for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The following mode changes are available: @@ -165,21 +169,21 @@ The following mode changes are available: .IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success when just a single record has been written). When not set (the default), -\&\fISSL_write()\fR will only report success once the complete chunk was written. -Once \fISSL_write()\fR returns with r, r bytes have been successfully written -and the next call to \fISSL_write()\fR must only send the n\-r bytes left, -imitating the behaviour of \fIwrite()\fR. +\&\fBSSL_write()\fR will only report success once the complete chunk was written. +Once \fBSSL_write()\fR returns with r, r bytes have been successfully written +and the next call to \fBSSL_write()\fR must only send the n\-r bytes left, +imitating the behaviour of \fBwrite()\fR. .IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 .IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" -Make it possible to retry \fISSL_write()\fR with changed buffer location +Make it possible to retry \fBSSL_write()\fR with changed buffer location (the buffer contents must stay the same). This is not the default to avoid -the misconception that non-blocking \fISSL_write()\fR behaves like -non-blocking \fIwrite()\fR. +the misconception that non-blocking \fBSSL_write()\fR behaves like +non-blocking \fBwrite()\fR. .IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 .IX Item "SSL_MODE_AUTO_RETRY" Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a -\&\fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) would return +\&\fBSSL_read\fR\|(3) or \fBSSL_write\fR\|(3) would return with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ.\s0 In a non-blocking environment applications must be prepared to handle incomplete read/write operations. @@ -207,13 +211,13 @@ Only use this in explicit fallback retries, following the guidance in draft\-ietf\-tls\-downgrade\-scsv\-00. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask +\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bitmask after adding \fBmode\fR. .PP -\&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bitmask. +\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bitmask. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1SSL_MODE_AUTO_RETRY\s0 as been added in OpenSSL 0.9.6. diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 index d52bb4b0751..c51f325f9a9 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_msg_callback 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,17 +153,17 @@ SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SS .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_msg_callback()\fR or \fISSL_set_msg_callback()\fR can be used to +\&\fBSSL_CTX_set_msg_callback()\fR or \fBSSL_set_msg_callback()\fR can be used to define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 protocol messages (such as handshake messages) that are received or -sent. \fISSL_CTX_set_msg_callback_arg()\fR and \fISSL_set_msg_callback_arg()\fR +sent. \fBSSL_CTX_set_msg_callback_arg()\fR and \fBSSL_set_msg_callback_arg()\fR can be used to set argument \fIarg\fR to the callback function, which is available for arbitrary application use. .PP -\&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify +\&\fBSSL_CTX_set_msg_callback()\fR and \fBSSL_CTX_set_msg_callback_arg()\fR specify default settings that will be copied to new \fB\s-1SSL\s0\fR objects by -\&\fISSL_new\fR\|(3). \fISSL_set_msg_callback()\fR and -\&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR +\&\fBSSL_new\fR\|(3). \fBSSL_set_msg_callback()\fR and +\&\fBSSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR object. Using a \fB0\fR pointer for \fIcb\fR disables the message callback. .PP When \fIcb\fR is called by the \s-1SSL/TLS\s0 library for a protocol message, @@ -192,7 +196,7 @@ The \fB\s-1SSL\s0\fR object that received or sent the message. .IP "\fIarg\fR" 4 .IX Item "arg" The user-defined argument optionally defined by -\&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR. +\&\fBSSL_CTX_set_msg_callback_arg()\fR or \fBSSL_set_msg_callback_arg()\fR. .SH "NOTES" .IX Header "NOTES" Protocol messages are passed to the callback function after decryption @@ -210,8 +214,8 @@ a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only serv \&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_new\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR, -\&\fISSL_set_msg_callback()\fR and \fISSL_get_msg_callback_arg()\fR were added in OpenSSL 0.9.7. +\&\fBSSL_CTX_set_msg_callback()\fR, \fBSSL_CTX_set_msg_callback_arg()\fR, +\&\fBSSL_set_msg_callback()\fR and \fBSSL_get_msg_callback_arg()\fR were added in OpenSSL 0.9.7. diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index 77fae7bd264..97c328e9074 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_options 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,22 +160,22 @@ SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, .IX Header "DESCRIPTION" Note: all these functions are implemented using macros. .PP -\&\fISSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. +\&\fBSSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. Options already set before are not cleared! .PP -\&\fISSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. +\&\fBSSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. Options already set before are not cleared! .PP -\&\fISSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR +\&\fBSSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBctx\fR. .PP -\&\fISSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR. +\&\fBSSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR. .PP -\&\fISSL_CTX_get_options()\fR returns the options set for \fBctx\fR. +\&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR. .PP -\&\fISSL_get_options()\fR returns the options set for \fBssl\fR. +\&\fBSSL_get_options()\fR returns the options set for \fBssl\fR. .PP -\&\fISSL_get_secure_renegotiation_support()\fR indicates whether the peer supports +\&\fBSSL_get_secure_renegotiation_support()\fR indicates whether the peer supports secure renegotiation. .SH "NOTES" .IX Header "NOTES" @@ -179,15 +183,15 @@ The behaviour of the \s-1SSL\s0 library can be changed by setting several option The options are coded as bitmasks and can be combined by a logical \fBor\fR operation (|). .PP -\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external) +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external) protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of the \s-1API\s0 can be changed by using the similar -\&\fISSL_CTX_set_mode\fR\|(3) and \fISSL_set_mode()\fR functions. +\&\fBSSL_CTX_set_mode\fR\|(3) and \fBSSL_set_mode()\fR functions. .PP During a handshake, the option settings of the \s-1SSL\s0 object are used. When -a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current +a new \s-1SSL\s0 object is created from a context using \fBSSL_new()\fR, the current option setting is copied. Changes to \fBctx\fR do not affect already created -\&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings. +\&\s-1SSL\s0 objects. \fBSSL_clear()\fR does not affect the settings. .PP The following \fBbug workaround\fR options are available: .IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 @@ -259,10 +263,10 @@ to the server's answer and violate the version rollback protection.) .IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 .IX Item "SSL_OP_SINGLE_DH_USE" Always create a new key when using temporary/ephemeral \s-1DH\s0 parameters -(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). This option must be used to prevent small subgroup attacks, when the \s-1DH\s0 parameters were not generated using \*(L"strong\*(R" primes -(e.g. when using DSA-parameters, see \fIdhparam\fR\|(1)). +(e.g. when using DSA-parameters, see \fBdhparam\fR\|(1)). If \*(L"strong\*(R" primes were used, it is not strictly necessary to generate a new \s-1DH\s0 key during each handshake but it is also recommended. \&\fB\s-1SSL_OP_SINGLE_DH_USE\s0\fR should therefore be enabled whenever @@ -391,8 +395,8 @@ servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR .PP OpenSSL client applications that want to ensure they can \fBnot\fR connect to unpatched servers (and thus avoid any security issues) should always \fBclear\fR -\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fISSL_CTX_clear_options()\fR or -\&\fISSL_clear_options()\fR. +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fBSSL_CTX_clear_options()\fR or +\&\fBSSL_clear_options()\fR. .PP The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and \&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that @@ -402,22 +406,22 @@ renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while and renegotiation between OpenSSL and unpatched clients or servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bitmask +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bitmask after adding \fBoptions\fR. .PP -\&\fISSL_CTX_clear_options()\fR and \fISSL_clear_options()\fR return the new options bitmask +\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bitmask after clearing \fBoptions\fR. .PP -\&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bitmask. +\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bitmask. .PP -\&\fISSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports +\&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports secure renegotiation and 0 if it does not. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), -\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), -\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), -\&\fIdhparam\fR\|(1) +\&\fBssl\fR\|(3), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBSSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fBdhparam\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" \&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR and @@ -433,9 +437,9 @@ Versions up to OpenSSL 0.9.6c do not include the countermeasure that can be disabled with this option (in OpenSSL 0.9.6d, it was always enabled). .PP -\&\fISSL_CTX_clear_options()\fR and \fISSL_clear_options()\fR were first added in OpenSSL +\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR were first added in OpenSSL 0.9.8m. .PP \&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR, \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR -and the function \fISSL_get_secure_renegotiation_support()\fR were first added in +and the function \fBSSL_get_secure_renegotiation_support()\fR were first added in OpenSSL 0.9.8m. diff --git a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 index 581929ef339..268dc3d21f5 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_psk_client_callback 3" -.TH SSL_CTX_set_psk_client_callback 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_psk_client_callback 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,8 +162,8 @@ when the client is sending the ClientKeyExchange message to the server. The purpose of the callback function is to select the \s-1PSK\s0 identity and the pre-shared key to use during the connection setup phase. .PP -The callback is set using functions \fISSL_CTX_set_psk_client_callback()\fR -or \fISSL_set_psk_client_callback()\fR. The callback function is given the +The callback is set using functions \fBSSL_CTX_set_psk_client_callback()\fR +or \fBSSL_set_psk_client_callback()\fR. The callback function is given the connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of length \fBmax_identity_len\fR bytes where the resulting diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index 3068b08cb52..cf88de3b430 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,29 +153,29 @@ SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be +\&\fBSSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be \&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time -\&\fISSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. +\&\fBSSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. .PP -\&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +\&\fBSSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. .PP -\&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be +\&\fBSSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be \&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with -\&\fISSL_free\fR\|(3) or \fISSL_set_quiet_shutdown()\fR is called again. -It is not changed when \fISSL_clear\fR\|(3) is called. +\&\fBSSL_free\fR\|(3) or \fBSSL_set_quiet_shutdown()\fR is called again. +It is not changed when \fBSSL_clear\fR\|(3) is called. \&\fBmode\fR may be 0 or 1. .PP -\&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. +\&\fBSSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Normally when a \s-1SSL\s0 connection is finished, the parties must send out -\&\*(L"close notify\*(R" alert messages using \fISSL_shutdown\fR\|(3) +\&\*(L"close notify\*(R" alert messages using \fBSSL_shutdown\fR\|(3) for a clean shutdown. .PP -When setting the \*(L"quiet shutdown\*(R" flag to 1, \fISSL_shutdown\fR\|(3) +When setting the \*(L"quiet shutdown\*(R" flag to 1, \fBSSL_shutdown\fR\|(3) will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. -(\fISSL_shutdown\fR\|(3) then behaves like -\&\fISSL_set_shutdown\fR\|(3) called with +(\fBSSL_shutdown\fR\|(3) then behaves like +\&\fBSSL_set_shutdown\fR\|(3) called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no \*(L"close notify\*(R" alert is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. @@ -179,13 +183,13 @@ is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_quiet_shutdown()\fR and \fISSL_set_quiet_shutdown()\fR do not return +\&\fBSSL_CTX_set_quiet_shutdown()\fR and \fBSSL_set_quiet_shutdown()\fR do not return diagnostic information. .PP -\&\fISSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current +\&\fBSSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_shutdown\fR\|(3), -\&\fISSL_set_shutdown\fR\|(3), \fISSL_new\fR\|(3), -\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_shutdown\fR\|(3), +\&\fBSSL_set_shutdown\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 index 1993d2542e2..10d1bf92f83 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_read_ahead 3" -.TH SSL_CTX_set_read_ahead 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_read_ahead 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +157,7 @@ SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_read_ahead()\fR and \fISSL_set_read_ahead()\fR set whether we should read as +\&\fBSSL_CTX_set_read_ahead()\fR and \fBSSL_set_read_ahead()\fR set whether we should read as many input bytes as possible (for non-blocking reads) or not. For example if \&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes @@ -164,16 +168,16 @@ reading ahead is off, or non zero otherwise. SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead. .PP -\&\fISSL_CTX_get_read_ahead()\fR and \fISSL_get_read_ahead()\fR indicate whether reading +\&\fBSSL_CTX_get_read_ahead()\fR and \fBSSL_get_read_ahead()\fR indicate whether reading ahead has been set or not. .SH "NOTES" .IX Header "NOTES" These functions have no impact when used with \s-1DTLS.\s0 The return values for -\&\fISSL_CTX_get_read_head()\fR and \fISSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 +\&\fBSSL_CTX_get_read_head()\fR and \fBSSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off, and non zero otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3) +\&\fBssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index d172f01acd3..dc4e64ea142 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,10 +150,10 @@ SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_session_cache_mode()\fR enables/disables session caching +\&\fBSSL_CTX_set_session_cache_mode()\fR enables/disables session caching by setting the operational mode for \fBctx\fR to . .PP -\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. +\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. .SH "NOTES" .IX Header "NOTES" The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. @@ -169,7 +173,7 @@ the external storage if available. .PP Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see -\&\fISSL_CTX_set_session_id_context\fR\|(3)). +\&\fBSSL_CTX_set_session_id_context\fR\|(3)). .PP The following session cache modes and modifiers are available: .IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 @@ -181,7 +185,7 @@ Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not have details about the connection), the application must select the session -to be reused by using the \fISSL_set_session\fR\|(3) +to be reused by using the \fBSSL_set_session\fR\|(3) function. This option is not activated by default. .IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 .IX Item "SSL_SESS_CACHE_SERVER" @@ -197,10 +201,10 @@ Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the .IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" Normally the session cache is checked for expired sessions every 255 connections using the -\&\fISSL_CTX_flush_sessions\fR\|(3) function. Since +\&\fBSSL_CTX_flush_sessions\fR\|(3) function. Since this may lead to a delay which cannot be controlled, the automatic flushing may be disabled and -\&\fISSL_CTX_flush_sessions\fR\|(3) can be called +\&\fBSSL_CTX_flush_sessions\fR\|(3) can be called explicitly by the application. .IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" @@ -217,7 +221,7 @@ sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible re Normally a new session is added to the internal cache as well as any external session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will prevent sessions being stored in the internal cache (though the application can -add them manually using \fISSL_CTX_add_session\fR\|(3)). Note: +add them manually using \fBSSL_CTX_add_session\fR\|(3)). Note: in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful session lookups in the external cache (ie. for session-resume requests) would normally be copied into the local cache before processing continues \- this flag @@ -230,20 +234,20 @@ Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. +\&\fBSSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. .PP -\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. +\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), -\&\fISSL_session_reused\fR\|(3), -\&\fISSL_CTX_add_session\fR\|(3), -\&\fISSL_CTX_sess_number\fR\|(3), -\&\fISSL_CTX_sess_set_cache_size\fR\|(3), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3), -\&\fISSL_CTX_set_session_id_context\fR\|(3), -\&\fISSL_CTX_set_timeout\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_set_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 and \s-1SSL_SESS_CACHE_NO_INTERNAL\s0 diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index 439b7a580c1..33def629567 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,10 +152,10 @@ SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBSSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length \&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. .PP -\&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBSSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length \&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. .SH "NOTES" .IX Header "NOTES" @@ -166,8 +170,8 @@ to use e.g. the name of the application and/or the hostname and/or service name ... .PP The session id context becomes part of the session. The session id context -is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and -\&\fISSL_set_session_id_context()\fR functions are therefore only useful on the +is set by the \s-1SSL/TLS\s0 server. The \fBSSL_CTX_set_session_id_context()\fR and +\&\fBSSL_set_session_id_context()\fR functions are therefore only useful on the server side. .PP OpenSSL clients will check the session id context returned by the server @@ -189,7 +193,7 @@ as an OpenSSL server checks the session id context itself before reusing a session as described above. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR +\&\fBSSL_CTX_set_session_id_context()\fR and \fBSSL_set_session_id_context()\fR return the following values: .IP "0" 4 The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded @@ -200,4 +204,4 @@ is logged to the error stack. The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3) +\&\fBssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index 61124d54629..b47c3d5fe58 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,28 +152,28 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +\&\fBSSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with -\&\fISSL_new\fR\|(3) are not affected, except when -\&\fISSL_clear\fR\|(3) is being called. +\&\fBSSL_new\fR\|(3) are not affected, except when +\&\fBSSL_clear\fR\|(3) is being called. .PP -\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR -object. It may be reset, when \fISSL_clear()\fR is called. +\&\fBSSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +object. It may be reset, when \fBSSL_clear()\fR is called. .PP -\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method +\&\fBSSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method set in \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The available \fBmethod\fR choices are described in -\&\fISSL_CTX_new\fR\|(3). +\&\fBSSL_CTX_new\fR\|(3). .PP -When \fISSL_clear\fR\|(3) is called and no session is connected to +When \fBSSL_clear\fR\|(3) is called and no session is connected to an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently set in the corresponding \s-1SSL_CTX\s0 object. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following return values can occur for \fISSL_CTX_set_ssl_version()\fR -and \fISSL_set_ssl_method()\fR: +The following return values can occur for \fBSSL_CTX_set_ssl_version()\fR +and \fBSSL_set_ssl_method()\fR: .IP "0" 4 The new choice failed, check the error stack to find out the reason. .IP "1" 4 @@ -177,6 +181,6 @@ The new choice failed, check the error stack to find out the reason. The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_new\fR\|(3), \fISSL_new\fR\|(3), -\&\fISSL_clear\fR\|(3), \fIssl\fR\|(3), -\&\fISSL_set_connect_state\fR\|(3) +\&\fBSSL_CTX_new\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBssl\fR\|(3), +\&\fBSSL_set_connect_state\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index 42006a177a9..638d237cb2d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,10 +150,10 @@ SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for sessio .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for +\&\fBSSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for \&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. .PP -\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. +\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. .SH "NOTES" .IX Header "NOTES" Whenever a new session is created, it is assigned a maximum lifetime. This @@ -162,26 +166,26 @@ valid at the time of the session negotiation. Changes of the timeout value do not affect already established sessions. .PP The expiration time of a single session can be modified using the -\&\fISSL_SESSION_get_time\fR\|(3) family of functions. +\&\fBSSL_SESSION_get_time\fR\|(3) family of functions. .PP Expired sessions are removed from the internal session cache, whenever -\&\fISSL_CTX_flush_sessions\fR\|(3) is called, either +\&\fBSSL_CTX_flush_sessions\fR\|(3) is called, either directly by the application or automatically (see -\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) .PP The default value for session timeout is decided on a per protocol -basis, see \fISSL_get_default_timeout\fR\|(3). +basis, see \fBSSL_get_default_timeout\fR\|(3). All currently supported protocols have the same default timeout value of 300 seconds. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_timeout()\fR returns the previously set timeout value. +\&\fBSSL_CTX_set_timeout()\fR returns the previously set timeout value. .PP -\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value. +\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_SESSION_get_time\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3), -\&\fISSL_get_default_timeout\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 index 3b2f9c98566..d8122ac3627 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tlsext_servername_callback 3" -.TH SSL_CTX_set_tlsext_servername_callback 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_tlsext_servername_callback 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,19 +156,19 @@ SSL_get_servername_type, SSL_get_servername \- handle server name indication .