From d56c8fa8260d226f98b26f017b45b9c2b135f38d Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Wed, 18 Aug 2021 16:06:57 +0000 Subject: This commit was manufactured by cvs2git to create tag 'tb_20210818'. --- src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 | 151 --- src/lib/libcrypto/man/AES_encrypt.3 | 173 --- src/lib/libcrypto/man/ASN1_INTEGER_get.3 | 285 ---- src/lib/libcrypto/man/ASN1_OBJECT_new.3 | 142 -- src/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 | 101 -- src/lib/libcrypto/man/ASN1_STRING_length.3 | 358 ----- src/lib/libcrypto/man/ASN1_STRING_new.3 | 294 ----- src/lib/libcrypto/man/ASN1_STRING_print_ex.3 | 240 ---- src/lib/libcrypto/man/ASN1_TIME_set.3 | 466 ------- src/lib/libcrypto/man/ASN1_TYPE_get.3 | 309 ----- src/lib/libcrypto/man/ASN1_generate_nconf.3 | 394 ------ src/lib/libcrypto/man/ASN1_get_object.3 | 200 --- src/lib/libcrypto/man/ASN1_item_d2i.3 | 490 ------- src/lib/libcrypto/man/ASN1_item_new.3 | 123 -- src/lib/libcrypto/man/ASN1_parse_dump.3 | 210 --- src/lib/libcrypto/man/ASN1_put_object.3 | 181 --- src/lib/libcrypto/man/ASN1_time_parse.3 | 141 -- src/lib/libcrypto/man/AUTHORITY_KEYID_new.3 | 73 -- src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 | 88 -- src/lib/libcrypto/man/BF_set_key.3 | 275 ---- src/lib/libcrypto/man/BIO_ctrl.3 | 354 ----- src/lib/libcrypto/man/BIO_dump.3 | 125 -- src/lib/libcrypto/man/BIO_f_base64.3 | 135 -- src/lib/libcrypto/man/BIO_f_buffer.3 | 197 --- src/lib/libcrypto/man/BIO_f_cipher.3 | 178 --- src/lib/libcrypto/man/BIO_f_md.3 | 279 ---- src/lib/libcrypto/man/BIO_f_null.3 | 80 -- src/lib/libcrypto/man/BIO_find_type.3 | 175 --- src/lib/libcrypto/man/BIO_get_data.3 | 176 --- src/lib/libcrypto/man/BIO_get_ex_new_index.3 | 192 --- src/lib/libcrypto/man/BIO_meth_new.3 | 367 ------ src/lib/libcrypto/man/BIO_new.3 | 276 ---- src/lib/libcrypto/man/BIO_new_CMS.3 | 141 -- src/lib/libcrypto/man/BIO_printf.3 | 97 -- src/lib/libcrypto/man/BIO_push.3 | 185 --- src/lib/libcrypto/man/BIO_read.3 | 178 --- src/lib/libcrypto/man/BIO_s_accept.3 | 376 ------ src/lib/libcrypto/man/BIO_s_bio.3 | 392 ------ src/lib/libcrypto/man/BIO_s_connect.3 | 390 ------ src/lib/libcrypto/man/BIO_s_fd.3 | 206 --- src/lib/libcrypto/man/BIO_s_file.3 | 319 ----- src/lib/libcrypto/man/BIO_s_mem.3 | 280 ---- src/lib/libcrypto/man/BIO_s_null.3 | 88 -- src/lib/libcrypto/man/BIO_s_socket.3 | 116 -- src/lib/libcrypto/man/BIO_set_callback.3 | 269 ---- src/lib/libcrypto/man/BIO_should_retry.3 | 236 ---- src/lib/libcrypto/man/BN_BLINDING_new.3 | 332 ----- src/lib/libcrypto/man/BN_CTX_new.3 | 143 -- src/lib/libcrypto/man/BN_CTX_start.3 | 137 -- src/lib/libcrypto/man/BN_add.3 | 466 ------- src/lib/libcrypto/man/BN_add_word.3 | 173 --- src/lib/libcrypto/man/BN_bn2bin.3 | 324 ----- src/lib/libcrypto/man/BN_cmp.3 | 151 --- src/lib/libcrypto/man/BN_copy.3 | 165 --- src/lib/libcrypto/man/BN_generate_prime.3 | 435 ------ src/lib/libcrypto/man/BN_get0_nist_prime_521.3 | 89 -- src/lib/libcrypto/man/BN_mod_inverse.3 | 123 -- src/lib/libcrypto/man/BN_mod_mul_montgomery.3 | 252 ---- src/lib/libcrypto/man/BN_mod_mul_reciprocal.3 | 229 ---- src/lib/libcrypto/man/BN_new.3 | 203 --- src/lib/libcrypto/man/BN_num_bytes.3 | 130 -- src/lib/libcrypto/man/BN_rand.3 | 134 -- src/lib/libcrypto/man/BN_set_bit.3 | 216 --- src/lib/libcrypto/man/BN_set_flags.3 | 167 --- src/lib/libcrypto/man/BN_set_negative.3 | 64 - src/lib/libcrypto/man/BN_swap.3 | 75 -- src/lib/libcrypto/man/BN_zero.3 | 154 --- src/lib/libcrypto/man/BUF_MEM_new.3 | 206 --- src/lib/libcrypto/man/CMAC_Init.3 | 293 ----- src/lib/libcrypto/man/CMS_ContentInfo_new.3 | 134 -- src/lib/libcrypto/man/CMS_add0_cert.3 | 214 --- src/lib/libcrypto/man/CMS_add1_recipient_cert.3 | 200 --- src/lib/libcrypto/man/CMS_add1_signer.3 | 246 ---- src/lib/libcrypto/man/CMS_compress.3 | 170 --- src/lib/libcrypto/man/CMS_decrypt.3 | 226 ---- src/lib/libcrypto/man/CMS_encrypt.3 | 191 --- src/lib/libcrypto/man/CMS_final.3 | 101 -- src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 | 328 ----- src/lib/libcrypto/man/CMS_get0_SignerInfos.3 | 192 --- src/lib/libcrypto/man/CMS_get0_type.3 | 198 --- src/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 | 198 --- src/lib/libcrypto/man/CMS_sign.3 | 243 ---- src/lib/libcrypto/man/CMS_sign_receipt.3 | 119 -- src/lib/libcrypto/man/CMS_uncompress.3 | 115 -- src/lib/libcrypto/man/CMS_verify.3 | 223 ---- src/lib/libcrypto/man/CMS_verify_receipt.3 | 110 -- src/lib/libcrypto/man/CONF_modules_free.3 | 103 -- src/lib/libcrypto/man/CONF_modules_load_file.3 | 285 ---- src/lib/libcrypto/man/CRYPTO_get_mem_functions.3 | 114 -- src/lib/libcrypto/man/CRYPTO_lock.3 | 176 --- src/lib/libcrypto/man/CRYPTO_memcmp.3 | 95 -- src/lib/libcrypto/man/CRYPTO_set_ex_data.3 | 369 ------ src/lib/libcrypto/man/ChaCha.3 | 253 ---- src/lib/libcrypto/man/DES_set_key.3 | 870 ------------ src/lib/libcrypto/man/DH_generate_key.3 | 122 -- src/lib/libcrypto/man/DH_generate_parameters.3 | 188 --- src/lib/libcrypto/man/DH_get0_pqg.3 | 273 ---- src/lib/libcrypto/man/DH_get_ex_new_index.3 | 99 -- src/lib/libcrypto/man/DH_new.3 | 132 -- src/lib/libcrypto/man/DH_set_method.3 | 217 --- src/lib/libcrypto/man/DH_size.3 | 96 -- src/lib/libcrypto/man/DIST_POINT_new.3 | 154 --- src/lib/libcrypto/man/DSA_SIG_new.3 | 141 -- src/lib/libcrypto/man/DSA_do_sign.3 | 119 -- src/lib/libcrypto/man/DSA_dup_DH.3 | 92 -- src/lib/libcrypto/man/DSA_generate_key.3 | 84 -- src/lib/libcrypto/man/DSA_generate_parameters.3 | 226 ---- src/lib/libcrypto/man/DSA_get0_pqg.3 | 252 ---- src/lib/libcrypto/man/DSA_get_ex_new_index.3 | 98 -- src/lib/libcrypto/man/DSA_meth_new.3 | 183 --- src/lib/libcrypto/man/DSA_new.3 | 140 -- src/lib/libcrypto/man/DSA_set_method.3 | 221 ---- src/lib/libcrypto/man/DSA_sign.3 | 173 --- src/lib/libcrypto/man/DSA_size.3 | 81 -- src/lib/libcrypto/man/ECDH_compute_key.3 | 88 -- src/lib/libcrypto/man/ECDSA_SIG_new.3 | 526 -------- src/lib/libcrypto/man/EC_GFp_simple_method.3 | 181 --- src/lib/libcrypto/man/EC_GROUP_copy.3 | 518 -------- src/lib/libcrypto/man/EC_GROUP_new.3 | 366 ------ src/lib/libcrypto/man/EC_KEY_METHOD_new.3 | 325 ----- src/lib/libcrypto/man/EC_KEY_new.3 | 570 -------- src/lib/libcrypto/man/EC_POINT_add.3 | 310 ----- src/lib/libcrypto/man/EC_POINT_new.3 | 566 -------- src/lib/libcrypto/man/ENGINE_add.3 | 243 ---- src/lib/libcrypto/man/ENGINE_ctrl.3 | 470 ------- src/lib/libcrypto/man/ENGINE_get_default_RSA.3 | 160 --- src/lib/libcrypto/man/ENGINE_init.3 | 134 -- src/lib/libcrypto/man/ENGINE_new.3 | 190 --- src/lib/libcrypto/man/ENGINE_register_RSA.3 | 142 -- src/lib/libcrypto/man/ENGINE_register_all_RSA.3 | 123 -- src/lib/libcrypto/man/ENGINE_set_RSA.3 | 329 ----- src/lib/libcrypto/man/ENGINE_set_default.3 | 186 --- src/lib/libcrypto/man/ENGINE_set_flags.3 | 92 -- src/lib/libcrypto/man/ENGINE_unregister_RSA.3 | 119 -- src/lib/libcrypto/man/ERR.3 | 215 --- src/lib/libcrypto/man/ERR_GET_LIB.3 | 126 -- src/lib/libcrypto/man/ERR_asprintf_error_data.3 | 55 - src/lib/libcrypto/man/ERR_clear_error.3 | 70 - src/lib/libcrypto/man/ERR_error_string.3 | 176 --- src/lib/libcrypto/man/ERR_get_error.3 | 191 --- src/lib/libcrypto/man/ERR_load_crypto_strings.3 | 128 -- src/lib/libcrypto/man/ERR_load_strings.3 | 117 -- src/lib/libcrypto/man/ERR_print_errors.3 | 122 -- src/lib/libcrypto/man/ERR_put_error.3 | 158 --- src/lib/libcrypto/man/ERR_remove_state.3 | 108 -- src/lib/libcrypto/man/ERR_set_mark.3 | 86 -- src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 | 117 -- src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 | 307 ----- src/lib/libcrypto/man/EVP_BytesToKey.3 | 143 -- src/lib/libcrypto/man/EVP_DigestInit.3 | 777 ----------- src/lib/libcrypto/man/EVP_DigestSignInit.3 | 247 ---- src/lib/libcrypto/man/EVP_DigestVerifyInit.3 | 227 ---- src/lib/libcrypto/man/EVP_EncodeInit.3 | 334 ----- src/lib/libcrypto/man/EVP_EncryptInit.3 | 1385 -------------------- src/lib/libcrypto/man/EVP_OpenInit.3 | 154 --- src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 | 466 ------- src/lib/libcrypto/man/EVP_PKEY_CTX_new.3 | 185 --- src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 | 202 --- src/lib/libcrypto/man/EVP_PKEY_asn1_new.3 | 463 ------- src/lib/libcrypto/man/EVP_PKEY_cmp.3 | 160 --- src/lib/libcrypto/man/EVP_PKEY_decrypt.3 | 177 --- src/lib/libcrypto/man/EVP_PKEY_derive.3 | 179 --- src/lib/libcrypto/man/EVP_PKEY_encrypt.3 | 184 --- .../man/EVP_PKEY_get_default_digest_nid.3 | 94 -- src/lib/libcrypto/man/EVP_PKEY_keygen.3 | 295 ----- src/lib/libcrypto/man/EVP_PKEY_meth_get0_info.3 | 78 -- src/lib/libcrypto/man/EVP_PKEY_meth_new.3 | 555 -------- src/lib/libcrypto/man/EVP_PKEY_new.3 | 211 --- src/lib/libcrypto/man/EVP_PKEY_print_private.3 | 130 -- src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 | 478 ------- src/lib/libcrypto/man/EVP_PKEY_sign.3 | 191 --- src/lib/libcrypto/man/EVP_PKEY_verify.3 | 168 --- src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 | 189 --- src/lib/libcrypto/man/EVP_SealInit.3 | 188 --- src/lib/libcrypto/man/EVP_SignInit.3 | 229 ---- src/lib/libcrypto/man/EVP_VerifyInit.3 | 195 --- src/lib/libcrypto/man/EVP_aes_128_cbc.3 | 337 ----- src/lib/libcrypto/man/EVP_camellia_128_cbc.3 | 149 --- src/lib/libcrypto/man/EVP_des_cbc.3 | 221 ---- src/lib/libcrypto/man/EVP_rc4.3 | 109 -- src/lib/libcrypto/man/EVP_sm3.3 | 82 -- src/lib/libcrypto/man/EVP_sm4_cbc.3 | 81 -- src/lib/libcrypto/man/EVP_whirlpool.3 | 83 -- src/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 | 83 -- src/lib/libcrypto/man/GENERAL_NAME_new.3 | 165 --- src/lib/libcrypto/man/HMAC.3 | 404 ------ src/lib/libcrypto/man/MD5.3 | 196 --- src/lib/libcrypto/man/Makefile | 390 ------ src/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 | 100 -- src/lib/libcrypto/man/OBJ_nid2obj.3 | 479 ------- src/lib/libcrypto/man/OCSP_CRLID_new.3 | 113 -- src/lib/libcrypto/man/OCSP_REQUEST_new.3 | 329 ----- src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 | 109 -- src/lib/libcrypto/man/OCSP_cert_to_id.3 | 232 ---- src/lib/libcrypto/man/OCSP_request_add1_nonce.3 | 163 --- src/lib/libcrypto/man/OCSP_resp_find_status.3 | 494 ------- src/lib/libcrypto/man/OCSP_response_status.3 | 308 ----- src/lib/libcrypto/man/OCSP_sendreq_new.3 | 323 ----- src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 | 281 ---- src/lib/libcrypto/man/OPENSSL_cleanse.3 | 42 - src/lib/libcrypto/man/OPENSSL_config.3 | 153 --- src/lib/libcrypto/man/OPENSSL_init_crypto.3 | 115 -- .../libcrypto/man/OPENSSL_load_builtin_modules.3 | 107 -- src/lib/libcrypto/man/OPENSSL_malloc.3 | 110 -- src/lib/libcrypto/man/OPENSSL_sk_new.3 | 597 --------- src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 | 127 -- src/lib/libcrypto/man/PEM_ASN1_read.3 | 172 --- src/lib/libcrypto/man/PEM_X509_INFO_read.3 | 188 --- src/lib/libcrypto/man/PEM_bytes_read_bio.3 | 184 --- src/lib/libcrypto/man/PEM_read.3 | 410 ------ src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 | 1379 ------------------- src/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 | 95 -- src/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 | 90 -- src/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 | 104 -- src/lib/libcrypto/man/PKCS12_create.3 | 188 --- src/lib/libcrypto/man/PKCS12_new.3 | 99 -- src/lib/libcrypto/man/PKCS12_newpass.3 | 155 --- src/lib/libcrypto/man/PKCS12_parse.3 | 145 -- src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 | 163 --- src/lib/libcrypto/man/PKCS7_add_attribute.3 | 365 ------ src/lib/libcrypto/man/PKCS7_dataFinal.3 | 158 --- src/lib/libcrypto/man/PKCS7_dataInit.3 | 226 ---- src/lib/libcrypto/man/PKCS7_decrypt.3 | 118 -- src/lib/libcrypto/man/PKCS7_encrypt.3 | 169 --- src/lib/libcrypto/man/PKCS7_final.3 | 202 --- src/lib/libcrypto/man/PKCS7_get_signer_info.3 | 62 - src/lib/libcrypto/man/PKCS7_new.3 | 269 ---- src/lib/libcrypto/man/PKCS7_set_content.3 | 120 -- src/lib/libcrypto/man/PKCS7_set_type.3 | 119 -- src/lib/libcrypto/man/PKCS7_sign.3 | 251 ---- src/lib/libcrypto/man/PKCS7_sign_add_signer.3 | 187 --- src/lib/libcrypto/man/PKCS7_verify.3 | 248 ---- src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 | 63 - src/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 | 74 -- src/lib/libcrypto/man/POLICYINFO_new.3 | 218 --- src/lib/libcrypto/man/PROXY_POLICY_new.3 | 96 -- src/lib/libcrypto/man/RAND_add.3 | 73 -- src/lib/libcrypto/man/RAND_bytes.3 | 108 -- src/lib/libcrypto/man/RAND_load_file.3 | 119 -- src/lib/libcrypto/man/RAND_set_rand_method.3 | 55 - src/lib/libcrypto/man/RC4.3 | 126 -- src/lib/libcrypto/man/RIPEMD160.3 | 151 --- src/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 | 60 - src/lib/libcrypto/man/RSA_blinding_on.3 | 98 -- src/lib/libcrypto/man/RSA_check_key.3 | 149 --- src/lib/libcrypto/man/RSA_generate_key.3 | 164 --- src/lib/libcrypto/man/RSA_get0_key.3 | 364 ----- src/lib/libcrypto/man/RSA_get_ex_new_index.3 | 289 ---- src/lib/libcrypto/man/RSA_meth_new.3 | 626 --------- src/lib/libcrypto/man/RSA_new.3 | 255 ---- .../libcrypto/man/RSA_padding_add_PKCS1_type_1.3 | 236 ---- src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 | 403 ------ src/lib/libcrypto/man/RSA_print.3 | 144 -- src/lib/libcrypto/man/RSA_private_encrypt.3 | 150 --- src/lib/libcrypto/man/RSA_public_encrypt.3 | 167 --- src/lib/libcrypto/man/RSA_set_method.3 | 278 ---- src/lib/libcrypto/man/RSA_sign.3 | 147 --- src/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 | 131 -- src/lib/libcrypto/man/RSA_size.3 | 96 -- src/lib/libcrypto/man/SHA1.3 | 276 ---- src/lib/libcrypto/man/SMIME_read_CMS.3 | 131 -- src/lib/libcrypto/man/SMIME_read_PKCS7.3 | 149 --- src/lib/libcrypto/man/SMIME_write_CMS.3 | 132 -- src/lib/libcrypto/man/SMIME_write_PKCS7.3 | 147 --- src/lib/libcrypto/man/STACK_OF.3 | 190 --- src/lib/libcrypto/man/SXNET_new.3 | 139 -- src/lib/libcrypto/man/TS_REQ_new.3 | 182 --- src/lib/libcrypto/man/UI_UTIL_read_pw.3 | 107 -- src/lib/libcrypto/man/UI_create_method.3 | 284 ---- src/lib/libcrypto/man/UI_get_string_type.3 | 281 ---- src/lib/libcrypto/man/UI_new.3 | 514 -------- src/lib/libcrypto/man/X25519.3 | 101 -- src/lib/libcrypto/man/X509V3_EXT_print.3 | 156 --- src/lib/libcrypto/man/X509V3_extensions_print.3 | 100 -- src/lib/libcrypto/man/X509V3_get_d2i.3 | 451 ------- src/lib/libcrypto/man/X509_ALGOR_dup.3 | 242 ---- src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 | 122 -- src/lib/libcrypto/man/X509_CINF_new.3 | 118 -- src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 | 179 --- src/lib/libcrypto/man/X509_CRL_new.3 | 143 -- src/lib/libcrypto/man/X509_CRL_print.3 | 113 -- src/lib/libcrypto/man/X509_EXTENSION_set_object.3 | 313 ----- src/lib/libcrypto/man/X509_INFO_new.3 | 71 - src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 | 281 ---- src/lib/libcrypto/man/X509_LOOKUP_new.3 | 616 --------- src/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 | 369 ------ src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 | 281 ---- src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 | 256 ---- src/lib/libcrypto/man/X509_NAME_hash.3 | 97 -- src/lib/libcrypto/man/X509_NAME_new.3 | 103 -- src/lib/libcrypto/man/X509_NAME_print_ex.3 | 286 ---- src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 | 253 ---- src/lib/libcrypto/man/X509_PUBKEY_new.3 | 368 ------ src/lib/libcrypto/man/X509_PURPOSE_set.3 | 295 ----- src/lib/libcrypto/man/X509_REQ_new.3 | 105 -- src/lib/libcrypto/man/X509_REVOKED_new.3 | 213 --- src/lib/libcrypto/man/X509_SIG_new.3 | 67 - src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 | 508 ------- .../man/X509_STORE_CTX_get_ex_new_index.3 | 153 --- src/lib/libcrypto/man/X509_STORE_CTX_new.3 | 355 ----- src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 | 420 ------ .../libcrypto/man/X509_STORE_CTX_set_verify_cb.3 | 233 ---- src/lib/libcrypto/man/X509_STORE_get_by_subject.3 | 199 --- src/lib/libcrypto/man/X509_STORE_load_locations.3 | 188 --- src/lib/libcrypto/man/X509_STORE_new.3 | 143 -- src/lib/libcrypto/man/X509_STORE_set1_param.3 | 229 ---- .../libcrypto/man/X509_STORE_set_verify_cb_func.3 | 126 -- src/lib/libcrypto/man/X509_TRUST_set.3 | 286 ---- .../libcrypto/man/X509_VERIFY_PARAM_set_flags.3 | 756 ----------- src/lib/libcrypto/man/X509_add1_trust_object.3 | 100 -- src/lib/libcrypto/man/X509_check_ca.3 | 100 -- src/lib/libcrypto/man/X509_check_host.3 | 246 ---- src/lib/libcrypto/man/X509_check_issued.3 | 109 -- src/lib/libcrypto/man/X509_check_private_key.3 | 73 -- src/lib/libcrypto/man/X509_check_purpose.3 | 403 ------ src/lib/libcrypto/man/X509_check_trust.3 | 209 --- src/lib/libcrypto/man/X509_cmp.3 | 231 ---- src/lib/libcrypto/man/X509_cmp_time.3 | 155 --- src/lib/libcrypto/man/X509_digest.3 | 155 --- src/lib/libcrypto/man/X509_find_by_subject.3 | 69 - src/lib/libcrypto/man/X509_get0_notBefore.3 | 259 ---- src/lib/libcrypto/man/X509_get0_signature.3 | 199 --- src/lib/libcrypto/man/X509_get1_email.3 | 123 -- src/lib/libcrypto/man/X509_get_pubkey.3 | 288 ---- src/lib/libcrypto/man/X509_get_serialNumber.3 | 129 -- src/lib/libcrypto/man/X509_get_subject_name.3 | 189 --- src/lib/libcrypto/man/X509_get_version.3 | 162 --- src/lib/libcrypto/man/X509_keyid_set1.3 | 171 --- src/lib/libcrypto/man/X509_new.3 | 238 ---- src/lib/libcrypto/man/X509_ocspid_print.3 | 58 - src/lib/libcrypto/man/X509_policy_check.3 | 191 --- .../libcrypto/man/X509_policy_tree_level_count.3 | 177 --- src/lib/libcrypto/man/X509_print_ex.3 | 280 ---- src/lib/libcrypto/man/X509_sign.3 | 217 --- src/lib/libcrypto/man/X509_signature_dump.3 | 84 -- src/lib/libcrypto/man/X509_verify_cert.3 | 93 -- src/lib/libcrypto/man/X509v3_get_ext_by_NID.3 | 401 ------ src/lib/libcrypto/man/bn_dump.3 | 766 ----------- src/lib/libcrypto/man/crypto.3 | 181 --- src/lib/libcrypto/man/d2i_ASN1_NULL.3 | 91 -- src/lib/libcrypto/man/d2i_ASN1_OBJECT.3 | 98 -- src/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3 | 440 ------- src/lib/libcrypto/man/d2i_ASN1_SEQUENCE_ANY.3 | 93 -- src/lib/libcrypto/man/d2i_AUTHORITY_KEYID.3 | 75 -- src/lib/libcrypto/man/d2i_BASIC_CONSTRAINTS.3 | 106 -- src/lib/libcrypto/man/d2i_CMS_ContentInfo.3 | 128 -- src/lib/libcrypto/man/d2i_DHparams.3 | 99 -- src/lib/libcrypto/man/d2i_DIST_POINT.3 | 201 --- src/lib/libcrypto/man/d2i_DSAPublicKey.3 | 412 ------ src/lib/libcrypto/man/d2i_ECPKParameters.3 | 467 ------- src/lib/libcrypto/man/d2i_ESS_SIGNING_CERT.3 | 118 -- src/lib/libcrypto/man/d2i_GENERAL_NAME.3 | 160 --- src/lib/libcrypto/man/d2i_OCSP_REQUEST.3 | 181 --- src/lib/libcrypto/man/d2i_OCSP_RESPONSE.3 | 248 ---- src/lib/libcrypto/man/d2i_PKCS12.3 | 202 --- src/lib/libcrypto/man/d2i_PKCS7.3 | 354 ----- src/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 | 172 --- src/lib/libcrypto/man/d2i_PKCS8_PRIV_KEY_INFO.3 | 127 -- src/lib/libcrypto/man/d2i_PKEY_USAGE_PERIOD.3 | 74 -- src/lib/libcrypto/man/d2i_POLICYINFO.3 | 165 --- src/lib/libcrypto/man/d2i_PROXY_POLICY.3 | 97 -- src/lib/libcrypto/man/d2i_PrivateKey.3 | 287 ---- src/lib/libcrypto/man/d2i_RSAPublicKey.3 | 389 ------ src/lib/libcrypto/man/d2i_TS_REQ.3 | 333 ----- src/lib/libcrypto/man/d2i_X509.3 | 296 ----- src/lib/libcrypto/man/d2i_X509_ALGOR.3 | 58 - src/lib/libcrypto/man/d2i_X509_ATTRIBUTE.3 | 76 -- src/lib/libcrypto/man/d2i_X509_CRL.3 | 148 --- src/lib/libcrypto/man/d2i_X509_EXTENSION.3 | 104 -- src/lib/libcrypto/man/d2i_X509_NAME.3 | 213 --- src/lib/libcrypto/man/d2i_X509_REQ.3 | 151 --- src/lib/libcrypto/man/d2i_X509_SIG.3 | 159 --- src/lib/libcrypto/man/des_read_pw.3 | 188 --- src/lib/libcrypto/man/evp.3 | 212 --- src/lib/libcrypto/man/get_rfc3526_prime_8192.3 | 178 --- src/lib/libcrypto/man/i2d_CMS_bio_stream.3 | 95 -- src/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 | 94 -- src/lib/libcrypto/man/lh_new.3 | 554 -------- src/lib/libcrypto/man/lh_stats.3 | 206 --- src/lib/libcrypto/man/openssl.cnf.5 | 468 ------- src/lib/libcrypto/man/x509_verify.3 | 221 ---- src/lib/libcrypto/man/x509v3.cnf.5 | 738 ----------- 382 files changed, 83971 deletions(-) delete mode 100644 src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 delete mode 100644 src/lib/libcrypto/man/AES_encrypt.3 delete mode 100644 src/lib/libcrypto/man/ASN1_INTEGER_get.3 delete mode 100644 src/lib/libcrypto/man/ASN1_OBJECT_new.3 delete mode 100644 src/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 delete mode 100644 src/lib/libcrypto/man/ASN1_STRING_length.3 delete mode 100644 src/lib/libcrypto/man/ASN1_STRING_new.3 delete mode 100644 src/lib/libcrypto/man/ASN1_STRING_print_ex.3 delete mode 100644 src/lib/libcrypto/man/ASN1_TIME_set.3 delete mode 100644 src/lib/libcrypto/man/ASN1_TYPE_get.3 delete mode 100644 src/lib/libcrypto/man/ASN1_generate_nconf.3 delete mode 100644 src/lib/libcrypto/man/ASN1_get_object.3 delete mode 100644 src/lib/libcrypto/man/ASN1_item_d2i.3 delete mode 100644 src/lib/libcrypto/man/ASN1_item_new.3 delete mode 100644 src/lib/libcrypto/man/ASN1_parse_dump.3 delete mode 100644 src/lib/libcrypto/man/ASN1_put_object.3 delete mode 100644 src/lib/libcrypto/man/ASN1_time_parse.3 delete mode 100644 