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR +\&\fBSSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR used by a server to perform any actions or configuration required based on the servername extension received in the incoming connection. When \fBcb\fR is \s-1NULL, SNI\s0 is not used. The \fBarg\fR value is a pointer which is passed to the application callback. .PP -\&\fISSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be passed into the callback for this \fB\s-1SSL_CTX\s0\fR. .PP -\&\fISSL_get_servername()\fR returns a servername extension value of the specified +\&\fBSSL_get_servername()\fR returns a servername extension value of the specified type if provided in the Client Hello or \s-1NULL.\s0 .PP -\&\fISSL_get_servername_type()\fR returns the servername type or \-1 if no servername +\&\fBSSL_get_servername_type()\fR returns the servername type or \-1 if no servername is present. Currently the only supported type (defined in \s-1RFC3546\s0) is \&\fBTLSEXT_NAMETYPE_host_name\fR. .SH "NOTES" @@ -173,12 +177,12 @@ The \s-1ALPN\s0 and \s-1SNI\s0 callbacks are both executed during Client Hello p The servername callback is executed first, followed by the \s-1ALPN\s0 callback. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_tlsext_servername_callback()\fR and -\&\fISSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. +\&\fBSSL_CTX_set_tlsext_servername_callback()\fR and +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), \fISSL_CTX_set_alpn_select_cb\fR\|(3), -\&\fISSL_get0_alpn_selected\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CTX_set_alpn_select_cb\fR\|(3), +\&\fBSSL_get0_alpn_selected\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 index 6fc4b226ff7..e56842a8218 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tlsext_status_cb 3" -.TH SSL_CTX_set_tlsext_status_cb 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_tlsext_status_cb 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,31 +160,31 @@ SSL_set_tlsext_status_ocsp_resp \- OCSP Certificate Status Request functions .IX Header "DESCRIPTION" A client application may request that a server send back an \s-1OCSP\s0 status response (also known as \s-1OCSP\s0 stapling). To do so the client should call the -\&\fISSL_set_tlsext_status_type()\fR function prior to the start of the handshake. +\&\fBSSL_set_tlsext_status_type()\fR function prior to the start of the handshake. Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value should be passed in the \fBtype\fR argument. The client should additionally provide a callback function to decide what to do with the returned \s-1OCSP\s0 response by -calling \fISSL_CTX_set_tlsext_status_cb()\fR. The callback function should determine +calling \fBSSL_CTX_set_tlsext_status_cb()\fR. The callback function should determine whether the returned \s-1OCSP\s0 response is acceptable or not. The callback will be passed as an argument the value previously set via a call to -\&\fISSL_CTX_set_tlsext_status_arg()\fR. Note that the callback will not be called in +\&\fBSSL_CTX_set_tlsext_status_arg()\fR. Note that the callback will not be called in the event of a handshake where session resumption occurs (because there are no Certificates exchanged in such a handshake). .PP The response returned by the server can be obtained via a call to -\&\fISSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point to the \s-1OCSP\s0 response data and the return value will be the length of that data. Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a -call to the \fId2i_OCSP_RESPONSE()\fR function. If the server has not provided any +call to the \fBd2i_OCSP_RESPONSE()\fR function. If the server has not provided any response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from -\&\fISSL_get_tlsext_status_ocsp_resp()\fR will be \-1. +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR will be \-1. .PP -A server application must also call the \fISSL_CTX_set_tlsext_status_cb()\fR function +A server application must also call the \fBSSL_CTX_set_tlsext_status_cb()\fR function if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status responses. Typically the server callback would obtain the server certificate -that is being sent back to the client via a call to \fISSL_get_certificate()\fR; +that is being sent back to the client via a call to \fBSSL_get_certificate()\fR; obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by -calling \fISSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should +calling \fBSSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should be provided in the \fBresp\fR argument, and the length of that data should be in the \fBlen\fR argument. .SH "RETURN VALUES" @@ -195,9 +199,9 @@ returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response sho returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has occurred). .PP -\&\fISSL_CTX_set_tlsext_status_cb()\fR, \fISSL_CTX_set_tlsext_status_arg()\fR, -\&\fISSL_set_tlsext_status_type()\fR and \fISSL_set_tlsext_status_ocsp_resp()\fR return 0 on +\&\fBSSL_CTX_set_tlsext_status_cb()\fR, \fBSSL_CTX_set_tlsext_status_arg()\fR, +\&\fBSSL_set_tlsext_status_type()\fR and \fBSSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success. .PP -\&\fISSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data or \-1 if there is no \s-1OCSP\s0 response data. diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 index 12844b3c6ac..d9f476d46bd 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3" -.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +152,7 @@ SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback fuction \fIcb\fR for handling +\&\fBSSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback fuction \fIcb\fR for handling session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in \&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. It only applies @@ -301,12 +305,12 @@ Reference Implemention: returns 0 to indicate the callback function was set. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), -\&\fISSL_session_reused\fR\|(3), -\&\fISSL_CTX_add_session\fR\|(3), -\&\fISSL_CTX_sess_number\fR\|(3), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3), -\&\fISSL_CTX_set_session_id_context\fR\|(3), +\&\fBssl\fR\|(3), \fBSSL_set_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" This function was introduced in OpenSSL 0.9.8h diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index c30409efb38..225eabdd2ba 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,16 +155,16 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be +\&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. .PP -\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. +\&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. The key is inherited by all \fBssl\fR objects created from \fBctx\fR. .PP -\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +\&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. .PP -\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +\&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. .PP These functions apply to \s-1SSL/TLS\s0 servers only. .SH "NOTES" @@ -189,14 +193,14 @@ should not generate the parameters on the fly but supply the parameters. the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker may specialize on a very often used \s-1DH\s0 group. Applications should therefore generate their own \s-1DH\s0 parameters during the installation process using the -openssl \fIdhparam\fR\|(1) application. This application +openssl \fBdhparam\fR\|(1) application. This application guarantees that \*(L"strong\*(R" primes are used. .PP Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the \fB\-C\fR option of the -\&\fIdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 +\&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 parameters during installation should still be preferred to stop an attacker from specializing on a commonly used group. Files dh1024.pem and dh512.pem contain old parameters that must not be used by @@ -208,7 +212,7 @@ can supply the \s-1DH\s0 parameters via a callback function. Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR parameters to control parameter generation for export and non-export cipher suites. Modern servers that do not support export ciphersuites -are advised to either use \fISSL_CTX_set_tmp_dh()\fR or alternatively, use +are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply supply at least 2048\-bit parameters in the callback. .SH "EXAMPLES" @@ -246,14 +250,14 @@ partly left out.) .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return +\&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return diagnostic output. .PP -\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0 +\&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0 on failure. Check the error queue to find out the reason of failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), -\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), -\&\fISSL_CTX_set_options\fR\|(3), -\&\fIciphers\fR\|(1), \fIdhparam\fR\|(1) +\&\fBssl\fR\|(3), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBciphers\fR\|(1), \fBdhparam\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 5e778354552..0a1ec4a73f7 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,24 +159,24 @@ SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_tmp_rsa_callback()\fR sets the callback function for \fBctx\fR to be +\&\fBSSL_CTX_set_tmp_rsa_callback()\fR sets the callback function for \fBctx\fR to be used when a temporary/ephemeral \s-1RSA\s0 key is required to \fBtmp_rsa_callback\fR. The callback is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR -with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected. +with <\fBSSL_new\fR\|(3)|\fBSSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected. .PP -\&\fISSL_CTX_set_tmp_rsa()\fR sets the temporary/ephemeral \s-1RSA\s0 key to be used to be +\&\fBSSL_CTX_set_tmp_rsa()\fR sets the temporary/ephemeral \s-1RSA\s0 key to be used to be \&\fBrsa\fR. The key is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR -with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected. +with <\fBSSL_new\fR\|(3)|\fBSSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected. .PP -\&\fISSL_CTX_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed +\&\fBSSL_CTX_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key with a keysize larger than 512 bits is installed. .PP -\&\fISSL_set_tmp_rsa_callback()\fR sets the callback only for \fBssl\fR. +\&\fBSSL_set_tmp_rsa_callback()\fR sets the callback only for \fBssl\fR. .PP -\&\fISSL_set_tmp_rsa()\fR sets the key only for \fBssl\fR. +\&\fBSSL_set_tmp_rsa()\fR sets the key only for \fBssl\fR. .PP -\&\fISSL_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed, +\&\fBSSL_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed, for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key with a keysize larger than 512 bits is installed. .PP @@ -204,7 +208,7 @@ violates the standard and can break interoperability with clients. It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key exchange and use \s-1DHE\s0 (Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see -\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)). +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP An application may either directly specify the key or can supply the key via a callback function. The callback approach has the advantage, that the callback @@ -272,17 +276,17 @@ respectively are generated. .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_tmp_rsa_callback()\fR and \fISSL_set_tmp_rsa_callback()\fR do not return +\&\fBSSL_CTX_set_tmp_rsa_callback()\fR and \fBSSL_set_tmp_rsa_callback()\fR do not return diagnostic output. .PP -\&\fISSL_CTX_set_tmp_rsa()\fR and \fISSL_set_tmp_rsa()\fR do return 1 on success and 0 +\&\fBSSL_CTX_set_tmp_rsa()\fR and \fBSSL_set_tmp_rsa()\fR do return 1 on success and 0 on failure. Check the error queue to find out the reason of failure. .PP -\&\fISSL_CTX_need_tmp_rsa()\fR and \fISSL_need_tmp_rsa()\fR return 1 if a temporary +\&\fBSSL_CTX_need_tmp_rsa()\fR and \fBSSL_need_tmp_rsa()\fR return 1 if a temporary \&\s-1RSA\s0 key is needed and 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), -\&\fISSL_CTX_set_options\fR\|(3), -\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), -\&\fISSL_new\fR\|(3), \fIciphers\fR\|(1) +\&\fBssl\fR\|(3), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBSSL_new\fR\|(3), \fBciphers\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index fcf6c672529..cf66faa0784 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_set_verify 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,22 +156,22 @@ SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_dep .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and +\&\fBSSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and specifies the \fBverify_callback\fR function to be used. If no callback function shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. .PP -\&\fISSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and +\&\fBSSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and specifies the \fBverify_callback\fR function to be used. If no callback function shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If no special \fBcallback\fR was set before, the default callback for the underlying \&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with -\&\fISSL_new\fR\|(3). +\&\fBSSL_new\fR\|(3). .PP -\&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +\&\fBSSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain verification that shall be allowed for \fBctx\fR. (See the \s-1BUGS\s0 section.) .PP -\&\fISSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +\&\fBSSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain verification that shall be allowed for \fBssl\fR. (See the \s-1BUGS\s0 section.) .SH "NOTES" .IX Header "NOTES" @@ -181,7 +185,7 @@ client, so the client will not send a certificate. \&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The result of the certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake -using the \fISSL_get_verify_result\fR\|(3) function. +using the \fBSSL_get_verify_result\fR\|(3) function. The handshake will be continued regardless of the verification result. .IP "\s-1SSL_VERIFY_PEER\s0" 4 .IX Item "SSL_VERIFY_PEER" @@ -219,13 +223,13 @@ set at any time. The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with -\&\fISSL_CTX_set_cert_verify_callback\fR\|(3). +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3). The following descriptions apply in the case of the built-in procedure. An application provided procedure also has access to the verify depth information -and the \fIverify_callback()\fR function, but the way this information is used +and the \fBverify_callback()\fR function, but the way this information is used may be different. .PP -\&\fISSL_CTX_set_verify_depth()\fR and \fISSL_set_verify_depth()\fR set the limit up +\&\fBSSL_CTX_set_verify_depth()\fR and \fBSSL_set_verify_depth()\fR set the limit up to which depth certificates in a chain are used during the verification procedure. If the certificate chain is longer than allowed, the certificates above the limit are ignored. Error messages are generated as if these @@ -262,7 +266,7 @@ the verification process is continued. If \fBverify_callback\fR always returns 1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification failures and the connection will be established. The calling process can however retrieve the error code of the last verification error using -\&\fISSL_get_verify_result\fR\|(3) or by maintaining its +\&\fBSSL_get_verify_result\fR\|(3) or by maintaining its own error storage managed by \fBverify_callback\fR. .PP If no \fBverify_callback\fR is specified, the default callback will be used. @@ -276,7 +280,7 @@ is set, but whether \s-1SSL_VERIFY_NONE\s0 is not set. This can lead to unexpected behaviour, if the \s-1SSL_VERIFY_PEER\s0 and \s-1SSL_VERIFY_NONE\s0 are not used as required (exactly one must be set at any time). .PP -The certificate verification depth set with SSL[_CTX]\fI_verify_depth()\fR +The certificate verification depth set with SSL[_CTX]\fB_verify_depth()\fR stops the verification at a certain depth. The error message produced will be that of an incomplete certificate chain and not X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected. @@ -297,8 +301,8 @@ certificates. .PP The example makes use of the ex_data technique to store application data into/retrieve application data from the \s-1SSL\s0 structure -(see \fISSL_get_ex_new_index\fR\|(3), -\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). +(see \fBSSL_get_ex_new_index\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). .PP .Vb 10 \& ... @@ -404,11 +408,11 @@ into/retrieve application data from the \s-1SSL\s0 structure .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), -\&\fISSL_CTX_get_verify_mode\fR\|(3), -\&\fISSL_get_verify_result\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3), -\&\fISSL_get_peer_certificate\fR\|(3), -\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), -\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), -\&\fISSL_get_ex_new_index\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_CTX_get_verify_mode\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fBSSL_get_ex_new_index\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index bd5b4bcc28e..c1ebcccbf74 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,88 +178,88 @@ or \s-1SSL\s0 object, respectively. .PP The SSL_CTX_* class of functions loads the certificates and keys into the \&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR -created from \fBctx\fR with \fISSL_new\fR\|(3) by copying, so that +created from \fBctx\fR with \fBSSL_new\fR\|(3) by copying, so that changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. .PP The SSL_* class of functions only loads certificates and keys into a specific \s-1SSL\s0 object. The specific information is kept, when -\&\fISSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. +\&\fBSSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. .PP -\&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, -\&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the +\&\fBSSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, +\&\fBSSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the certificates needed to form the complete certificate chain can be specified using the -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) function. .PP -\&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from +\&\fBSSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, -\&\fISSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. +\&\fBSSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. .PP -\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR +\&\fBSSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 -\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. -See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR +\&\fBSSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. +See the \s-1NOTES\s0 section on why \fBSSL_CTX_use_certificate_chain_file()\fR should be preferred. .PP -\&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from +\&\fBSSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from \&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and ending at the highest level (root) \s-1CA.\s0 There is no corresponding function working on a single \s-1SSL\s0 object. .PP -\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. -\&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 -to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; -\&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +\&\fBSSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. +\&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 +to \fBctx\fR. \fBSSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; +\&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. If a certificate has already been set and the private does not belong to the certificate an error is returned. To change a certificate, private -key pair the new certificate needs to be set with \fISSL_use_certificate()\fR -or \fISSL_CTX_use_certificate()\fR before setting the private key with -\&\fISSL_CTX_use_PrivateKey()\fR or \fISSL_use_PrivateKey()\fR. +key pair the new certificate needs to be set with \fBSSL_use_certificate()\fR +or \fBSSL_CTX_use_certificate()\fR before setting the private key with +\&\fBSSL_CTX_use_PrivateKey()\fR or \fBSSL_use_PrivateKey()\fR. .PP -\&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR +\&\fBSSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. -\&\fISSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 +\&\fBSSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. -\&\fISSL_use_PrivateKey_ASN1()\fR and \fISSL_use_RSAPrivateKey_ASN1()\fR add the private +\&\fBSSL_use_PrivateKey_ASN1()\fR and \fBSSL_use_RSAPrivateKey_ASN1()\fR add the private key to \fBssl\fR. .PP -\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in +\&\fBSSL_CTX_use_PrivateKey_file()\fR adds the first private key found in \&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 -\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in -\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found -in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private +\&\fBSSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in +\&\fBfile\fR to \fBctx\fR. \fBSSL_use_PrivateKey_file()\fR adds the first private key found +in \fBfile\fR to \fBssl\fR; \fBSSL_use_RSAPrivateKey_file()\fR adds the first private \&\s-1RSA\s0 key found to \fBssl\fR. .PP -\&\fISSL_CTX_check_private_key()\fR checks the consistency of a private key with +\&\fBSSL_CTX_check_private_key()\fR checks the consistency of a private key with the corresponding certificate loaded into \fBctx\fR. If more than one key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 -key/certificate pair will be checked. \fISSL_check_private_key()\fR performs +key/certificate pair will be checked. \fBSSL_check_private_key()\fR performs the same check for \fBssl\fR. If no key/certificate was explicitly added for this \fBssl\fR, the last item added into \fBctx\fR will be checked. .SH "NOTES" .IX Header "NOTES" The internal certificate store of OpenSSL can hold several private key/certificate pairs at a time. The certificate used depends on the -cipher selected, see also \fISSL_CTX_set_cipher_list\fR\|(3). +cipher selected, see also \fBSSL_CTX_set_cipher_list\fR\|(3). .PP When reading certificates and private keys from file, files of type \&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain one certificate or private key, consequently -\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. +\&\fBSSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. .PP -\&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found +\&\fBSSL_CTX_use_certificate_chain_file()\fR adds the first certificate found in the file to the certificate store. The other certificates are added -to the store of chain certificates using \fISSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single +to the store of chain certificates using \fBSSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single certificate chain store for all certificate types, OpenSSL 1.0.2 and later -have a separate chain store for each type. \fISSL_CTX_use_certificate_chain_file()\fR -should be used instead of the \fISSL_CTX_use_certificate_file()\fR function in order +have a separate chain store for each type. \fBSSL_CTX_use_certificate_chain_file()\fR +should be used instead of the \fBSSL_CTX_use_certificate_file()\fR function in order to allow the use of complete certificate chains even when no trusted \s-1CA\s0 storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to the trusted \s-1CA\s0 storage. @@ -263,12 +267,12 @@ the trusted \s-1CA\s0 storage. If additional certificates are needed to complete the chain during the \&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the locations of trusted \s-1CA\s0 certificates, see -\&\fISSL_CTX_load_verify_locations\fR\|(3). +\&\fBSSL_CTX_load_verify_locations\fR\|(3). .PP The private keys loaded from file can be encrypted. In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see -\&\fISSL_CTX_set_default_passwd_cb\fR\|(3). +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3). (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.) @@ -276,8 +280,8 @@ is considered public anyway.) All of the functions to set a new certificate will replace any existing certificate of the same type that has already been set. Similarly all of the functions to set a new private key will replace any private key that has already -been set. Applications should call \fISSL_CTX_check_private_key\fR\|(3) or -\&\fISSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and +been set. Applications should call \fBSSL_CTX_check_private_key\fR\|(3) or +\&\fBSSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and private key to confirm that the certificate and key match. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -285,14 +289,14 @@ On success, the functions return 1. Otherwise check out the error stack to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3), -\&\fISSL_CTX_set_default_passwd_cb\fR\|(3), -\&\fISSL_CTX_set_cipher_list\fR\|(3), -\&\fISSL_CTX_set_client_cert_cb\fR\|(3), -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" Support for \s-1DER\s0 encoded private keys (\s-1SSL_FILETYPE_ASN1\s0) in -\&\fISSL_CTX_use_PrivateKey_file()\fR and \fISSL_use_PrivateKey_file()\fR was added +\&\fBSSL_CTX_use_PrivateKey_file()\fR and \fBSSL_use_PrivateKey_file()\fR was added in 0.9.8 . diff --git a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 index af6a2b89094..4d77bf1dce8 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_psk_identity_hint 3" -.TH SSL_CTX_use_psk_identity_hint 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_use_psk_identity_hint 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,9 +159,9 @@ identity hint to use .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_use_psk_identity_hint()\fR sets the given \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 +\&\fBSSL_CTX_use_psk_identity_hint()\fR sets the given \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR to \s-1SSL\s0 context object -\&\fBctx\fR. \fISSL_use_psk_identity_hint()\fR sets the given \fB\s-1NULL\s0\fR\-terminated +\&\fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NULL\s0\fR\-terminated \&\s-1PSK\s0 identity hint \fBhint\fR to \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is \fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. .PP @@ -169,14 +173,14 @@ when the server receives the ClientKeyExchange message from the client. The purpose of the callback function is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used during the connection setup phase. The callback is set using functions -\&\fISSL_CTX_set_psk_server_callback()\fR or -\&\fISSL_set_psk_server_callback()\fR. The callback function is given the +\&\fBSSL_CTX_set_psk_server_callback()\fR or +\&\fBSSL_set_psk_server_callback()\fR. The callback function is given the connection in parameter \fBssl\fR, \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of length \&\fBmax_psk_len\fR bytes where the pre-shared key is to be stored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_use_psk_identity_hint()\fR and \fISSL_use_psk_identity_hint()\fR return +\&\fBSSL_CTX_use_psk_identity_hint()\fR and \fBSSL_use_psk_identity_hint()\fR return 1 on success, 0 otherwise. .PP Return values from the server callback are interpreted as follows: diff --git a/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 b/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 index 0fed5faa73d..d9b4078a1d9 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_serverinfo 3" -.TH SSL_CTX_use_serverinfo 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_CTX_use_serverinfo 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,23 +156,23 @@ These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 ServerHello Extensions into A\s0 \*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello Extension. .PP -\&\fISSL_CTX_use_serverinfo()\fR loads one or more serverinfo extensions from +\&\fBSSL_CTX_use_serverinfo()\fR loads one or more serverinfo extensions from a byte array into \fBctx\fR. The extensions must be concatenated into a sequence of bytes. Each extension must consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of extension_data. .PP -\&\fISSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from +\&\fBSSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from \&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension must consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of extension_data. Each \s-1PEM\s0 extension name must begin with the phrase \&\*(L"\s-1BEGIN SERVERINFO FOR \*(R".\s0 .PP If more than one certificate (\s-1RSA/DSA\s0) is installed using -\&\fISSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the +\&\fBSSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the loaded serverinfo extension data will be loaded for that certificate. To use the serverinfo extension for multiple certificates, -\&\fISSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR +\&\fBSSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR each time a certificate is loaded. .SH "NOTES" .IX Header "NOTES" diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index c2cc578b057..8fc01ba3d00 100644 --- a/secure/lib/libssl/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_SESSION_free 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,14 +149,14 @@ SSL_SESSION_free \- free an allocated SSL_SESSION structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes +\&\fBSSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated memory, if the reference count has reached 0. .SH "NOTES" .IX Header "NOTES" \&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation is successfully completed. Depending on the settings, see -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 @@ -163,21 +167,21 @@ dangling pointers. These failures may also appear delayed, e.g. when an \s-1SSL_SESSION\s0 object was completely freed as the reference count incorrectly became 0, but it is still referenced in the internal session cache and the cache list is processed during a -\&\fISSL_CTX_flush_sessions\fR\|(3) operation. +\&\fBSSL_CTX_flush_sessions\fR\|(3) operation. .PP -\&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for +\&\fBSSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for which the reference count was explicitly incremented (e.g. -by calling \fISSL_get1_session()\fR, see \fISSL_get_session\fR\|(3)) +by calling \fBSSL_get1_session()\fR, see \fBSSL_get_session\fR\|(3)) or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake -operation, e.g. by using \fId2i_SSL_SESSION\fR\|(3). +operation, e.g. by using \fBd2i_SSL_SESSION\fR\|(3). It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause incorrect reference counts and therefore program failures. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_free()\fR does not provide diagnostic information. +\&\fBSSL_SESSION_free()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_get_session\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3), - \fId2i_SSL_SESSION\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_get_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), + \fBd2i_SSL_SESSION\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index a03c4cb23ff..674950cd624 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,28 +167,28 @@ Several OpenSSL structures can have application specific data attached to them. These functions are used internally by OpenSSL to manipulate application specific data attached to a specific structure. .PP -\&\fISSL_SESSION_get_ex_new_index()\fR is used to register a new index for application +\&\fBSSL_SESSION_get_ex_new_index()\fR is used to register a new index for application specific data. .PP -\&\fISSL_SESSION_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR +\&\fBSSL_SESSION_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR into the \fBsession\fR object. .PP -\&\fISSL_SESSION_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from +\&\fBSSL_SESSION_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from \&\fBsession\fR. .PP -A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in \fIRSA_get_ex_new_index\fR\|(3). -The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -\&\fICRYPTO_set_ex_data\fR\|(3). +A detailed description for the \fB*\fB_get_ex_new_index()\fB\fR functionality +can be found in \fBRSA_get_ex_new_index\fR\|(3). +The \fB*\fB_get_ex_data()\fB\fR and \fB*\fB_set_ex_data()\fB\fR functionality is described in +\&\fBCRYPTO_set_ex_data\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" The application data is only maintained for sessions held in memory. The application data is not included when dumping the session with -\&\fIi2d_SSL_SESSION()\fR (and all functions indirectly calling the dump functions -like \fIPEM_write_SSL_SESSION()\fR and \fIPEM_write_bio_SSL_SESSION()\fR) and can +\&\fBi2d_SSL_SESSION()\fR (and all functions indirectly calling the dump functions +like \fBPEM_write_SSL_SESSION()\fR and \fBPEM_write_bio_SSL_SESSION()\fR) and can therefore not be restored. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fIRSA_get_ex_new_index\fR\|(3), -\&\fICRYPTO_set_ex_data\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBRSA_get_ex_new_index\fR\|(3), +\&\fBCRYPTO_set_ex_data\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index afdd591c164..694914b104d 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_SESSION_get_time 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,40 +157,40 @@ SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was +\&\fBSSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was established. The time is given in seconds since the Epoch and therefore -compatible to the time delivered by the \fItime()\fR call. +compatible to the time delivered by the \fBtime()\fR call. .PP -\&\fISSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with +\&\fBSSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with the chosen value \fBtm\fR. .PP -\&\fISSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR +\&\fBSSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR in seconds. .PP -\&\fISSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds +\&\fBSSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds to \fBtm\fR. .PP -The \fISSL_get_time()\fR, \fISSL_set_time()\fR, \fISSL_get_timeout()\fR, and \fISSL_set_timeout()\fR +The \fBSSL_get_time()\fR, \fBSSL_set_time()\fR, \fBSSL_get_timeout()\fR, and \fBSSL_set_timeout()\fR functions are synonyms for the SSL_SESSION_*() counterparts. .SH "NOTES" .IX Header "NOTES" Sessions are expired by examining the creation time and the timeout value. Both are set at creation time of the session to the actual time and the default timeout value at creation, respectively, as set by -\&\fISSL_CTX_set_timeout\fR\|(3). +\&\fBSSL_CTX_set_timeout\fR\|(3). Using these functions it is possible to extend or shorten the lifetime of the session. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_SESSION_get_time()\fR and \fISSL_SESSION_get_timeout()\fR return the currently +\&\fBSSL_SESSION_get_time()\fR and \fBSSL_SESSION_get_timeout()\fR return the currently valid values. .PP -\&\fISSL_SESSION_set_time()\fR and \fISSL_SESSION_set_timeout()\fR return 1 on success. +\&\fBSSL_SESSION_set_time()\fR and \fBSSL_SESSION_set_timeout()\fR return 1 on success. .PP If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, 0 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_set_timeout\fR\|(3), -\&\fISSL_get_default_timeout\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index cd74e7326dd..11cea0f1bc6 100644 --- a/secure/lib/libssl/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_accept 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,25 +149,25 @@ SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. +\&\fBSSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. The communication channel must already have been set and assigned to the \&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. .SH "NOTES" .IX Header "NOTES" -The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO.\s0 +The behaviour of \fBSSL_accept()\fR depends on the underlying \s-1BIO.\s0 .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_accept()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_accept()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_accept()\fR to continue the handshake, indicating the problem by the return value \-1. -In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_accept()\fR. +taking appropriate action to satisfy the needs of \fBSSL_accept()\fR. The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required +nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" @@ -171,7 +175,7 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. The following return values can occur: .IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .IP "1" 4 .IX Item "1" @@ -182,12 +186,12 @@ established. The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), -\&\fISSL_set_connect_state\fR\|(3), -\&\fISSL_do_handshake\fR\|(3), -\&\fISSL_CTX_new\fR\|(3) +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(3), \fBbio\fR\|(3), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_new\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index 4ebe8fd0cc3..bb987bf5a37 100644 --- a/secure/lib/libssl/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_alert_type_string 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,16 +153,16 @@ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_al .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_alert_type_string()\fR returns a one letter string indicating the +\&\fBSSL_alert_type_string()\fR returns a one letter string indicating the type of the alert specified by \fBvalue\fR. .PP -\&\fISSL_alert_type_string_long()\fR returns a string indicating the type of the alert +\&\fBSSL_alert_type_string_long()\fR returns a string indicating the type of the alert specified by \fBvalue\fR. .PP -\&\fISSL_alert_desc_string()\fR returns a two letter string as a short form +\&\fBSSL_alert_desc_string()\fR returns a two letter string as a short form describing the reason of the alert specified by \fBvalue\fR. .PP -\&\fISSL_alert_desc_string_long()\fR returns a string describing the reason +\&\fBSSL_alert_desc_string_long()\fR returns a string describing the reason of the alert specified by \fBvalue\fR. .SH "NOTES" .IX Header "NOTES" @@ -179,8 +183,8 @@ Several alert messages must be sent as fatal alert messages as specified by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following strings can occur for \fISSL_alert_type_string()\fR or -\&\fISSL_alert_type_string_long()\fR: +The following strings can occur for \fBSSL_alert_type_string()\fR or +\&\fBSSL_alert_type_string_long()\fR: .ie n .IP """W""/""warning""" 4 .el .IP "``W''/``warning''" 4 .IX Item "W/warning" @@ -195,8 +199,8 @@ The following strings can occur for \fISSL_alert_type_string()\fR or This indicates that no support is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .PP -The following strings can occur for \fISSL_alert_desc_string()\fR or -\&\fISSL_alert_desc_string_long()\fR: +The following strings can occur for \fBSSL_alert_desc_string()\fR or +\&\fBSSL_alert_desc_string_long()\fR: .ie n .IP """\s-1CN""/\s0""close notify""" 4 .el .IP "``\s-1CN''/\s0``close notify''" 4 .IX Item "CN/close notify" @@ -354,4 +358,4 @@ This indicates that no description is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CTX_set_info_callback\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_CTX_set_info_callback\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_check_chain.3 b/secure/lib/libssl/man/SSL_check_chain.3 index e6e8037cee4..7c1cff3346b 100644 --- a/secure/lib/libssl/man/SSL_check_chain.3 +++ b/secure/lib/libssl/man/SSL_check_chain.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_check_chain 3" -.TH SSL_check_chain 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_check_chain 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,12 +149,12 @@ SSL_check_chain \- check certificate chain suitability .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and +\&\fBSSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and certificate chain \fBchain\fR is suitable for use with the current session \&\fBs\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_check_chain()\fR returns a bitmap of flags indicating the validity of the +\&\fBSSL_check_chain()\fR returns a bitmap of flags indicating the validity of the chain. .PP \&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session. @@ -184,7 +188,7 @@ for client authentication. \&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_check_chain()\fR must be called in servers after a client hello message or in +\&\fBSSL_check_chain()\fR must be called in servers after a client hello message or in clients after a certificate request message. It will typically be called in the certificate callback. .PP @@ -209,5 +213,5 @@ very useful. Applications may wish to specify a different \*(L"legacy\*(R" chain for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_cert_cb\fR\|(3), -\&\fIssl\fR\|(3) +\&\fBSSL_CTX_set_cert_cb\fR\|(3), +\&\fBssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index 2f128af2d0d..4eb774e9d8b 100644 --- a/secure/lib/libssl/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_clear 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,8 +157,8 @@ SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While al settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. If a session is still \fBopen\fR, it is considered bad and will be removed from the session cache, as required by \s-1RFC2246. A\s0 session is considered open, -if \fISSL_shutdown\fR\|(3) was not called for the connection -or at least \fISSL_set_shutdown\fR\|(3) was used to +if \fBSSL_shutdown\fR\|(3) was not called for the connection +or at least \fBSSL_set_shutdown\fR\|(3) was used to set the \s-1SSL_SENT_SHUTDOWN\s0 state. .PP If a session was closed cleanly, the session object will be kept and all @@ -163,34 +167,34 @@ used during the session will be kept for the next handshake. So if the session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 server method, even if SSLv23_*_methods were chosen on startup. This -will might lead to connection failures (see \fISSL_new\fR\|(3)) +will might lead to connection failures (see \fBSSL_new\fR\|(3)) for a description of the method's properties. .SH "WARNINGS" .IX Header "WARNINGS" -\&\fISSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The +\&\fBSSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The reset operation however keeps several settings of the last sessions (some of these settings were made automatically during the last handshake). It only makes sense for a new connection with the exact same peer that shares these settings, and may fail if that peer changes its settings between connections. Use the sequence -\&\fISSL_get_session\fR\|(3); -\&\fISSL_new\fR\|(3); -\&\fISSL_set_session\fR\|(3); -\&\fISSL_free\fR\|(3) +\&\fBSSL_get_session\fR\|(3); +\&\fBSSL_new\fR\|(3); +\&\fBSSL_set_session\fR\|(3); +\&\fBSSL_free\fR\|(3) instead to avoid such failures -(or simply \fISSL_free\fR\|(3); \fISSL_new\fR\|(3) +(or simply \fBSSL_free\fR\|(3); \fBSSL_new\fR\|(3) if session reuse is not desired). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 -The \fISSL_clear()\fR operation could not be performed. Check the error stack to +The \fBSSL_clear()\fR operation could not be performed. Check the error stack to find out the reason. .IP "1" 4 .IX Item "1" -The \fISSL_clear()\fR operation was successful. +The \fBSSL_clear()\fR operation was successful. .PP -\&\fISSL_new\fR\|(3), \fISSL_free\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), -\&\fISSL_CTX_set_options\fR\|(3), \fIssl\fR\|(3), -\&\fISSL_CTX_set_client_cert_cb\fR\|(3) +\&\fBSSL_new\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), \fBssl\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index 56894500348..4aec7298f52 100644 --- a/secure/lib/libssl/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_connect 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,25 +149,25 @@ SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication +\&\fBSSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication channel must already have been set and assigned to the \fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. .SH "NOTES" .IX Header "NOTES" -The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO.\s0 +The behaviour of \fBSSL_connect()\fR depends on the underlying \s-1BIO.\s0 .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_connect()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_connect()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_connect()\fR to continue the handshake, indicating the problem by the return value \-1. -In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_connect()\fR. +taking appropriate action to satisfy the needs of \fBSSL_connect()\fR. The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required +nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" @@ -171,7 +175,7 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. The following return values can occur: .IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .IP "1" 4 .IX Item "1" @@ -182,12 +186,12 @@ established. The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), -\&\fISSL_set_connect_state\fR\|(3), -\&\fISSL_do_handshake\fR\|(3), -\&\fISSL_CTX_new\fR\|(3) +\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(3), \fBbio\fR\|(3), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_new\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index 76954fc5d6e..e108b32ed3c 100644 --- a/secure/lib/libssl/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_do_handshake 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,26 +149,26 @@ SSL_do_handshake \- perform a TLS/SSL handshake .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the +\&\fBSSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the connection is in client mode, the handshake will be started. The handshake routines may have to be explicitly set in advance using either -\&\fISSL_set_connect_state\fR\|(3) or -\&\fISSL_set_accept_state\fR\|(3). +\&\fBSSL_set_connect_state\fR\|(3) or +\&\fBSSL_set_accept_state\fR\|(3). .SH "NOTES" .IX Header "NOTES" -The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 +The behaviour of \fBSSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return once the handshake has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_do_handshake()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_do_handshake()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_do_handshake()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_do_handshake()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR. +taking appropriate action to satisfy the needs of \fBSSL_do_handshake()\fR. The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required +nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" @@ -172,7 +176,7 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. The following return values can occur: .IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .IP "1" 4 .IX Item "1" @@ -183,10 +187,10 @@ established. The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), -\&\fISSL_accept\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), -\&\fISSL_set_connect_state\fR\|(3) +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBssl\fR\|(3), \fBbio\fR\|(3), +\&\fBSSL_set_connect_state\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_export_keying_material.3 b/secure/lib/libssl/man/SSL_export_keying_material.3 index 9cbec9e75c3..0c719d99e07 100644 --- a/secure/lib/libssl/man/SSL_export_keying_material.3 +++ b/secure/lib/libssl/man/SSL_export_keying_material.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_export_keying_material 3" -.TH SSL_export_keying_material 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_export_keying_material 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,7 +153,7 @@ SSL_export_keying_material \- obtain keying material for application use .SH "DESCRIPTION" .IX Header "DESCRIPTION" During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is -established between the two endpoints. The function \fISSL_export_keying_material()\fR +established between the two endpoints. The function \fBSSL_export_keying_material()\fR enables an application to use some of this keying material for its own purposes in accordance with \s-1RFC5705.\s0 .PP @@ -179,7 +183,7 @@ Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and above. Attempting to use it in SSLv3 will result in an error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. +\&\fBSSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index ffcbeb9fc76..1cd99143fa7 100644 --- a/secure/lib/libssl/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_free 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,29 +149,29 @@ SSL_free \- free an allocated SSL structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 +\&\fBSSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 structure pointed to by \fBssl\fR and frees up the allocated memory if the reference count has reached 0. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if +\&\fBSSL_free()\fR also calls the \fBfree()\fRing procedures for indirectly affected items, if applicable: the buffering \s-1BIO,\s0 the read and write BIOs, cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. Do not explicitly free these indirectly freed up items before or after -calling \fISSL_free()\fR, as trying to free things twice may lead to program +calling \fBSSL_free()\fR, as trying to free things twice may lead to program failure. .PP The ssl session has reference counts from two users: the \s-1SSL\s0 object, for -which the reference count is removed by \fISSL_free()\fR and the internal +which the reference count is removed by \fBSSL_free()\fR and the internal session cache. If the session is considered bad, because -\&\fISSL_shutdown\fR\|(3) was not called for the connection -and \fISSL_set_shutdown\fR\|(3) was not used to set the +\&\fBSSL_shutdown\fR\|(3) was not called for the connection +and \fBSSL_set_shutdown\fR\|(3) was not used to set the \&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed from the session cache as required by \s-1RFC2246.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_free()\fR does not provide diagnostic information. +\&\fBSSL_free()\fR does not provide diagnostic information. .PP -\&\fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), -\&\fIssl\fR\|(3) +\&\fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index 35951b46990..2a4b18c631c 100644 --- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,11 +149,11 @@ SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which -\&\fBssl\fR was created with \fISSL_new\fR\|(3). +\&\fBSSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which +\&\fBssl\fR was created with \fBSSL_new\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The pointer to the \s-1SSL_CTX\s0 object is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_new\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_new\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index e9dedd9debd..692d581e40b 100644 --- a/secure/lib/libssl/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_ciphers 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,16 +154,16 @@ SSL_get_shared_ciphers .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, +\&\fBSSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. .PP -\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 +\&\fBSSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 is returned. .PP -\&\fISSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of +\&\fBSSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of \&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is the buffer that should be populated with the list of names and \fBsize\fR is the size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on @@ -173,15 +177,15 @@ whether or not they are enabled. This is a server side function only and must only be called after the completion of the initial handshake. .SH "NOTES" .IX Header "NOTES" -The details of the ciphers obtained by \fISSL_get_ciphers()\fR can be obtained using -the \fISSL_CIPHER_get_name\fR\|(3) family of functions. +The details of the ciphers obtained by \fBSSL_get_ciphers()\fR can be obtained using +the \fBSSL_CIPHER_get_name\fR\|(3) family of functions. .PP -Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the +Call \fBSSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the sorted list of available ciphers, until \s-1NULL\s0 is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), -\&\fISSL_CIPHER_get_name\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CIPHER_get_name\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index 397ce996acf..da183d46154 100644 --- a/secure/lib/libssl/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_client_CA_list 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,20 +150,20 @@ SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for -\&\fBctx\fR using \fISSL_CTX_set_client_CA_list\fR\|(3). +\&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using \fBSSL_CTX_set_client_CA_list\fR\|(3). .PP -\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly -set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with -\&\fISSL_CTX_set_client_CA_list\fR\|(3), when in +\&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), when in server mode. In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return +\&\fBSSL_CTX_set_client_CA_list()\fR and \fBSSL_set_client_CA_list()\fR do not return diagnostic information. .PP -\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return +\&\fBSSL_CTX_add_client_CA()\fR and \fBSSL_add_client_CA()\fR have the following return values: .IP "\s-1STACK_OF\s0(X509_NAMES)" 4 .IX Item "STACK_OF(X509_NAMES)" @@ -171,6 +175,6 @@ No client \s-1CA\s0 list was explicitly set (for \fBctx\fR or in server mode) or the server did not send a list of CAs (client mode). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_set_client_CA_list\fR\|(3), -\&\fISSL_CTX_set_client_cert_cb\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index ac66b5e260e..10f4d089108 100644 --- a/secure/lib/libssl/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_current_cipher 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,19 +158,19 @@ SSL_get_cipher_bits, SSL_get_cipher_version \- get SSL_CIPHER of a connection .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +\&\fBSSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing the description of the actually used cipher of a connection established with the \fBssl\fR object. .PP -\&\fISSL_get_cipher()\fR and \fISSL_get_cipher_name()\fR are identical macros to obtain the -name of the currently used cipher. \fISSL_get_cipher_bits()\fR is a +\&\fBSSL_get_cipher()\fR and \fBSSL_get_cipher_name()\fR are identical macros to obtain the +name of the currently used cipher. \fBSSL_get_cipher_bits()\fR is a macro to obtain the number of secret/algorithm bits used and -\&\fISSL_get_cipher_version()\fR returns the protocol name. -See \fISSL_CIPHER_get_name\fR\|(3) for more details. +\&\fBSSL_get_cipher_version()\fR returns the protocol name. +See \fBSSL_CIPHER_get_name\fR\|(3) for more details. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL,\s0 when +\&\fBSSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL,\s0 when no session has been established. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CIPHER_get_name\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_CIPHER_get_name\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index 71db8eab9d6..daaeff3e7d8 100644 --- a/secure/lib/libssl/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_default_timeout 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,25 +149,25 @@ SSL_get_default_timeout \- get default session timeout value .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_default_timeout()\fR returns the default timeout value assigned to +\&\fBSSL_get_default_timeout()\fR returns the default timeout value assigned to \&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Whenever a new session is negotiated, it is assigned a timeout value, after which it will not be accepted for session reuse. If the timeout value was not explicitly set using -\&\fISSL_CTX_set_timeout\fR\|(3), the hardcoded default +\&\fBSSL_CTX_set_timeout\fR\|(3), the hardcoded default timeout for the protocol will be used. .PP -\&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds +\&\fBSSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds for all currently supported protocols (SSLv2, SSLv3, and TLSv1). .SH "RETURN VALUES" .IX Header "RETURN VALUES" See description. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_SESSION_get_time\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3), -\&\fISSL_get_default_timeout\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index 0076acbbe54..3a146c63121 100644 --- a/secure/lib/libssl/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_error 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,18 +149,18 @@ SSL_get_error \- obtain result code for TLS/SSL I/O operation .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" -statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR, -\&\fISSL_read()\fR, \fISSL_peek()\fR, or \fISSL_write()\fR on \fBssl\fR. The value returned by -that \s-1TLS/SSL I/O\s0 function must be passed to \fISSL_get_error()\fR in parameter +\&\fBSSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" +statement) for a preceding call to \fBSSL_connect()\fR, \fBSSL_accept()\fR, \fBSSL_do_handshake()\fR, +\&\fBSSL_read()\fR, \fBSSL_peek()\fR, or \fBSSL_write()\fR on \fBssl\fR. The value returned by +that \s-1TLS/SSL I/O\s0 function must be passed to \fBSSL_get_error()\fR in parameter \&\fBret\fR. .PP -In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the -current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be +In addition to \fBssl\fR and \fBret\fR, \fBSSL_get_error()\fR inspects the +current thread's OpenSSL error queue. Thus, \fBSSL_get_error()\fR must be used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no other OpenSSL function calls should appear in between. The current thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is -attempted, or \fISSL_get_error()\fR will not work reliably. +attempted, or \fBSSL_get_error()\fR will not work reliably. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: @@ -185,44 +189,47 @@ There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level. .Sp -For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or -\&\fIpoll()\fR on the underlying socket can be used to find out when the +For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or +\&\fBpoll()\fR on the underlying socket can be used to find out when the \&\s-1TLS/SSL I/O\s0 function should be retried. .Sp Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular, -\&\fISSL_read()\fR or \fISSL_peek()\fR may want to write data and \fISSL_write()\fR may want +\&\fBSSL_read()\fR or \fBSSL_peek()\fR may want to write data and \fBSSL_write()\fR may want to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by either the client or the server); -\&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes. +\&\fBSSL_read()\fR, \fBSSL_peek()\fR, and \fBSSL_write()\fR will handle any pending handshakes. .IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4 .IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be called again later. The underlying \s-1BIO\s0 was not connected yet to the peer -and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be +and the call would block in \fBconnect()\fR/\fBaccept()\fR. The \s-1SSL\s0 function should be called again when the connection is established. These messages can only -appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO,\s0 respectively. +appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR \s-1BIO,\s0 respectively. In order to find out, when the connection has been successfully established, -on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor +on many platforms \fBselect()\fR or \fBpoll()\fR for writing on the socket file descriptor can be used. .IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 .IX Item "SSL_ERROR_WANT_X509_LOOKUP" The operation did not complete because an application callback set by -\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. +\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. The \s-1TLS/SSL I/O\s0 function should be called again later. Details depend on the application. .IP "\s-1SSL_ERROR_SYSCALL\s0" 4 .IX Item "SSL_ERROR_SYSCALL" -Some non-recoverable I/O error occurred. -The OpenSSL error queue may contain more information on the error. -For socket I/O on Unix systems, consult \fBerrno\fR for details. +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +\&\fBerrno\fR for details. If this error occurs then no further I/O operations should +be performed on the connection and \fBSSL_shutdown()\fR must not be called. .IP "\s-1SSL_ERROR_SSL\s0" 4 .IX Item "SSL_ERROR_SSL" -A failure in the \s-1SSL\s0 library occurred, usually a protocol error. The -OpenSSL error queue contains more information on the error. +A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and \fBSSL_shutdown()\fR must not be called. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fIerr\fR\|(3) +\&\fBssl\fR\|(3), \fBerr\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_get_error()\fR was added in SSLeay 0.8. +\&\fBSSL_get_error()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index c6b09c750d3..6cc3240b884 100644 --- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,18 +150,18 @@ from X509_STORE_CTX .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR returns the index number under which +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx()\fR returns the index number under which the pointer to the \s-1SSL\s0 object is stored into the X509_STORE_CTX object. .SH "NOTES" .IX Header "NOTES" Whenever a X509_STORE_CTX object is created for the verification of the peers certificate during a handshake, a pointer to the \s-1SSL\s0 object is stored into the X509_STORE_CTX object to identify the connection affected. -To retrieve this pointer the \fIX509_STORE_CTX_get_ex_data()\fR function can +To retrieve this pointer the \fBX509_STORE_CTX_get_ex_data()\fR function can be used with the correct index. This index is globally the same for all X509_STORE_CTX objects and can be retrieved using -\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR. The index value is set when -\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR is first called either by the application +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx()\fR. The index value is set when +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx()\fR is first called either by the application program directly or indirectly during other \s-1SSL\s0 setup functions or during the handshake. .PP @@ -173,11 +177,11 @@ The index value to access the pointer. An error occurred, check the error stack for a detailed error message. .SH "EXAMPLES" .IX Header "EXAMPLES" -The index returned from \fISSL_get_ex_data_X509_STORE_CTX_idx()\fR allows to +The index returned from \fBSSL_get_ex_data_X509_STORE_CTX_idx()\fR allows to access the \s-1SSL\s0 object for the connection to be accessed during the -\&\fIverify_callback()\fR when checking the peers certificate. Please check -the example in \fISSL_CTX_set_verify\fR\|(3), +\&\fBverify_callback()\fR when checking the peers certificate. Please check +the example in \fBSSL_CTX_set_verify\fR\|(3), .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3), -\&\fICRYPTO_set_ex_data\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_CTX_set_verify\fR\|(3), +\&\fBCRYPTO_set_ex_data\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index aadb08e5c8a..4b1d9d1c153 100644 --- a/secure/lib/libssl/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_ex_new_index 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,26 +167,26 @@ Several OpenSSL structures can have application specific data attached to them. These functions are used internally by OpenSSL to manipulate application specific data attached to a specific structure. .PP -\&\fISSL_get_ex_new_index()\fR is used to register a new index for application +\&\fBSSL_get_ex_new_index()\fR is used to register a new index for application specific data. .PP -\&\fISSL_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR into +\&\fBSSL_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR into the \fBssl\fR object. .PP -\&\fISSL_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from +\&\fBSSL_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from \&\fBssl\fR. .PP -A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in \fIRSA_get_ex_new_index\fR\|(3). -The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -\&\fICRYPTO_set_ex_data\fR\|(3). +A detailed description for the \fB*\fB_get_ex_new_index()\fB\fR functionality +can be found in \fBRSA_get_ex_new_index\fR\|(3). +The \fB*\fB_get_ex_data()\fB\fR and \fB*\fB_set_ex_data()\fB\fR functionality is described in +\&\fBCRYPTO_set_ex_data\fR\|(3). .SH "EXAMPLES" .IX Header "EXAMPLES" An example on how to use the functionality is included in the example -\&\fIverify_callback()\fR in \fISSL_CTX_set_verify\fR\|(3). +\&\fBverify_callback()\fR in \fBSSL_CTX_set_verify\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fIRSA_get_ex_new_index\fR\|(3), -\&\fICRYPTO_set_ex_data\fR\|(3), -\&\fISSL_CTX_set_verify\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBRSA_get_ex_new_index\fR\|(3), +\&\fBCRYPTO_set_ex_data\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index 382e91a3d15..5c3d889072a 100644 --- a/secure/lib/libssl/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_fd 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,10 +151,10 @@ SSL_get_fd \- get file descriptor linked to an SSL object .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. -\&\fISSL_get_rfd()\fR and \fISSL_get_wfd()\fR return the file descriptors for the +\&\fBSSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. +\&\fBSSL_get_rfd()\fR and \fBSSL_get_wfd()\fR return the file descriptors for the read or the write channel, which can be different. If the read and the -write channel are different, \fISSL_get_fd()\fR will return the file descriptor +write channel are different, \fBSSL_get_fd()\fR will return the file descriptor of the read channel. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -164,4 +168,4 @@ The operation failed, because the underlying \s-1BIO\s0 is not of the correct ty The file descriptor linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_set_fd\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3) +\&\fBSSL_set_fd\fR\|(3), \fBssl\fR\|(3) , \fBbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index 33c3c15852c..8303acc405f 100644 --- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,11 +149,11 @@ SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates +\&\fBSSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates forming the certificate chain of the peer. If called on the client side, the stack also contains the peer's certificate; if called on the server side, the peer's certificate must be obtained separately using -\&\fISSL_get_peer_certificate\fR\|(3). +\&\fBSSL_get_peer_certificate\fR\|(3). If the peer did not present a certificate, \s-1NULL\s0 is returned. .SH "NOTES" .IX Header "NOTES" @@ -171,4 +175,4 @@ or the certificate chain is no longer available when a session is reused. The return value points to the certificate chain presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_get_peer_certificate\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_get_peer_certificate\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index 9add3067223..8a3edfd5492 100644 --- a/secure/lib/libssl/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_peer_certificate 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,23 +149,23 @@ SSL_get_peer_certificate \- get the X509 certificate of the peer .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the +\&\fBSSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. .SH "NOTES" .IX Header "NOTES" Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a certificate, if present. A client will only send a certificate when explicitly requested to do so by the server (see -\&\fISSL_CTX_set_verify\fR\|(3)). If an anonymous cipher +\&\fBSSL_CTX_set_verify\fR\|(3)). If an anonymous cipher is used, no certificates are sent. .PP That a certificate is returned does not indicate information about the -verification state, use \fISSL_get_verify_result\fR\|(3) +verification state, use \fBSSL_get_verify_result\fR\|(3) to check the verification state. .PP The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is -freed. The X509 object must be explicitly freed using \fIX509_free()\fR. +freed. The X509 object must be explicitly freed using \fBX509_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: @@ -173,5 +177,5 @@ No certificate was presented by the peer or no connection was established. The return value points to the certificate presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_get_verify_result\fR\|(3), -\&\fISSL_CTX_set_verify\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_psk_identity.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3 index 6f4f729f11d..7e2c93fdf56 100644 --- a/secure/lib/libssl/man/SSL_get_psk_identity.3 +++ b/secure/lib/libssl/man/SSL_get_psk_identity.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_psk_identity 3" -.TH SSL_get_psk_identity 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_psk_identity 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,15 +150,15 @@ SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and h .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint +\&\fBSSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint used during the connection setup related to \s-1SSL\s0 object -\&\fBssl\fR. Similarly, \fISSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 +\&\fBssl\fR. Similarly, \fBSSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 identity used during the connection setup. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If non\-\fB\s-1NULL\s0\fR, \fISSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity -hint and \fISSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are -\&\fB\s-1NULL\s0\fR\-terminated. \fISSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if +If non\-\fB\s-1NULL\s0\fR, \fBSSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity +hint and \fBSSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are +\&\fB\s-1NULL\s0\fR\-terminated. \fBSSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if no \s-1PSK\s0 identity hint was used during the connection setup. .PP Note that the return value is valid only during the lifetime of the diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index 9a932fdf61e..ef4e1f2af3e 100644 --- a/secure/lib/libssl/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_rbio 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +150,7 @@ SSL_get_rbio \- get BIO linked to an SSL object .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_rbio()\fR and \fISSL_get_wbio()\fR return pointers to the BIOs for the +\&\fBSSL_get_rbio()\fR and \fBSSL_get_wbio()\fR return pointers to the BIOs for the read or the write channel, which can be different. The reference count of the \s-1BIO\s0 is not incremented. .SH "RETURN VALUES" @@ -160,4 +164,4 @@ No \s-1BIO\s0 was connected to the \s-1SSL\s0 object The \s-1BIO\s0 linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3) +\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(3) , \fBbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index b4f6f44ee88..5aa709c8a96 100644 --- a/secure/lib/libssl/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_session 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,13 +151,13 @@ SSL_get_session \- retrieve TLS/SSL session data .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in +\&\fBSSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in \&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so that the pointer can become invalid by other operations. .PP -\&\fISSL_get0_session()\fR is the same as \fISSL_get_session()\fR. +\&\fBSSL_get0_session()\fR is the same as \fBSSL_get_session()\fR. .PP -\&\fISSL_get1_session()\fR is the same as \fISSL_get_session()\fR, but the reference +\&\fBSSL_get1_session()\fR is the same as \fBSSL_get_session()\fR, but the reference count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. .SH "NOTES" .IX Header "NOTES" @@ -162,21 +166,21 @@ connection without a new handshake. .PP A session will be automatically removed from the session cache and marked as non-resumable if the connection is not closed down cleanly, e.g. if a fatal -error occurs on the connection or \fISSL_shutdown\fR\|(3) is not called prior to -\&\fISSL_free\fR\|(3). +error occurs on the connection or \fBSSL_shutdown\fR\|(3) is not called prior to +\&\fBSSL_free\fR\|(3). .PP -\&\fISSL_get0_session()\fR returns a pointer to the actual session. As the +\&\fBSSL_get0_session()\fR returns a pointer to the actual session. As the reference counter is not incremented, the pointer is only valid while -the connection is in use. If \fISSL_clear\fR\|(3) or -\&\fISSL_free\fR\|(3) is called, the session may be removed completely +the connection is in use. If \fBSSL_clear\fR\|(3) or +\&\fBSSL_free\fR\|(3) is called, the session may be removed completely (if considered bad), and the pointer obtained will become invalid. Even if the session is valid, it can be removed at any time due to timeout -during \fISSL_CTX_flush_sessions\fR\|(3). +during \fBSSL_CTX_flush_sessions\fR\|(3). .PP -If the data is to be kept, \fISSL_get1_session()\fR will increment the reference +If the data is to be kept, \fBSSL_get1_session()\fR will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. In order to remove the session -\&\fISSL_SESSION_free\fR\|(3) must be explicitly called once +\&\fBSSL_SESSION_free\fR\|(3) must be explicitly called once to decrement the reference count again. .PP \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache @@ -195,6 +199,6 @@ There is no session available in \fBssl\fR. The return value points to the data of an \s-1SSL\s0 session. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_free\fR\|(3), -\&\fISSL_clear\fR\|(3), -\&\fISSL_SESSION_free\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBSSL_clear\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index f0795e19450..a020b32537f 100644 --- a/secure/lib/libssl/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_verify_result 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,14 +149,14 @@ SSL_get_verify_result \- get result of peer certificate verification .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_verify_result()\fR returns the result of the verification of the +\&\fBSSL_get_verify_result()\fR returns the result of the verification of the X509 certificate presented by the peer, if any. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_get_verify_result()\fR can only return one error code while the verification +\&\fBSSL_get_verify_result()\fR can only return one error code while the verification of a certificate can fail because of many reasons at the same time. Only the last verification error that occurred during the processing is available -from \fISSL_get_verify_result()\fR. +from \fBSSL_get_verify_result()\fR. .PP The verification result is part of the established session and is restored when a session is reused. @@ -160,8 +164,8 @@ when a session is reused. .IX Header "BUGS" If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however -not indicate success. \fISSL_get_verify_result()\fR is only useful in connection -with \fISSL_get_peer_certificate\fR\|(3). +not indicate success. \fBSSL_get_verify_result()\fR is only useful in connection +with \fBSSL_get_peer_certificate\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: @@ -170,9 +174,9 @@ The following return values can currently occur: The verification succeeded or no peer certificate was presented. .IP "Any other value" 4 .IX Item "Any other value" -Documented in \fIverify\fR\|(1). +Documented in \fBverify\fR\|(1). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_set_verify_result\fR\|(3), -\&\fISSL_get_peer_certificate\fR\|(3), -\&\fIverify\fR\|(1) +\&\fBssl\fR\|(3), \fBSSL_set_verify_result\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBverify\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index b564f7d571d..376db9b2357 100644 --- a/secure/lib/libssl/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_get_version 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ SSL_get_version \- get the protocol version of a connection. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_version()\fR returns the name of the protocol used for the +\&\fBSSL_get_version()\fR returns the name of the protocol used for the connection \fBssl\fR. It should only be called after the initial handshake has been completed. Prior to that the results returned from this function may be unreliable. @@ -172,4 +176,4 @@ The connection uses the TLSv1.2 protocol. This indicates an unknown protocol version. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3) +\&\fBssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 13760923825..b4bf6a8832d 100644 --- a/secure/lib/libssl/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_library_init 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,17 +152,17 @@ SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. +\&\fBSSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. .PP -\&\fIOpenSSL_add_ssl_algorithms()\fR and \fISSLeay_add_ssl_algorithms()\fR are synonyms -for \fISSL_library_init()\fR. +\&\fBOpenSSL_add_ssl_algorithms()\fR and \fBSSLeay_add_ssl_algorithms()\fR are synonyms +for \fBSSL_library_init()\fR. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_library_init()\fR must be called before any other action takes place. -\&\fISSL_library_init()\fR is not reentrant. +\&\fBSSL_library_init()\fR must be called before any other action takes place. +\&\fBSSL_library_init()\fR is not reentrant. .SH "WARNING" .IX Header "WARNING" -\&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by +\&\fBSSL_library_init()\fR adds ciphers and digests used directly and indirectly by \&\s-1SSL/TLS.\s0 .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -171,14 +175,14 @@ and provide readable error messages. .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return +\&\fBSSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return value. .SH "NOTES" .IX Header "NOTES" -OpenSSL 0.9.8o and 1.0.0a and later added \s-1SHA2\s0 algorithms to \fISSL_library_init()\fR. +OpenSSL 0.9.8o and 1.0.0a and later added \s-1SHA2\s0 algorithms to \fBSSL_library_init()\fR. Applications which need to use \s-1SHA2\s0 in earlier versions of OpenSSL should call -\&\fIOpenSSL_add_all_algorithms()\fR as well. +\&\fBOpenSSL_add_all_algorithms()\fR as well. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_load_error_strings\fR\|(3), -\&\fIRAND_add\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_load_error_strings\fR\|(3), +\&\fBRAND_add\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index 35df58282ce..ce052c90761 100644 --- a/secure/lib/libssl/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_load_client_CA_file 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,14 +149,14 @@ SSL_load_client_CA_file \- load certificate names from file .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns +\&\fBSSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns a \s-1STACK_OF\s0(X509_NAME) with the subject names found. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and +\&\fBSSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for -\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), it is not limited to \s-1CA\s0 certificates. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -181,5 +185,5 @@ The operation failed, check out the error stack for the reason. Pointer to the subject names of the successfully read certificates. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), -\&\fISSL_CTX_set_client_CA_list\fR\|(3) +\&\fBssl\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index be6781a1a3e..1e3f20d46ab 100644 --- a/secure/lib/libssl/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_new 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +149,7 @@ SSL_new \- create a new SSL structure for a connection .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the +\&\fBSSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings of the underlying context \fBctx\fR: connection method (SSLv2/v3/TLSv1), options, verification settings, timeout settings. @@ -161,7 +165,7 @@ find out the reason. The return value points to an allocated \s-1SSL\s0 structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3), -\&\fISSL_CTX_set_options\fR\|(3), -\&\fISSL_get_SSL_CTX\fR\|(3), -\&\fIssl\fR\|(3) +\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBSSL_get_SSL_CTX\fR\|(3), +\&\fBssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index f480ee47fbb..200a28e9d42 100644 --- a/secure/lib/libssl/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_pending 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,28 +149,28 @@ SSL_pending \- obtain number of readable bytes buffered in an SSL object .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_pending()\fR returns the number of bytes which are available inside +\&\fBSSL_pending()\fR returns the number of bytes which are available inside \&\fBssl\fR for immediate read. .SH "NOTES" .IX Header "NOTES" Data are received in blocks from the peer. Therefore data can be buffered inside \fBssl\fR and are ready for immediate retrieval with -\&\fISSL_read\fR\|(3). +\&\fBSSL_read\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The number of bytes pending is returned. .SH "BUGS" .IX Header "BUGS" -\&\fISSL_pending()\fR takes into account only bytes from the \s-1TLS/SSL\s0 record +\&\fBSSL_pending()\fR takes into account only bytes from the \s-1TLS/SSL\s0 record that is currently being processed (if any). If the \fB\s-1SSL\s0\fR object's \&\fIread_ahead\fR flag is set (see -\&\fISSL_CTX_set_read_ahead\fR\|(3)), additional protocol +\&\fBSSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes may have been read containing more \s-1TLS/SSL\s0 records; these are ignored by -\&\fISSL_pending()\fR. +\&\fBSSL_pending()\fR. .PP -Up to OpenSSL 0.9.6, \fISSL_pending()\fR does not check if the record type +Up to OpenSSL 0.9.6, \fBSSL_pending()\fR does not check if the record type of pending data is application data. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_read\fR\|(3), -\&\fISSL_CTX_set_read_ahead\fR\|(3), \fIssl\fR\|(3) +\&\fBSSL_read\fR\|(3), +\&\fBSSL_CTX_set_read_ahead\fR\|(3), \fBssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index 229a78ad996..93263110501 100644 --- a/secure/lib/libssl/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_read 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,64 +149,64 @@ SSL_read \- read bytes from a TLS/SSL connection. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_read()\fR tries to read \fBnum\fR bytes from the specified \fBssl\fR into the +\&\fBSSL_read()\fR tries to read \fBnum\fR bytes from the specified \fBssl\fR into the buffer \fBbuf\fR. .SH "NOTES" .IX Header "NOTES" -If necessary, \fISSL_read()\fR will negotiate a \s-1TLS/SSL\s0 session, if -not already explicitly performed by \fISSL_connect\fR\|(3) or -\&\fISSL_accept\fR\|(3). If the +If necessary, \fBSSL_read()\fR will negotiate a \s-1TLS/SSL\s0 session, if +not already explicitly performed by \fBSSL_connect\fR\|(3) or +\&\fBSSL_accept\fR\|(3). If the peer requests a re-negotiation, it will be performed transparently during -the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the +the \fBSSL_read()\fR operation. The behaviour of \fBSSL_read()\fR depends on the underlying \s-1BIO.\s0 .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling -\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR -before the first call to an \fISSL_read()\fR or \fISSL_write\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR +before the first call to an \fBSSL_read()\fR or \fBSSL_write\fR\|(3) function. .PP -\&\fISSL_read()\fR works based on the \s-1SSL/TLS\s0 records. The data are received in +\&\fBSSL_read()\fR works based on the \s-1SSL/TLS\s0 records. The data are received in records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a record has been completely received, it can be processed (decryption and check of integrity). Therefore data that was not retrieved at the last -call of \fISSL_read()\fR can still be buffered inside the \s-1SSL\s0 layer and will be -retrieved on the next call to \fISSL_read()\fR. If \fBnum\fR is higher than the -number of bytes buffered, \fISSL_read()\fR will return with the bytes buffered. -If no more bytes are in the buffer, \fISSL_read()\fR will trigger the processing +call of \fBSSL_read()\fR can still be buffered inside the \s-1SSL\s0 layer and will be +retrieved on the next call to \fBSSL_read()\fR. If \fBnum\fR is higher than the +number of bytes buffered, \fBSSL_read()\fR will return with the bytes buffered. +If no more bytes are in the buffer, \fBSSL_read()\fR will trigger the processing of the next record. Only when the record has been received and processed -completely, \fISSL_read()\fR will return reporting success. At most the contents +completely, \fBSSL_read()\fR will return reporting success. At most the contents of the record will be returned. As the size of an \s-1SSL/TLS\s0 record may exceed the maximum packet size of the underlying transport (e.g. \s-1TCP\s0), it may be necessary to read several packets from the transport layer before the -record is complete and \fISSL_read()\fR can succeed. +record is complete and \fBSSL_read()\fR can succeed. .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_read()\fR will only return, once the +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_read()\fR will only return, once the read operation has been finished or an error occurred, except when a renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the -\&\fISSL_CTX_set_mode\fR\|(3) call. +\&\fBSSL_CTX_set_mode\fR\|(3) call. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_read()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_read()\fR +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_read()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_read()\fR to continue the operation. In this case a call to -\&\fISSL_get_error\fR\|(3) with the -return value of \fISSL_read()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fBSSL_get_error\fR\|(3) with the +return value of \fBSSL_read()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a -call to \fISSL_read()\fR can also cause write operations! The calling process +call to \fBSSL_read()\fR can also cause write operations! The calling process then must repeat the call after taking appropriate action to satisfy the -needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO.\s0 When using a -non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check +needs of \fBSSL_read()\fR. The action depends on the underlying \s-1BIO.\s0 When using a +non-blocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP -\&\fISSL_pending\fR\|(3) can be used to find out whether there +\&\fBSSL_pending\fR\|(3) can be used to find out whether there are buffered bytes available for immediate retrieval. In this case -\&\fISSL_read()\fR can be called without blocking or actually receiving new +\&\fBSSL_read()\fR can be called without blocking or actually receiving new data from the underlying socket. .SH "WARNING" .IX Header "WARNING" -When an \fISSL_read()\fR operation has to be repeated because of +When an \fBSSL_read()\fR operation has to be repeated because of \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated with the same arguments. .SH "RETURN VALUES" @@ -221,7 +225,7 @@ connection. .PD The read operation was not successful, because either the connection was closed, an error occurred or action must be taken by the calling process. -Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. .Sp SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only be detected, whether the underlying connection was closed. It cannot @@ -230,13 +234,13 @@ else. .Sp Old documentation indicated a difference between 0 and \-1, and that \-1 was retryable. -You should instead call \fISSL_get_error()\fR to find out if it's retryable. +You should instead call \fBSSL_get_error()\fR to find out if it's retryable. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_write\fR\|(3), -\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), -\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) -\&\fISSL_set_connect_state\fR\|(3), -\&\fISSL_pending\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), -\&\fIssl\fR\|(3), \fIbio\fR\|(3) +\&\fBSSL_get_error\fR\|(3), \fBSSL_write\fR\|(3), +\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_pending\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBssl\fR\|(3), \fBbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index 821cb3877d9..bad5a0d47ee 100644 --- a/secure/lib/libssl/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_rstate_string 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,10 +150,10 @@ SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_rstate_string()\fR returns a 2 letter string indicating the current read state +\&\fBSSL_rstate_string()\fR returns a 2 letter string indicating the current read state of the \s-1SSL\s0 object \fBssl\fR. .PP -\&\fISSL_rstate_string_long()\fR returns a string indicating the current read state of +\&\fBSSL_rstate_string_long()\fR returns a string indicating the current read state of the \s-1SSL\s0 object \fBssl\fR. .SH "NOTES" .IX Header "NOTES" @@ -160,7 +164,7 @@ SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read do This function should only seldom be needed in applications. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following +\&\fBSSL_rstate_string()\fR and \fBSSL_rstate_string_long()\fR can return the following values: .ie n .IP """\s-1RH""/\s0""read header""" 4 .el .IP "``\s-1RH''/\s0``read header''" 4 @@ -180,4 +184,4 @@ The record has been completely processed. The read state is unknown. This should never happen. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3) +\&\fBssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index ecd7e157a6a..031d8ab2288 100644 --- a/secure/lib/libssl/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_session_reused 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,5 +166,5 @@ A new session was negotiated. A session was reused. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_set_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index c194841f193..dfbaad3d02b 100644 --- a/secure/lib/libssl/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_set_bio 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,19 +149,19 @@ SSL_set_bio \- connect the SSL object with a BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write +\&\fBSSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. .PP The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively. If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour. .PP -If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called (for both the reading and writing side, if different). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_bio()\fR cannot fail. +\&\fBSSL_set_bio()\fR cannot fail. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_rbio\fR\|(3), -\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3) +\&\fBSSL_get_rbio\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(3), \fBbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index b0221ca306b..36e62eb128f 100644 --- a/secure/lib/libssl/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_set_connect_state 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,37 +151,37 @@ SSL_set_connect_state, SSL_get_accept_state \- prepare SSL object to work in cli .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. +\&\fBSSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. .PP -\&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. +\&\fBSSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. .SH "NOTES" .IX Header "NOTES" -When the \s-1SSL_CTX\s0 object was created with \fISSL_CTX_new\fR\|(3), +When the \s-1SSL_CTX\s0 object was created with \fBSSL_CTX_new\fR\|(3), it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with -\&\fISSL_CTX_set_ssl_version\fR\|(3) or -\&\fISSL_set_ssl_method\fR\|(3).) +\&\fBSSL_CTX_set_ssl_version\fR\|(3) or +\&\fBSSL_set_ssl_method\fR\|(3).) .PP When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must call the connect (client) or accept (server) routines. Even though it may be clear from the method chosen, whether client or server mode was requested, the handshake routines must be explicitly set. .PP -When using the \fISSL_connect\fR\|(3) or -\&\fISSL_accept\fR\|(3) routines, the correct handshake +When using the \fBSSL_connect\fR\|(3) or +\&\fBSSL_accept\fR\|(3) routines, the correct handshake routines are automatically set. When performing a transparent negotiation -using \fISSL_write\fR\|(3) or \fISSL_read\fR\|(3), the +using \fBSSL_write\fR\|(3) or \fBSSL_read\fR\|(3), the handshake routines must be explicitly set in advance using either -\&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR. +\&\fBSSL_set_connect_state()\fR or \fBSSL_set_accept_state()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_connect_state()\fR and \fISSL_set_accept_state()\fR do not return diagnostic +\&\fBSSL_set_connect_state()\fR and \fBSSL_set_accept_state()\fR do not return diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_CTX_new\fR\|(3), -\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_write\fR\|(3), \fISSL_read\fR\|(3), -\&\fISSL_do_handshake\fR\|(3), -\&\fISSL_CTX_set_ssl_version\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_new\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_write\fR\|(3), \fBSSL_read\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_set_ssl_version\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index 0f2cc504b50..6d350a6f193 100644 --- a/secure/lib/libssl/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_set_fd 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +151,7 @@ SSL_set_fd \- connect the SSL object with a file descriptor .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility +\&\fBSSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the socket file descriptor of a network connection. .PP @@ -156,10 +160,10 @@ interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1S inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will also have non-blocking behaviour. .PP -If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called (for both the reading and writing side, if different). .PP -\&\fISSL_set_rfd()\fR and \fISSL_set_wfd()\fR perform the respective action, but only +\&\fBSSL_set_rfd()\fR and \fBSSL_set_wfd()\fR perform the respective action, but only for the read channel or the write channel, which can be set independently. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -171,6 +175,6 @@ The operation failed. Check the error stack to find out why. The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_fd\fR\|(3), \fISSL_set_bio\fR\|(3), -\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3) +\&\fBSSL_get_fd\fR\|(3), \fBSSL_set_bio\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(3) , \fBbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index 024d9e242d6..0dbba53c2d9 100644 --- a/secure/lib/libssl/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_set_session 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,16 +149,16 @@ SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection -is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. +\&\fBSSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection +is to be established. \fBSSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. When the session is set, the reference count of \fBsession\fR is incremented by 1. If the session is not reused, the reference count is decremented -again during \fISSL_connect()\fR. Whether the session was reused can be queried -with the \fISSL_session_reused\fR\|(3) call. +again during \fBSSL_connect()\fR. Whether the session was reused can be queried +with the \fBSSL_session_reused\fR\|(3) call. .PP If there is already a session set inside \fBssl\fR (because it was set with -\&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for -a connection), \fISSL_SESSION_free()\fR will be called for that session. +\&\fBSSL_set_session()\fR before or because the same \fBssl\fR was already used for +a connection), \fBSSL_SESSION_free()\fR will be called for that session. .SH "NOTES" .IX Header "NOTES" \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache @@ -172,7 +176,7 @@ The operation failed; check the error stack to find out the reason. The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_SESSION_free\fR\|(3), -\&\fISSL_get_session\fR\|(3), -\&\fISSL_session_reused\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index b9745ef89ee..8b48f0715e6 100644 --- a/secure/lib/libssl/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_set_shutdown 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,9 +151,9 @@ SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connec .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. +\&\fBSSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. .PP -\&\fISSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. +\&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The shutdown state of an ssl connection is a bitmask of: @@ -168,25 +172,25 @@ or a fatal error. .PP The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when -\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called, +\&\fBSSL_clear\fR\|(3) or \fBSSL_free\fR\|(3) is called, it is considered bad and removed according to \s-1RFC2246.\s0 The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 (according to the \s-1TLS RFC,\s0 it is acceptable to only send the \*(L"close notify\*(R" alert but to not wait for the peer's answer, when the underlying connection is closed). -\&\fISSL_set_shutdown()\fR can be used to set this state without sending a -close alert to the peer (see \fISSL_shutdown\fR\|(3)). +\&\fBSSL_set_shutdown()\fR can be used to set this state without sending a +close alert to the peer (see \fBSSL_shutdown\fR\|(3)). .PP If a \*(L"close notify\*(R" was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call -\&\fISSL_shutdown\fR\|(3) or \fISSL_set_shutdown()\fR itself. +\&\fBSSL_shutdown\fR\|(3) or \fBSSL_set_shutdown()\fR itself. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_shutdown()\fR does not return diagnostic information. +\&\fBSSL_set_shutdown()\fR does not return diagnostic information. .PP -\&\fISSL_get_shutdown()\fR returns the current setting. +\&\fBSSL_get_shutdown()\fR returns the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_shutdown\fR\|(3), -\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), -\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index 95333c1ef40..6b207f6023b 100644 --- a/secure/lib/libssl/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_set_verify_result 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,22 +149,22 @@ SSL_set_verify_result \- override result of peer certificate verification .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the +\&\fBSSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the result of the verification of the X509 certificate presented by the peer, if any. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_set_verify_result()\fR overrides the verification result. It only changes +\&\fBSSL_set_verify_result()\fR overrides the verification result. It only changes the verification result of the \fBssl\fR object. It does not become part of the established session, so if the session is to be reused later, the original value will reappear. .PP -The valid codes for \fBverify_result\fR are documented in \fIverify\fR\|(1). +The valid codes for \fBverify_result\fR are documented in \fBverify\fR\|(1). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_verify_result()\fR does not provide a return value. +\&\fBSSL_set_verify_result()\fR does not provide a return value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_get_verify_result\fR\|(3), -\&\fISSL_get_peer_certificate\fR\|(3), -\&\fIverify\fR\|(1) +\&\fBssl\fR\|(3), \fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBverify\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index 9b25bca78ce..dded773c715 100644 --- a/secure/lib/libssl/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_shutdown 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,15 +149,19 @@ SSL_shutdown \- shut down a TLS/SSL connection .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the +\&\fBSSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the \&\*(L"close notify\*(R" shutdown alert to the peer. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_shutdown()\fR tries to send the \*(L"close notify\*(R" shutdown alert to the peer. +\&\fBSSL_shutdown()\fR tries to send the \*(L"close notify\*(R" shutdown alert to the peer. Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. .PP +Note that \fBSSL_shutdown()\fR must not be called if a previous fatal error has +occurred on a connection i.e. if \fBSSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0 +or \s-1SSL_ERROR_SSL.\s0 +.PP The shutdown procedure consists of 2 steps: the sending of the \*(L"close notify\*(R" shutdown alert and the reception of the peer's \*(L"close notify\*(R" shutdown alert. According to the \s-1TLS\s0 standard, it is acceptable for an application @@ -164,51 +172,51 @@ When the underlying connection shall be used for more communications, the complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be performed, so that the peers stay synchronized. .PP -\&\fISSL_shutdown()\fR supports both uni\- and bidirectional shutdown by its 2 step +\&\fBSSL_shutdown()\fR supports both uni\- and bidirectional shutdown by its 2 step behaviour. -.ie n .IP "When the application is the first party to send the ""close notify"" alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ""close notify"" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 -.el .IP "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 +.ie n .IP "When the application is the first party to send the ""close notify"" alert, \fBSSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fBSSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fBSSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fBSSL_shutdown()\fR must be called again. The second call will make \fBSSL_shutdown()\fR wait for the peer's ""close notify"" shutdown alert. On success, the second call to \fBSSL_shutdown()\fR will return with 1." 4 +.el .IP "When the application is the first party to send the ``close notify'' alert, \fBSSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fBSSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fBSSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fBSSL_shutdown()\fR must be called again. The second call will make \fBSSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fBSSL_shutdown()\fR will return with 1." 4 .IX Item "When the application is the first party to send the close notify alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1." .PD 0 -.ie n .IP "If the peer already sent the ""close notify"" alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ""close notify"" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4 -.el .IP "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4 +.ie n .IP "If the peer already sent the ""close notify"" alert \fBand\fR it was already processed implicitly inside another function (\fBSSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fBSSL_shutdown()\fR will send the ""close notify"" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call." 4 +.el .IP "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (\fBSSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fBSSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call." 4 .IX Item "If the peer already sent the close notify alert and it was already processed implicitly inside another function (SSL_read), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown call." .PD .PP -It is therefore recommended, to check the return value of \fISSL_shutdown()\fR -and call \fISSL_shutdown()\fR again, if the bidirectional shutdown is not yet +It is therefore recommended, to check the return value of \fBSSL_shutdown()\fR +and call \fBSSL_shutdown()\fR again, if the bidirectional shutdown is not yet complete (return value of the first call is 0). As the shutdown is not -specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on +specially handled in the SSLv2 protocol, \fBSSL_shutdown()\fR will succeed on the first call. .PP -The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 +The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the handshake step has been finished or an error occurred. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_shutdown()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR. +taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required +nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP -\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +\&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" state but not actually send the \*(L"close notify\*(R" alert messages, -see \fISSL_CTX_set_quiet_shutdown\fR\|(3). -When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed +see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). +When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed and return 1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 -The shutdown is not yet finished. Call \fISSL_shutdown()\fR for a second time, +The shutdown is not yet finished. Call \fBSSL_shutdown()\fR for a second time, if a bidirectional shutdown shall be performed. -The output of \fISSL_get_error\fR\|(3) may be misleading, as an +The output of \fBSSL_get_error\fR\|(3) may be misleading, as an erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. .IP "1" 4 .IX Item "1" @@ -219,12 +227,12 @@ and the peer's \*(L"close notify\*(R" alert was received. The shutdown was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. It can also occur if action is need to continue the operation for non-blocking BIOs. -Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR +Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), -\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3), -\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), -\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3), -\&\fIssl\fR\|(3), \fIbio\fR\|(3) +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBssl\fR\|(3), \fBbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index 5f109ffdf11..cd8c6e52475 100644 --- a/secure/lib/libssl/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_state_string 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,10 +150,10 @@ SSL_state_string, SSL_state_string_long \- get textual description of state of a .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_state_string()\fR returns a 6 letter string indicating the current state +\&\fBSSL_state_string()\fR returns a 6 letter string indicating the current state of the \s-1SSL\s0 object \fBssl\fR. .PP -\&\fISSL_state_string_long()\fR returns a string indicating the current state of +\&\fBSSL_state_string_long()\fR returns a string indicating the current state of the \s-1SSL\s0 object \fBssl\fR. .SH "NOTES" .IX Header "NOTES" @@ -164,10 +168,10 @@ so that SSL_state_string[_long]() may be called. .PP For both blocking or non-blocking sockets, the details state information can be used within the info_callback function set with the -\&\fISSL_set_info_callback()\fR call. +\&\fBSSL_set_info_callback()\fR call. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Detailed description of possible states to be included later. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CTX_set_info_callback\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_CTX_set_info_callback\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index 093efa300d1..99b62c96da3 100644 --- a/secure/lib/libssl/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_want 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,25 +153,25 @@ SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. +\&\fBSSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. .PP The other SSL_want_*() calls are shortcuts for the possible states returned -by \fISSL_want()\fR. +by \fBSSL_want()\fR. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its -return values are similar to that of \fISSL_get_error\fR\|(3). -Unlike \fISSL_get_error\fR\|(3), which also evaluates the +\&\fBSSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its +return values are similar to that of \fBSSL_get_error\fR\|(3). +Unlike \fBSSL_get_error\fR\|(3), which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under non-blocking I/O. Error conditions are not handled and must be treated -using \fISSL_get_error\fR\|(3). +using \fBSSL_get_error\fR\|(3). .PP -The result returned by \fISSL_want()\fR should always be consistent with -the result of \fISSL_get_error\fR\|(3). +The result returned by \fBSSL_want()\fR should always be consistent with +the result of \fBSSL_get_error\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following return values can currently occur for \fISSL_want()\fR: +The following return values can currently occur for \fBSSL_want()\fR: .IP "\s-1SSL_NOTHING\s0" 4 .IX Item "SSL_NOTHING" There is no data to be written or to be read. @@ -175,23 +179,23 @@ There is no data to be written or to be read. .IX Item "SSL_WRITING" There are data in the \s-1SSL\s0 buffer that must be written to the underlying \&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to \fISSL_get_error\fR\|(3) should return +A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_WRITE.\s0 .IP "\s-1SSL_READING\s0" 4 .IX Item "SSL_READING" More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to \fISSL_get_error\fR\|(3) should return +A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_READ.\s0 .IP "\s-1SSL_X509_LOOKUP\s0" 4 .IX Item "SSL_X509_LOOKUP" The operation did not complete because an application callback set by -\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. -A call to \fISSL_get_error\fR\|(3) should return +\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. +A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0 .PP -\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR +\&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, \fBSSL_want_x509_lookup()\fR return 1, when the corresponding condition is true or 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fIerr\fR\|(3), \fISSL_get_error\fR\|(3) +\&\fBssl\fR\|(3), \fBerr\fR\|(3), \fBSSL_get_error\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index 4361d58e7d4..6dab3a423a2 100644 --- a/secure/lib/libssl/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SSL_write 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,58 +149,58 @@ SSL_write \- write bytes to a TLS/SSL connection. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_write()\fR writes \fBnum\fR bytes from the buffer \fBbuf\fR into the specified +\&\fBSSL_write()\fR writes \fBnum\fR bytes from the buffer \fBbuf\fR into the specified \&\fBssl\fR connection. .SH "NOTES" .IX Header "NOTES" -If necessary, \fISSL_write()\fR will negotiate a \s-1TLS/SSL\s0 session, if -not already explicitly performed by \fISSL_connect\fR\|(3) or -\&\fISSL_accept\fR\|(3). If the +If necessary, \fBSSL_write()\fR will negotiate a \s-1TLS/SSL\s0 session, if +not already explicitly performed by \fBSSL_connect\fR\|(3) or +\&\fBSSL_accept\fR\|(3). If the peer requests a re-negotiation, it will be performed transparently during -the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the +the \fBSSL_write()\fR operation. The behaviour of \fBSSL_write()\fR depends on the underlying \s-1BIO.\s0 .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling -\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR -before the first call to an \fISSL_read\fR\|(3) or \fISSL_write()\fR function. +\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR +before the first call to an \fBSSL_read\fR\|(3) or \fBSSL_write()\fR function. .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_write()\fR will only return, once the +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_write()\fR will only return, once the write operation has been finished or an error occurred, except when a renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the -\&\fISSL_CTX_set_mode\fR\|(3) call. +\&\fBSSL_CTX_set_mode\fR\|(3) call. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_write()\fR will also return, -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_write()\fR +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_write()\fR will also return, +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_write()\fR to continue the operation. In this case a call to -\&\fISSL_get_error\fR\|(3) with the -return value of \fISSL_write()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fBSSL_get_error\fR\|(3) with the +return value of \fBSSL_write()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a -call to \fISSL_write()\fR can also cause read operations! The calling process +call to \fBSSL_write()\fR can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the -needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO.\s0 When using a -non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check +needs of \fBSSL_write()\fR. The action depends on the underlying \s-1BIO.\s0 When using a +non-blocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP -\&\fISSL_write()\fR will only return with success, when the complete contents +\&\fBSSL_write()\fR will only return with success, when the complete contents of \fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of -\&\fISSL_CTX_set_mode\fR\|(3). When this flag is set, -\&\fISSL_write()\fR will also return with success, when a partial write has been -successfully completed. In this case the \fISSL_write()\fR operation is considered -completed. The bytes are sent and a new \fISSL_write()\fR operation with a new +\&\fBSSL_CTX_set_mode\fR\|(3). When this flag is set, +\&\fBSSL_write()\fR will also return with success, when a partial write has been +successfully completed. In this case the \fBSSL_write()\fR operation is considered +completed. The bytes are sent and a new \fBSSL_write()\fR operation with a new buffer (with the already sent bytes removed) must be started. A partial write is performed with the size of a message block, which is 16kB for SSLv3/TLSv1. .SH "WARNING" .IX Header "WARNING" -When an \fISSL_write()\fR operation has to be repeated because of +When an \fBSSL_write()\fR operation has to be repeated because of \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated with the same arguments. .PP -When calling \fISSL_write()\fR with num=0 bytes to be sent the behaviour is +When calling \fBSSL_write()\fR with num=0 bytes to be sent the behaviour is undefined. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -209,7 +213,7 @@ bytes actually written to the \s-1TLS/SSL\s0 connection. .IX Item "<= 0" The write operation was not successful, because either the connection was closed, an error occurred or action must be taken by the calling process. -Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. +Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .Sp SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only be detected, whether the underlying connection was closed. It cannot @@ -217,11 +221,11 @@ be checked, why the closure happened. .Sp Old documentation indicated a difference between 0 and \-1, and that \-1 was retryable. -You should instead call \fISSL_get_error()\fR to find out if it's retryable. +You should instead call \fBSSL_get_error()\fR to find out if it's retryable. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_read\fR\|(3), -\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), -\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) -\&\fISSL_set_connect_state\fR\|(3), -\&\fIssl\fR\|(3), \fIbio\fR\|(3) +\&\fBSSL_get_error\fR\|(3), \fBSSL_read\fR\|(3), +\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBssl\fR\|(3), \fBbio\fR\|(3) diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index 8b16ad94a59..2066217e7ab 100644 --- a/secure/lib/libssl/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH d2i_SSL_SESSION 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,27 +150,27 @@ d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 repr .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fId2i_SSL_SESSION()\fR transforms the external \s-1ASN1\s0 representation of an \s-1SSL/TLS\s0 +\&\fBd2i_SSL_SESSION()\fR transforms the external \s-1ASN1\s0 representation of an \s-1SSL/TLS\s0 session, stored as binary data at location \fBpp\fR with length \fBlength\fR, into an \s-1SSL_SESSION\s0 object. .PP -\&\fIi2d_SSL_SESSION()\fR transforms the \s-1SSL_SESSION\s0 object \fBin\fR into the \s-1ASN1\s0 +\&\fBi2d_SSL_SESSION()\fR transforms the \s-1SSL_SESSION\s0 object \fBin\fR into the \s-1ASN1\s0 representation and stores it into the memory location pointed to by \fBpp\fR. The length of the resulting \s-1ASN1\s0 representation is returned. If \fBpp\fR is the \s-1NULL\s0 pointer, only the length is calculated and returned. .SH "NOTES" .IX Header "NOTES" -The \s-1SSL_SESSION\s0 object is built from several \fImalloc()\fRed parts, it can +The \s-1SSL_SESSION\s0 object is built from several \fBmalloc()\fRed parts, it can therefore not be moved, copied or stored directly. In order to store session data on disk or into a database, it must be transformed into a binary \s-1ASN1\s0 representation. .PP -When using \fId2i_SSL_SESSION()\fR, the \s-1SSL_SESSION\s0 object is automatically +When using \fBd2i_SSL_SESSION()\fR, the \s-1SSL_SESSION\s0 object is automatically allocated. The reference count is 1, so that the session must be -explicitly removed using \fISSL_SESSION_free\fR\|(3), +explicitly removed using \fBSSL_SESSION_free\fR\|(3), unless the \s-1SSL_SESSION\s0 object is completely taken over, when being called -inside the \fIget_session_cb()\fR (see -\&\fISSL_CTX_sess_set_get_cb\fR\|(3)). +inside the \fBget_session_cb()\fR (see +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3)). .PP \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. @@ -174,12 +178,12 @@ One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created from this \s-1SSL_CTX\s0 object). .PP -When using \fIi2d_SSL_SESSION()\fR, the memory location pointed to by \fBpp\fR must be +When using \fBi2d_SSL_SESSION()\fR, the memory location pointed to by \fBpp\fR must be large enough to hold the binary representation of the session. There is no known limit on the size of the created \s-1ASN1\s0 representation, so the necessary -amount of space should be obtained by first calling \fIi2d_SSL_SESSION()\fR with +amount of space should be obtained by first calling \fBi2d_SSL_SESSION()\fR with \&\fBpp=NULL\fR, and obtain the size needed, then allocate the memory and -call \fIi2d_SSL_SESSION()\fR again. +call \fBi2d_SSL_SESSION()\fR again. Note that this will advance the value contained in \fB*pp\fR so it is necessary to save a copy of the original allocation. For example: @@ -192,13 +196,13 @@ For example: assert(p+i == temp); .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 +\&\fBd2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 object. In case of failure the NULL-pointer is returned and the error message can be retrieved from the error stack. .PP -\&\fIi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. +\&\fBi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. When the session is not valid, \fB0\fR is returned and no operation is performed. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_SESSION_free\fR\|(3), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3) +\&\fBssl\fR\|(3), \fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index edbb268eebf..d93063554e7 100644 --- a/secure/lib/libssl/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ssl 3 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,25 +149,25 @@ Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s documented here. .PP At first the library must be initialized; see -\&\fISSL_library_init\fR\|(3). +\&\fBSSL_library_init\fR\|(3). .PP Then an \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish -\&\s-1TLS/SSL\s0 enabled connections (see \fISSL_CTX_new\fR\|(3)). +\&\s-1TLS/SSL\s0 enabled connections (see \fBSSL_CTX_new\fR\|(3)). Various options regarding certificates, algorithms etc. can be set in this object. .PP When a network connection has been created, it can be assigned to an \&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using -\&\fISSL_new\fR\|(3), \fISSL_set_fd\fR\|(3) or -\&\fISSL_set_bio\fR\|(3) can be used to associate the network +\&\fBSSL_new\fR\|(3), \fBSSL_set_fd\fR\|(3) or +\&\fBSSL_set_bio\fR\|(3) can be used to associate the network connection with the object. .PP Then the \s-1TLS/SSL\s0 handshake is performed using -\&\fISSL_accept\fR\|(3) or \fISSL_connect\fR\|(3) +\&\fBSSL_accept\fR\|(3) or \fBSSL_connect\fR\|(3) respectively. -\&\fISSL_read\fR\|(3) and \fISSL_write\fR\|(3) are used +\&\fBSSL_read\fR\|(3) and \fBSSL_write\fR\|(3) are used to read and write data on the \s-1TLS/SSL\s0 connection. -\&\fISSL_shutdown\fR\|(3) can be used to shut down the +\&\fBSSL_shutdown\fR\|(3) can be used to shut down the \&\s-1TLS/SSL\s0 connection. .SH "DATA STRUCTURES" .IX Header "DATA STRUCTURES" @@ -239,7 +243,7 @@ protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. .IX Item "const SSL_METHOD *SSLv23_method(void);" Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for clients, servers or both. -See \fISSL_CTX_new\fR\|(3) for details. +See \fBSSL_CTX_new\fR\|(3) for details. .IP "const \s-1SSL_METHOD\s0 *\fBSSLv23_client_method\fR(void);" 4 .IX Item "const SSL_METHOD *SSLv23_client_method(void);" Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for @@ -792,83 +796,83 @@ connection defined in the \fB\s-1SSL\s0\fR structure. .PD .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIopenssl\fR\|(1), \fIcrypto\fR\|(3), -\&\fISSL_accept\fR\|(3), \fISSL_clear\fR\|(3), -\&\fISSL_connect\fR\|(3), -\&\fISSL_CIPHER_get_name\fR\|(3), -\&\fISSL_COMP_add_compression_method\fR\|(3), -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), -\&\fISSL_CTX_add_session\fR\|(3), -\&\fISSL_CTX_ctrl\fR\|(3), -\&\fISSL_CTX_flush_sessions\fR\|(3), -\&\fISSL_CTX_get_ex_new_index\fR\|(3), -\&\fISSL_CTX_get_verify_mode\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3) -\&\fISSL_CTX_new\fR\|(3), -\&\fISSL_CTX_sess_number\fR\|(3), -\&\fISSL_CTX_sess_set_cache_size\fR\|(3), -\&\fISSL_CTX_sess_set_get_cb\fR\|(3), -\&\fISSL_CTX_sessions\fR\|(3), -\&\fISSL_CTX_set_cert_store\fR\|(3), -\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), -\&\fISSL_CTX_set_cipher_list\fR\|(3), -\&\fISSL_CTX_set_client_CA_list\fR\|(3), -\&\fISSL_CTX_set_client_cert_cb\fR\|(3), -\&\fISSL_CTX_set_default_passwd_cb\fR\|(3), -\&\fISSL_CTX_set_generate_session_id\fR\|(3), -\&\fISSL_CTX_set_info_callback\fR\|(3), -\&\fISSL_CTX_set_max_cert_list\fR\|(3), -\&\fISSL_CTX_set_mode\fR\|(3), -\&\fISSL_CTX_set_msg_callback\fR\|(3), -\&\fISSL_CTX_set_options\fR\|(3), -\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), -\&\fISSL_CTX_set_read_ahead\fR\|(3), -\&\fISSL_CTX_set_session_cache_mode\fR\|(3), -\&\fISSL_CTX_set_session_id_context\fR\|(3), -\&\fISSL_CTX_set_ssl_version\fR\|(3), -\&\fISSL_CTX_set_timeout\fR\|(3), -\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), -\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), -\&\fISSL_CTX_set_verify\fR\|(3), -\&\fISSL_CTX_use_certificate\fR\|(3), -\&\fISSL_alert_type_string\fR\|(3), -\&\fISSL_do_handshake\fR\|(3), -\&\fISSL_get_SSL_CTX\fR\|(3), -\&\fISSL_get_ciphers\fR\|(3), -\&\fISSL_get_client_CA_list\fR\|(3), -\&\fISSL_get_default_timeout\fR\|(3), -\&\fISSL_get_error\fR\|(3), -\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), -\&\fISSL_get_ex_new_index\fR\|(3), -\&\fISSL_get_fd\fR\|(3), -\&\fISSL_get_peer_cert_chain\fR\|(3), -\&\fISSL_get_rbio\fR\|(3), -\&\fISSL_get_session\fR\|(3), -\&\fISSL_get_verify_result\fR\|(3), -\&\fISSL_get_version\fR\|(3), -\&\fISSL_library_init\fR\|(3), -\&\fISSL_load_client_CA_file\fR\|(3), -\&\fISSL_new\fR\|(3), -\&\fISSL_pending\fR\|(3), -\&\fISSL_read\fR\|(3), -\&\fISSL_rstate_string\fR\|(3), -\&\fISSL_session_reused\fR\|(3), -\&\fISSL_set_bio\fR\|(3), -\&\fISSL_set_connect_state\fR\|(3), -\&\fISSL_set_fd\fR\|(3), -\&\fISSL_set_session\fR\|(3), -\&\fISSL_set_shutdown\fR\|(3), -\&\fISSL_shutdown\fR\|(3), -\&\fISSL_state_string\fR\|(3), -\&\fISSL_want\fR\|(3), -\&\fISSL_write\fR\|(3), -\&\fISSL_SESSION_free\fR\|(3), -\&\fISSL_SESSION_get_ex_new_index\fR\|(3), -\&\fISSL_SESSION_get_time\fR\|(3), -\&\fId2i_SSL_SESSION\fR\|(3), -\&\fISSL_CTX_set_psk_client_callback\fR\|(3), -\&\fISSL_CTX_use_psk_identity_hint\fR\|(3), -\&\fISSL_get_psk_identity\fR\|(3) +\&\fBopenssl\fR\|(1), \fBcrypto\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_CIPHER_get_name\fR\|(3), +\&\fBSSL_COMP_add_compression_method\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_ctrl\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_CTX_get_ex_new_index\fR\|(3), +\&\fBSSL_CTX_get_verify_mode\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_new\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_sessions\fR\|(3), +\&\fBSSL_CTX_set_cert_store\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fBSSL_CTX_set_generate_session_id\fR\|(3), +\&\fBSSL_CTX_set_info_callback\fR\|(3), +\&\fBSSL_CTX_set_max_cert_list\fR\|(3), +\&\fBSSL_CTX_set_mode\fR\|(3), +\&\fBSSL_CTX_set_msg_callback\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_CTX_set_read_ahead\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +\&\fBSSL_CTX_set_ssl_version\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_alert_type_string\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_get_SSL_CTX\fR\|(3), +\&\fBSSL_get_ciphers\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3), +\&\fBSSL_get_error\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fBSSL_get_ex_new_index\fR\|(3), +\&\fBSSL_get_fd\fR\|(3), +\&\fBSSL_get_peer_cert_chain\fR\|(3), +\&\fBSSL_get_rbio\fR\|(3), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_get_version\fR\|(3), +\&\fBSSL_library_init\fR\|(3), +\&\fBSSL_load_client_CA_file\fR\|(3), +\&\fBSSL_new\fR\|(3), +\&\fBSSL_pending\fR\|(3), +\&\fBSSL_read\fR\|(3), +\&\fBSSL_rstate_string\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_set_bio\fR\|(3), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_set_fd\fR\|(3), +\&\fBSSL_set_session\fR\|(3), +\&\fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), +\&\fBSSL_state_string\fR\|(3), +\&\fBSSL_want\fR\|(3), +\&\fBSSL_write\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_SESSION_get_ex_new_index\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_CTX_set_psk_client_callback\fR\|(3), +\&\fBSSL_CTX_use_psk_identity_hint\fR\|(3), +\&\fBSSL_get_psk_identity\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fIssl\fR\|(3) document appeared in OpenSSL 0.9.2 +The \fBssl\fR\|(3) document appeared in OpenSSL 0.9.2 diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index 9bb6f68cf54..f37ae54c21f 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CA.PL 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -233,7 +237,7 @@ the request and finally create a PKCS#12 file containing it. .SH "DSA CERTIFICATES" .IX Header "DSA CERTIFICATES" Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to -use it with \s-1DSA\s0 certificates and requests using the \fIreq\fR\|(1) command +use it with \s-1DSA\s0 certificates and requests using the \fBreq\fR\|(1) command directly. The following example shows the steps that would typically be taken. .PP Create some \s-1DSA\s0 parameters: @@ -298,5 +302,5 @@ file location to be specified, it should contain the full path to the configuration file, not just its directory. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIreq\fR\|(1), \fIpkcs12\fR\|(1), -\&\fIconfig\fR\|(5) +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBreq\fR\|(1), \fBpkcs12\fR\|(1), +\&\fBconfig\fR\|(5) diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index 1cecd2bc794..3660eefe4cf 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ASN1PARSE 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -200,7 +204,7 @@ option can be used multiple times to \*(L"drill down\*(R" into a nested structur .IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4 .IX Item "-genstr string, -genconf file" generate encoded data based on \fBstring\fR, \fBfile\fR or both using -\&\fIASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is +\&\fBASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is present then the string is obtained from the default section using the name \&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as though it came from a file, the contents can thus be examined and written to a @@ -308,4 +312,4 @@ There should be options to change the format of output lines. The output of some \&\s-1ASN.1\s0 types is not well handled (if at all). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIASN1_generate_nconf\fR\|(3) +\&\fBASN1_generate_nconf\fR\|(3) diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index 6a101db57bb..94154b572a4 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CA 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -256,7 +260,7 @@ self-signed certificate. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-verbose\fR" 4 .IX Item "-verbose" this prints extra details about the operations being performed. @@ -316,8 +320,8 @@ the section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to \fBx509_extensions\fR unless the \fB\-extfile\fR option is used). If no extension section is present then, a V1 certificate is created. If the extension section -is present (even if it is empty), then a V3 certificate is created. See the:w -\&\fIx509v3_config\fR\|(5) manual page for details of the +is present (even if it is empty), then a V3 certificate is created. See the +\&\fBx509v3_config\fR\|(5) manual page for details of the extension section format. .IP "\fB\-extfile file\fR" 4 .IX Item "-extfile file" @@ -402,7 +406,7 @@ created, if the \s-1CRL\s0 extension section is present (even if it is empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are \&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted that some software (for example Netscape) can't handle V2 CRLs. See -\&\fIx509v3_config\fR\|(5) manual page for details of the +\&\fBx509v3_config\fR\|(5) manual page for details of the extension section format. .SH "CONFIGURATION FILE OPTIONS" .IX Header "CONFIGURATION FILE OPTIONS" @@ -452,7 +456,7 @@ same as the \fB\-keyfile\fR option. The file containing the .IP "\fB\s-1RANDFILE\s0\fR" 4 .IX Item "RANDFILE" a file used to read and write random number seed information, or -an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). .IP "\fBdefault_days\fR" 4 .IX Item "default_days" the same as the \fB\-days\fR option. The number of days to certify @@ -755,5 +759,5 @@ For example if the \s-1CA\s0 certificate has: then even if a certificate is issued with \s-1CA:TRUE\s0 it will not be valid. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIreq\fR\|(1), \fIspkac\fR\|(1), \fIx509\fR\|(1), \s-1\fICA\s0.pl\fR\|(1), -\&\fIconfig\fR\|(5), \fIx509v3_config\fR\|(5) +\&\fBreq\fR\|(1), \fBspkac\fR\|(1), \fBx509\fR\|(1), \s-1\fBCA\s0.pl\fR\|(1), +\&\fBconfig\fR\|(5), \fBx509v3_config\fR\|(5) diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index e466f41e524..5442a726c3b 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CIPHERS 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -720,7 +724,7 @@ encryption. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIssl\fR\|(3) +\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBssl\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1COMPLENTOFALL\s0\fR and \fB\s-1COMPLEMENTOFDEFAULT\s0\fR selection options diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1 index cce68090f1f..412456326f2 100644 --- a/secure/usr.bin/openssl/man/cms.1 +++ b/secure/usr.bin/openssl/man/cms.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS 1" -.TH CMS 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CMS 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -355,7 +359,7 @@ default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). .IX Item "-[cipher]" the encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the -\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for example \fB\-aes_128_cbc\fR. See \fBenc\fR for a list of ciphers supported by your version of OpenSSL. .Sp @@ -480,11 +484,11 @@ or to modify default parameters for \s-1ECDH.\s0 .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. @@ -548,7 +552,7 @@ tried whether they succeed or not and if no recipients match the message is \*(L"decrypted\*(R" using a random key which will typically output garbage. The \fB\-debug_decrypt\fR option can be used to disable the \s-1MMA\s0 attack protection and return an error if no recipient can be found: this option should be used -with caution. For a fuller description see \fICMS_decrypt\fR\|(3)). +with caution. For a fuller description see \fBCMS_decrypt\fR\|(3)). .SH "EXIT CODES" .IX Header "EXIT CODES" .IP "0" 4 diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 7f420343eb6..b509e7ebc51 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CRL 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -181,7 +185,7 @@ print out the \s-1CRL\s0 in text form. .IP "\fB\-nameopt option\fR" 4 .IX Item "-nameopt option" option which determines how the subject or issuer names are displayed. See -the description of \fB\-nameopt\fR in \fIx509\fR\|(1). +the description of \fB\-nameopt\fR in \fBx509\fR\|(1). .IP "\fB\-noout\fR" 4 .IX Item "-noout" don't output the encoded version of the \s-1CRL.\s0 @@ -239,4 +243,4 @@ Ideally it should be possible to create a \s-1CRL\s0 using appropriate options and files too. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrl2pkcs7\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1) +\&\fBcrl2pkcs7\fR\|(1), \fBca\fR\|(1), \fBx509\fR\|(1) diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index 9e0ff7415d5..5de8f387a80 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH CRL2PKCS7 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -209,4 +213,4 @@ The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can b install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIpkcs7\fR\|(1) +\&\fBpkcs7\fR\|(1) diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index af3ecf9e1fc..7916c0f7c56 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DGST 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -213,7 +217,7 @@ Names and values of these options are algorithm-specific. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-verify filename\fR" 4 .IX Item "-verify filename" verify the signature using the public key in \*(L"filename\*(R". @@ -255,7 +259,7 @@ for example exactly 32 chars for gost-mac. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index cbf0089864f..7701ef6be43 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DHPARAM 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -201,7 +205,7 @@ default generator 2. .IP "\fB\-rand\fR \fIfile(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. @@ -252,7 +256,7 @@ This program manipulates \s-1DH\s0 parameters not keys. There should be a way to generate and manipulate \s-1DH\s0 keys. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsaparam\fR\|(1) +\&\fBdsaparam\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The \fBdhparam\fR command was added in OpenSSL 0.9.5. diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index 49e396bee1a..a6d73be85b4 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSA 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -192,7 +196,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output by @@ -202,7 +206,7 @@ filename. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 .IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" These options encrypt the private key with the specified @@ -284,5 +288,5 @@ To just output the public part of a private key: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsaparam\fR\|(1), \fIgendsa\fR\|(1), \fIrsa\fR\|(1), -\&\fIgenrsa\fR\|(1) +\&\fBdsaparam\fR\|(1), \fBgendsa\fR\|(1), \fBrsa\fR\|(1), +\&\fBgenrsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index b7f558b625c..a084c30ed0a 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH DSAPARAM 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -185,7 +189,7 @@ this option prints out the \s-1DSA\s0 parameters in human readable form. .IP "\fB\-C\fR" 4 .IX Item "-C" this option converts the parameters into C code. The parameters can then -be loaded by calling the \fB\f(BIget_dsaXXX()\fB\fR function. +be loaded by calling the \fB\fBget_dsaXXX()\fB\fR function. .IP "\fB\-genkey\fR" 4 .IX Item "-genkey" this option will generate a \s-1DSA\s0 either using the specified or generated @@ -193,7 +197,7 @@ parameters. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. @@ -221,5 +225,5 @@ for all available algorithms. \&\s-1DSA\s0 parameters is often used to generate several distinct keys. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgendsa\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIrsa\fR\|(1) +\&\fBgendsa\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBrsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index 6f4a2280de9..c9b6876f564 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH EC 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -186,7 +190,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output by @@ -196,7 +200,7 @@ filename. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-des|\-des3|\-idea\fR" 4 .IX Item "-des|-des3|-idea" These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or @@ -303,7 +307,7 @@ To change the point conversion form to \fBcompressed\fR: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIecparam\fR\|(1), \fIdsa\fR\|(1), \fIrsa\fR\|(1) +\&\fBecparam\fR\|(1), \fBdsa\fR\|(1), \fBrsa\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The ec command was first introduced in OpenSSL 0.9.8. diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index 75057b9af7a..7c421062123 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ECPARAM 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -189,7 +193,7 @@ This option prints out the \s-1EC\s0 parameters in human readable form. .IP "\fB\-C\fR" 4 .IX Item "-C" This option converts the \s-1EC\s0 parameters into C code. The parameters can then -be loaded by calling the \fB\f(BIget_ec_group_XXX()\fB\fR function. +be loaded by calling the \fB\fBget_ec_group_XXX()\fB\fR function. .IP "\fB\-check\fR" 4 .IX Item "-check" Validate the elliptic curve parameters. @@ -229,7 +233,7 @@ This option will generate a \s-1EC\s0 private key using the specified parameters .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. @@ -289,7 +293,7 @@ To print out the \s-1EC\s0 parameters to standard output: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIec\fR\|(1), \fIdsaparam\fR\|(1) +\&\fBec\fR\|(1), \fBdsaparam\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The ecparam command was first introduced in OpenSSL 0.9.8. diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index aa061512117..50597ce2758 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ENC 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,7 +184,7 @@ the output filename, standard output by default. .IP "\fB\-pass arg\fR" 4 .IX Item "-pass arg" the password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-salt\fR" 4 .IX Item "-salt" use a salt in the key derivation routines. This is the default. diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index 8471f7e1a07..71559846c1e 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH ERRSTR 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,6 +171,6 @@ to produce the error message: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), -\&\fIERR_load_crypto_strings\fR\|(3), -\&\fISSL_load_error_strings\fR\|(3) +\&\fBerr\fR\|(3), +\&\fBERR_load_crypto_strings\fR\|(3), +\&\fBSSL_load_error_strings\fR\|(3) diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index ddf4928d5c2..bd2e416bfd0 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH GENDSA 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +171,7 @@ If none of these options is specified no encryption is used. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. @@ -188,5 +192,5 @@ and examined using the \fBopenssl dsaparam\fR command. much quicker that \s-1RSA\s0 key generation for example. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsaparam\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIrsa\fR\|(1) +\&\fBdsaparam\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBrsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1 index e2e8dab22d2..00971aaad5f 100644 --- a/secure/usr.bin/openssl/man/genpkey.1 +++ b/secure/usr.bin/openssl/man/genpkey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENPKEY 1" -.TH GENPKEY 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH GENPKEY 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,11 +169,11 @@ This specifies the output format \s-1DER\s0 or \s-1PEM.\s0 The default format is .IP "\fB\-pass arg\fR" 4 .IX Item "-pass arg" The output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-\f(BIcipher\fB\fR" 4 .IX Item "-cipher" This option encrypts the private key with the supplied cipher. Any algorithm -name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" Specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index 790c2c149cd..5be73ebbb09 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH GENRSA 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +179,7 @@ standard output is used. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-aes128|\-aes192|\-aes256|\-aria128|\-aria192|\-aria256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 .IX Item "-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" These options encrypt the private key with specified @@ -188,7 +192,7 @@ the public exponent to use, either 65537 or 3. The default is 65537. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by an OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. @@ -221,7 +225,7 @@ private keys this will not matter because for security reasons they will be much larger (typically 1024 bits). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgendsa\fR\|(1) +\&\fBgendsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index f587695dfcd..20d2088a67e 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH NSEQ 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index c58a54ed95d..bb4907cf76a 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH OCSP 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index ea13404ef9b..6c6bb011293 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH OPENSSL 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -441,22 +445,22 @@ send the data via a pipe for example. read the password from standard input. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIasn1parse\fR\|(1), \fIca\fR\|(1), \fIconfig\fR\|(5), -\&\fIcrl\fR\|(1), \fIcrl2pkcs7\fR\|(1), \fIdgst\fR\|(1), -\&\fIdhparam\fR\|(1), \fIdsa\fR\|(1), \fIdsaparam\fR\|(1), -\&\fIenc\fR\|(1), \fIgendsa\fR\|(1), \fIgenpkey\fR\|(1), -\&\fIgenrsa\fR\|(1), \fInseq\fR\|(1), \fIopenssl\fR\|(1), -\&\fIpasswd\fR\|(1), -\&\fIpkcs12\fR\|(1), \fIpkcs7\fR\|(1), \fIpkcs8\fR\|(1), -\&\fIrand\fR\|(1), \fIreq\fR\|(1), \fIrsa\fR\|(1), -\&\fIrsautl\fR\|(1), \fIs_client\fR\|(1), -\&\fIs_server\fR\|(1), \fIs_time\fR\|(1), -\&\fIsmime\fR\|(1), \fIspkac\fR\|(1), -\&\fIverify\fR\|(1), \fIversion\fR\|(1), \fIx509\fR\|(1), -\&\fIcrypto\fR\|(3), \fIssl\fR\|(3), \fIx509v3_config\fR\|(5) +\&\fBasn1parse\fR\|(1), \fBca\fR\|(1), \fBconfig\fR\|(5), +\&\fBcrl\fR\|(1), \fBcrl2pkcs7\fR\|(1), \fBdgst\fR\|(1), +\&\fBdhparam\fR\|(1), \fBdsa\fR\|(1), \fBdsaparam\fR\|(1), +\&\fBenc\fR\|(1), \fBgendsa\fR\|(1), \fBgenpkey\fR\|(1), +\&\fBgenrsa\fR\|(1), \fBnseq\fR\|(1), \fBopenssl\fR\|(1), +\&\fBpasswd\fR\|(1), +\&\fBpkcs12\fR\|(1), \fBpkcs7\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBrand\fR\|(1), \fBreq\fR\|(1), \fBrsa\fR\|(1), +\&\fBrsautl\fR\|(1), \fBs_client\fR\|(1), +\&\fBs_server\fR\|(1), \fBs_time\fR\|(1), +\&\fBsmime\fR\|(1), \fBspkac\fR\|(1), +\&\fBverify\fR\|(1), \fBversion\fR\|(1), \fBx509\fR\|(1), +\&\fBcrypto\fR\|(3), \fBssl\fR\|(3), \fBx509v3_config\fR\|(5) .SH "HISTORY" .IX Header "HISTORY" -The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2. +The \fBopenssl\fR\|(1) document appeared in OpenSSL 0.9.2. The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-commands\fR pseudo-commands were added in OpenSSL 0.9.3; The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-algorithms\fR pseudo-commands were added in OpenSSL 1.0.0; the \fBno\-\fR\fI\s-1XXX\s0\fR pseudo-commands were added in OpenSSL 0.9.5a. diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index 08469860421..41d285a6e68 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PASSWD 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index 5ab2c367b3d..3970291e085 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKCS12 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -196,12 +200,12 @@ default. They are all written in \s-1PEM\s0 format. .IX Item "-passin arg" the PKCS#12 file (i.e. input file) password source. For more information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in -\&\fIopenssl\fR\|(1). +\&\fBopenssl\fR\|(1). .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" pass phrase source to encrypt any outputted private keys with. For more information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section -in \fIopenssl\fR\|(1). +in \fBopenssl\fR\|(1). .IP "\fB\-password arg\fR" 4 .IX Item "-password arg" With \-export, \-password is equivalent to \-passout. @@ -289,12 +293,12 @@ displays them. .IX Item "-pass arg, -passout arg" the PKCS#12 file (i.e. output file) password source. For more information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in -\&\fIopenssl\fR\|(1). +\&\fBopenssl\fR\|(1). .IP "\fB\-passin password\fR" 4 .IX Item "-passin password" pass phrase source to decrypt any input private keys with. For more information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in -\&\fIopenssl\fR\|(1). +\&\fBopenssl\fR\|(1). .IP "\fB\-chain\fR" 4 .IX Item "-chain" if this option is present then an attempt is made to include the entire @@ -353,7 +357,7 @@ don't attempt to provide the \s-1MAC\s0 integrity. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. @@ -456,4 +460,4 @@ file from the keys and certificates using a newer version of OpenSSL. For exampl .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIpkcs8\fR\|(1) +\&\fBpkcs8\fR\|(1) diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index eed68cb5639..999e8a6c669 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKCS7 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -224,4 +228,4 @@ This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrl2pkcs7\fR\|(1) +\&\fBcrl2pkcs7\fR\|(1) diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index 27150d17a6c..32c483be832 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKCS8 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,7 +191,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output by @@ -197,7 +201,7 @@ filename. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-nocrypt\fR" 4 .IX Item "-nocrypt" PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo @@ -365,5 +369,5 @@ key format for OpenSSL: for compatibility several of the utilities use the old format at present. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1) +\&\fBdsa\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1 index 4b1e59d770a..eb8dccfec2a 100644 --- a/secure/usr.bin/openssl/man/pkey.1 +++ b/secure/usr.bin/openssl/man/pkey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEY 1" -.TH PKEY 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKEY 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,7 +178,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output if this @@ -184,11 +188,11 @@ filename. .IP "\fB\-passout password\fR" 4 .IX Item "-passout password" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-cipher\fR" 4 .IX Item "-cipher" These options encrypt the private key with the supplied cipher. Any algorithm -name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. .IP "\fB\-text\fR" 4 .IX Item "-text" prints out the various public or private key components in @@ -253,5 +257,5 @@ To just output the public part of a private key: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgenpkey\fR\|(1), \fIrsa\fR\|(1), \fIpkcs8\fR\|(1), -\&\fIdsa\fR\|(1), \fIgenrsa\fR\|(1), \fIgendsa\fR\|(1) +\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1 index cecf7dffe30..495b19563c9 100644 --- a/secure/usr.bin/openssl/man/pkeyparam.1 +++ b/secure/usr.bin/openssl/man/pkeyparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYPARAM 1" -.TH PKEYPARAM 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKEYPARAM 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -184,5 +188,5 @@ There are no \fB\-inform\fR or \fB\-outform\fR options for this command because \&\s-1PEM\s0 format is supported because the key type is determined by the \s-1PEM\s0 headers. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgenpkey\fR\|(1), \fIrsa\fR\|(1), \fIpkcs8\fR\|(1), -\&\fIdsa\fR\|(1), \fIgenrsa\fR\|(1), \fIgendsa\fR\|(1) +\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1 index 1b6373add60..ed97faceca7 100644 --- a/secure/usr.bin/openssl/man/pkeyutl.1 +++ b/secure/usr.bin/openssl/man/pkeyutl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYUTL 1" -.TH PKEYUTL 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH PKEYUTL 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -184,7 +188,7 @@ the key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0 .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-peerkey file\fR" 4 .IX Item "-peerkey file" the peer key file, used by key derivation (agreement) operations. @@ -242,7 +246,7 @@ and its implementation. The OpenSSL operations and options are indicated below. Unless otherwise mentioned all algorithms support the \fBdigest:alg\fR option which specifies the digest in use for sign, verify and verifyrecover operations. The value \fBalg\fR should represent a digest name as used in the -\&\fIEVP_get_digestbyname()\fR function for example \fBsha1\fR. +\&\fBEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is used only for sanity-checking the lengths of data passed in to the \fBpkeyutl\fR and for creating the structures that make up the signature (e.g. \fBDigestInfo\fR in \s-1RSASSA\s0 PKCS#1 v1.5 signatures). @@ -335,5 +339,5 @@ Derive a shared secret value: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgenpkey\fR\|(1), \fIpkey\fR\|(1), \fIrsautl\fR\|(1) -\&\fIdgst\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1) +\&\fBgenpkey\fR\|(1), \fBpkey\fR\|(1), \fBrsautl\fR\|(1) +\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index 17419c4bdc0..7ee35794a10 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RAND 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,7 +164,7 @@ seeding was obtained from these sources. Write to \fIfile\fR instead of standard output. .IP "\fB\-rand\fR \fIfile(s)\fR" 4 .IX Item "-rand file(s)" -Use specified file or files or \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)) +Use specified file or files or \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)) for seeding the random number generator. Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for @@ -173,4 +177,4 @@ Perform base64 encoding on the output. Show the output as a hex string. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRAND_bytes\fR\|(3) +\&\fBRAND_bytes\fR\|(3) diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index 84188b17135..e6b22263bdb 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH REQ 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -204,7 +208,7 @@ options (\fB\-new\fR and \fB\-newkey\fR) are not specified. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write to or standard output by @@ -212,7 +216,7 @@ default. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-text\fR" 4 .IX Item "-text" prints out the certificate request in text form. @@ -251,7 +255,7 @@ characters may be escaped by \e (backslash), no spaces are skipped. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. @@ -372,7 +376,7 @@ configuration file, must be valid \s-1UTF8\s0 strings. option which determines how the subject or issuer names are displayed. The \&\fBoption\fR argument can be a single option or multiple options separated by commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to -set multiple options. See the \fIx509\fR\|(1) manual page for details. +set multiple options. See the \fBx509\fR\|(1) manual page for details. .IP "\fB\-reqopt\fR" 4 .IX Item "-reqopt" customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be @@ -459,7 +463,7 @@ and long names are the same when this option is used. .IP "\fB\s-1RANDFILE\s0\fR" 4 .IX Item "RANDFILE" This specifies a filename in which random number seed information is -placed and read from, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +placed and read from, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). It is used for private key generation. .IP "\fBencrypt_key\fR" 4 .IX Item "encrypt_key" @@ -488,7 +492,7 @@ problems with BMPStrings and UTF8Strings: in particular Netscape. this specifies the configuration file section containing a list of extensions to add to the certificate request. It can be overridden by the \fB\-reqexts\fR command line switch. See the -\&\fIx509v3_config\fR\|(5) manual page for details of the +\&\fBx509v3_config\fR\|(5) manual page for details of the extension section format. .IP "\fBx509_extensions\fR" 4 .IX Item "x509_extensions" @@ -765,6 +769,6 @@ statically defined in the configuration file. Some of these: like an email address in subjectAltName should be input by the user. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1), \fIconfig\fR\|(5), -\&\fIx509v3_config\fR\|(5) +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1), \fBconfig\fR\|(5), +\&\fBx509v3_config\fR\|(5) diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 46ed6a285dd..b8828b1017f 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSA 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,7 +198,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output if this @@ -204,7 +208,7 @@ filename. .IP "\fB\-passout password\fR" 4 .IX Item "-passout password" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-sgckey\fR" 4 .IX Item "-sgckey" use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0 @@ -329,5 +333,5 @@ There should be an option that automatically handles .key files, without having to manually edit them. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIpkcs8\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1) +\&\fBpkcs8\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index ce4459cf15a..a0545a3d35f 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH RSAUTL 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -310,4 +314,4 @@ and its digest computed with: which it can be seen agrees with the recovered value above. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdgst\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1) +\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index c55d12aba74..33736de5383 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH S_CLIENT 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -220,7 +224,7 @@ The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. .IP "\fB\-pass arg\fR" 4 .IX Item "-pass arg" the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-verify depth\fR" 4 .IX Item "-verify depth" The verify depth to use. This specifies the maximum length of the @@ -324,7 +328,7 @@ option enables various workarounds. .IX Item "-sigalgs sigalglist" Specifies the list of signature algorithms that are sent by the client. The server selects one entry in the list based on its preferences. -For example strings, see \fISSL_CTX_set1_sigalgs\fR\|(3) +For example strings, see \fBSSL_CTX_set1_sigalgs\fR\|(3) .IP "\fB\-curves curvelist\fR" 4 .IX Item "-curves curvelist" Specifies the list of supported curves to be sent by the client. The curve is @@ -369,7 +373,7 @@ for all available algorithms. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. @@ -463,7 +467,7 @@ The \fB\-prexit\fR option is a bit of a hack. We should really report information whenever a session is renegotiated. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIsess_id\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1) +\&\fBsess_id\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The \-no_alt_chains options was first added to OpenSSL 1.0.2b. diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index 86f730f3492..ab0f9d32fb0 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH S_SERVER 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -231,7 +235,7 @@ The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. .IP "\fB\-pass arg\fR" 4 .IX Item "-pass arg" the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4 .IX Item "-dcert filename, -dkey keyname" specify an additional certificate and private key, these behave in the @@ -401,7 +405,7 @@ IDs (eg. with a certain prefix). .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. @@ -498,7 +502,7 @@ There should be a way for the \fBs_server\fR program to print out details of any unknown cipher suites a client says it supports. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIsess_id\fR\|(1), \fIs_client\fR\|(1), \fIciphers\fR\|(1) +\&\fBsess_id\fR\|(1), \fBs_client\fR\|(1), \fBciphers\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The \-no_alt_chains options was first added to OpenSSL 1.0.2b. diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 25fa64d6eaf..81776ad0e18 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH S_TIME 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -216,7 +220,7 @@ these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By the initial handshake uses a method which should be compatible with all servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. The timing program is not as rich in options to turn protocols on and off as -the \fIs_client\fR\|(1) program and may not connect to all servers. +the \fBs_client\fR\|(1) program and may not connect to all servers. .Sp Unfortunately there are a lot of ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only @@ -231,7 +235,7 @@ option enables various workarounds. this allows the cipher list sent by the client to be modified. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. -See the \fIciphers\fR\|(1) command for more information. +See the \fBciphers\fR\|(1) command for more information. .IP "\fB\-time length\fR" 4 .IX Item "-time length" specifies how long (in seconds) \fBs_time\fR should establish connections and @@ -247,7 +251,7 @@ To connect to an \s-1SSL HTTP\s0 server and get the default page the command .Ve .PP would typically be used (https uses port 443). 'commoncipher' is a cipher to -which both client and server can agree, see the \fIciphers\fR\|(1) command +which both client and server can agree, see the \fBciphers\fR\|(1) command for details. .PP If the handshake fails then there are several possible causes, if it is @@ -260,10 +264,10 @@ A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it -requests a certificate. By using \fIs_client\fR\|(1) the \s-1CA\s0 list can be +requests a certificate. By using \fBs_client\fR\|(1) the \s-1CA\s0 list can be viewed and checked. However some servers only request client authentication after a specific \s-1URL\s0 is requested. To obtain the list in this case it -is necessary to use the \fB\-prexit\fR option of \fIs_client\fR\|(1) and +is necessary to use the \fB\-prexit\fR option of \fBs_client\fR\|(1) and send an \s-1HTTP\s0 request for an appropriate page. .PP If a certificate is specified on the command line using the \fB\-cert\fR @@ -273,11 +277,11 @@ on the command line is no guarantee that the certificate works. .SH "BUGS" .IX Header "BUGS" Because this program does not have all the options of the -\&\fIs_client\fR\|(1) program to turn protocols on and off, you may not be +\&\fBs_client\fR\|(1) program to turn protocols on and off, you may not be able to measure the performance of all protocols with all servers. .PP The \fB\-verify\fR option should really exit if the server verification fails. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1) +\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1) diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index 4767cc510a5..d402e1fb78d 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SESS_ID 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -252,4 +256,4 @@ however strongly discouraged and should only be used for debugging purposes. The cipher and start time should be printed out in human readable form. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIciphers\fR\|(1), \fIs_server\fR\|(1) +\&\fBciphers\fR\|(1), \fBs_server\fR\|(1) diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index 04e96a0fb31..4b938b25bdc 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SMIME 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -270,7 +274,7 @@ default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). .IX Item "-[cipher]" the encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR, triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR, -\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for example \fB\-aes_128_cbc\fR. See \fBenc\fR for list of ciphers supported by your version of OpenSSL. .Sp @@ -339,11 +343,11 @@ multiple times to specify successive keys. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +generator, or an \s-1EGD\s0 socket (see \fBRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index 4d5466e967a..b74b33dcd49 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SPEED 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index dc6e2c4686d..362f1b36a6e 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH SPKAC 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,7 +178,7 @@ present. .IP "\fB\-passin password\fR" 4 .IX Item "-passin password" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-challenge string\fR" 4 .IX Item "-challenge string" specifies the challenge string if an \s-1SPKAC\s0 is being created. @@ -250,4 +254,4 @@ some applications. Without this it is possible for a previous \s-1SPKAC\s0 to be used in a \*(L"replay attack\*(R". .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIca\fR\|(1) +\&\fBca\fR\|(1) diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1 index e3371495809..43085501d86 100644 --- a/secure/usr.bin/openssl/man/ts.1 +++ b/secure/usr.bin/openssl/man/ts.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TS 1" -.TH TS 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH TS 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -299,7 +303,7 @@ The name of the file containing a \s-1DER\s0 encoded time stamp request. (Option .IP "\fB\-passin\fR password_src" 4 .IX Item "-passin password_src" Specifies the password source for the private key of the \s-1TSA.\s0 See -\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional) +\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fBopenssl\fR\|(1). (Optional) .IP "\fB\-signer\fR tsa_cert.pem" 4 .IX Item "-signer tsa_cert.pem" The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing @@ -390,13 +394,13 @@ of a time stamp response (TimeStampResp). (Optional) .IP "\fB\-CApath\fR trusted_cert_path" 4 .IX Item "-CApath trusted_cert_path" The name of the directory containing the trused \s-1CA\s0 certificates of the -client. See the similar option of \fIverify\fR\|(1) for additional +client. See the similar option of \fBverify\fR\|(1) for additional details. Either this option or \fB\-CAfile\fR must be specified. (Optional) .IP "\fB\-CAfile\fR trusted_certs.pem" 4 .IX Item "-CAfile trusted_certs.pem" The name of the file containing a set of trusted self-signed \s-1CA\s0 certificates in \s-1PEM\s0 format. See the similar option of -\&\fIverify\fR\|(1) for additional details. Either this option +\&\fBverify\fR\|(1) for additional details. Either this option or \fB\-CApath\fR must be specified. (Optional) .IP "\fB\-untrusted\fR cert_file.pem" 4 @@ -409,7 +413,7 @@ all intermediate \s-1CA\s0 certificates unless the response includes them. .SH "CONFIGURATION FILE OPTIONS" .IX Header "CONFIGURATION FILE OPTIONS" The \fB\-query\fR and \fB\-reply\fR commands make use of a configuration file -defined by the \fB\s-1OPENSSL_CONF\s0\fR environment variable. See \fIconfig\fR\|(5) +defined by the \fB\s-1OPENSSL_CONF\s0\fR environment variable. See \fBconfig\fR\|(5) for a general description of the syntax of the config file. The \&\fB\-query\fR command uses only the symbolic \s-1OID\s0 names section and it can work without it. However, the \fB\-reply\fR command needs the @@ -424,13 +428,13 @@ that contains all the options for the \fB\-reply\fR command. This default section can be overridden with the \fB\-section\fR command line switch. (Optional) .IP "\fBoid_file\fR" 4 .IX Item "oid_file" -See \fIca\fR\|(1) for description. (Optional) +See \fBca\fR\|(1) for description. (Optional) .IP "\fBoid_section\fR" 4 .IX Item "oid_section" -See \fIca\fR\|(1) for description. (Optional) +See \fBca\fR\|(1) for description. (Optional) .IP "\fB\s-1RANDFILE\s0\fR" 4 .IX Item "RANDFILE" -See \fIca\fR\|(1) for description. (Optional) +See \fBca\fR\|(1) for description. (Optional) .IP "\fBserial\fR" 4 .IX Item "serial" The name of the file containing the hexadecimal serial number of the @@ -548,8 +552,8 @@ Before generating a response a signing certificate must be created for the \s-1TSA\s0 that contains the \fBtimeStamping\fR critical extended key usage extension without any other key usage extensions. You can add the \&'extendedKeyUsage = critical,timeStamping' line to the user certificate section -of the config file to generate a proper certificate. See \fIreq\fR\|(1), -\&\fIca\fR\|(1), \fIx509\fR\|(1) for instructions. The examples +of the config file to generate a proper certificate. See \fBreq\fR\|(1), +\&\fBca\fR\|(1), \fBx509\fR\|(1) for instructions. The examples below assume that cacert.pem contains the certificate of the \s-1CA,\s0 tsacert.pem is the signing certificate issued by cacert.pem and tsakey.pem is the private key of the \s-1TSA.\s0 @@ -628,14 +632,14 @@ If you find any bugs or you have suggestions please write to Zoltan Glozik . Known issues: .IP "\(bu" 4 No support for time stamps over \s-1SMTP,\s0 though it is quite easy -to implement an automatic e\-mail based \s-1TSA\s0 with \fIprocmail\fR\|(1) -and \fIperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of +to implement an automatic e\-mail based \s-1TSA\s0 with \fBprocmail\fR\|(1) +and \fBperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of a separate apache module. \s-1HTTP\s0 client support is provided by -\&\fItsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported. +\&\fBtsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported. .IP "\(bu" 4 The file containing the last serial number of the \s-1TSA\s0 is not locked when being read or written. This is a problem if more than one -instance of \fIopenssl\fR\|(1) is trying to create a time stamp +instance of \fBopenssl\fR\|(1) is trying to create a time stamp response at the same time. This is not an issue when using the apache server module, it does proper locking. .IP "\(bu" 4 @@ -650,6 +654,6 @@ test/testtsa). Zoltan Glozik , OpenTSA project (http://www.opentsa.org) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fItsget\fR\|(1), \fIopenssl\fR\|(1), \fIreq\fR\|(1), -\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIconfig\fR\|(5) +\&\fBtsget\fR\|(1), \fBopenssl\fR\|(1), \fBreq\fR\|(1), +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBconfig\fR\|(5) diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1 index 0d4a6713c86..f6feeef665a 100644 --- a/secure/usr.bin/openssl/man/tsget.1 +++ b/secure/usr.bin/openssl/man/tsget.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TSGET 1" -.TH TSGET 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH TSGET 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,7 +162,7 @@ tsget \- Time Stamping HTTP/HTTPS client The \fBtsget\fR command can be used for sending a time stamp request, as specified in \fB\s-1RFC 3161\s0\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing the time stamp response in a file. This tool cannot be used for creating the -requests and verifying responses, you can use the OpenSSL \fB\f(BIts\fB\|(1)\fR command to +requests and verifying responses, you can use the OpenSSL \fB\fBts\fB\|(1)\fR command to do that. \fBtsget\fR can send several requests to the server without closing the \s-1TCP\s0 connection if more than one requests are specified on the command line. @@ -313,5 +317,5 @@ example: Zoltan Glozik , OpenTSA project (http://www.opentsa.org) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIopenssl\fR\|(1), \fIts\fR\|(1), \fIcurl\fR\|(1), +\&\fBopenssl\fR\|(1), \fBts\fR\|(1), \fBcurl\fR\|(1), \&\fB\s-1RFC 3161\s0\fR diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 588baf1ccbb..aa8a35854d5 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH VERIFY 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -507,7 +511,7 @@ Previous versions of this documentation swapped the meaning of the \&\fB20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIx509\fR\|(1) +\&\fBx509\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The \-no_alt_chains options was first added to OpenSSL 1.0.2b. diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 6d9807dcb2a..ec0d50fb410 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH VERSION 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index 5e410e80fae..849673f70b6 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -407,7 +411,7 @@ the request. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). .IP "\fB\-clrext\fR" 4 .IX Item "-clrext" delete any extensions from a certificate. This option is used when a @@ -481,7 +485,7 @@ the section to add certificate extensions from. If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called \&\*(L"extensions\*(R" which contains the section to use. See the -\&\fIx509v3_config\fR\|(5) manual page for details of the +\&\fBx509v3_config\fR\|(5) manual page for details of the extension section format. .IP "\fB\-force_pubkey key\fR" 4 .IX Item "-force_pubkey key" @@ -882,9 +886,9 @@ than the current behaviour. It is hoped that it will represent reality in OpenSSL 0.9.5 and later. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1), \fIverify\fR\|(1), -\&\fIx509v3_config\fR\|(5) +\&\fBreq\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1), \fBverify\fR\|(1), +\&\fBx509v3_config\fR\|(5) .SH "HISTORY" .IX Header "HISTORY" Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5.\s0 diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1 index b1ffc6cfa24..09b68424d5d 100644 --- a/secure/usr.bin/openssl/man/x509v3_config.1 +++ b/secure/usr.bin/openssl/man/x509v3_config.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 1" -.TH X509V3_CONFIG 1 "2018-11-20" "1.0.2q" "OpenSSL" +.TH X509V3_CONFIG 1 "2019-02-26" "1.0.2r" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -316,7 +320,7 @@ prefacing the name with a \fB+\fR character. .PP otherName can include arbitrary data associated with an \s-1OID:\s0 the value should be the \s-1OID\s0 followed by a semicolon and the content in standard -\&\fIASN1_generate_nconf\fR\|(3) format. +\&\fBASN1_generate_nconf\fR\|(3) format. .PP Examples: .PP @@ -585,7 +589,7 @@ the data is formatted correctly for the given extension type. There are two ways to encode arbitrary extensions. .PP The first way is to use the word \s-1ASN1\s0 followed by the extension content -using the same syntax as \fIASN1_generate_nconf\fR\|(3). +using the same syntax as \fBASN1_generate_nconf\fR\|(3). For example: .PP .Vb 1 @@ -675,5 +679,5 @@ The \fBdirectoryName\fR and \fBotherName\fR option as well as the \fB\s-1ASN1\s0 for arbitrary extensions was added in OpenSSL 0.9.8 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1), -\&\fIASN1_generate_nconf\fR\|(3) +\&\fBreq\fR\|(1), \fBca\fR\|(1), \fBx509\fR\|(1), +\&\fBASN1_generate_nconf\fR\|(3) -- 2.45.0