src/lib/libcrypto/man/AUTHORITY_KEYID_new.3 delete mode 100644 src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 delete mode 100644 src/lib/libcrypto/man/BF_set_key.3 delete mode 100644 src/lib/libcrypto/man/BIO_ctrl.3 delete mode 100644 src/lib/libcrypto/man/BIO_dump.3 delete mode 100644 src/lib/libcrypto/man/BIO_f_base64.3 delete mode 100644 src/lib/libcrypto/man/BIO_f_buffer.3 delete mode 100644 src/lib/libcrypto/man/BIO_f_cipher.3 delete mode 100644 src/lib/libcrypto/man/BIO_f_md.3 delete mode 100644 src/lib/libcrypto/man/BIO_f_null.3 delete mode 100644 src/lib/libcrypto/man/BIO_find_type.3 delete mode 100644 src/lib/libcrypto/man/BIO_get_data.3 delete mode 100644 src/lib/libcrypto/man/BIO_get_ex_new_index.3 delete mode 100644 src/lib/libcrypto/man/BIO_meth_new.3 delete mode 100644 src/lib/libcrypto/man/BIO_new.3 delete mode 100644 src/lib/libcrypto/man/BIO_new_CMS.3 delete mode 100644 src/lib/libcrypto/man/BIO_printf.3 delete mode 100644 src/lib/libcrypto/man/BIO_push.3 delete mode 100644 src/lib/libcrypto/man/BIO_read.3 delete mode 100644 src/lib/libcrypto/man/BIO_s_accept.3 delete mode 100644 src/lib/libcrypto/man/BIO_s_bio.3 delete mode 100644 src/lib/libcrypto/man/BIO_s_connect.3 delete mode 100644 src/lib/libcrypto/man/BIO_s_fd.3 delete mode 100644 src/lib/libcrypto/man/BIO_s_file.3 delete mode 100644 src/lib/libcrypto/man/BIO_s_mem.3 delete mode 100644 src/lib/libcrypto/man/BIO_s_null.3 delete mode 100644 src/lib/libcrypto/man/BIO_s_socket.3 delete mode 100644 src/lib/libcrypto/man/BIO_set_callback.3 delete mode 100644 src/lib/libcrypto/man/BIO_should_retry.3 delete mode 100644 src/lib/libcrypto/man/BN_BLINDING_new.3 delete mode 100644 src/lib/libcrypto/man/BN_CTX_new.3 delete mode 100644 src/lib/libcrypto/man/BN_CTX_start.3 delete mode 100644 src/lib/libcrypto/man/BN_add.3 delete mode 100644 src/lib/libcrypto/man/BN_add_word.3 delete mode 100644 src/lib/libcrypto/man/BN_bn2bin.3 delete mode 100644 src/lib/libcrypto/man/BN_cmp.3 delete mode 100644 src/lib/libcrypto/man/BN_copy.3 delete mode 100644 src/lib/libcrypto/man/BN_generate_prime.3 delete mode 100644 src/lib/libcrypto/man/BN_get0_nist_prime_521.3 delete mode 100644 src/lib/libcrypto/man/BN_mod_inverse.3 delete mode 100644 src/lib/libcrypto/man/BN_mod_mul_montgomery.3 delete mode 100644 src/lib/libcrypto/man/BN_mod_mul_reciprocal.3 delete mode 100644 src/lib/libcrypto/man/BN_new.3 delete mode 100644 src/lib/libcrypto/man/BN_num_bytes.3 delete mode 100644 src/lib/libcrypto/man/BN_rand.3 delete mode 100644 src/lib/libcrypto/man/BN_set_bit.3 delete mode 100644 src/lib/libcrypto/man/BN_set_flags.3 delete mode 100644 src/lib/libcrypto/man/BN_set_negative.3 delete mode 100644 src/lib/libcrypto/man/BN_swap.3 delete mode 100644 src/lib/libcrypto/man/BN_zero.3 delete mode 100644 src/lib/libcrypto/man/BUF_MEM_new.3 delete mode 100644 src/lib/libcrypto/man/CMAC_Init.3 delete mode 100644 src/lib/libcrypto/man/CMS_ContentInfo_new.3 delete mode 100644 src/lib/libcrypto/man/CMS_add0_cert.3 delete mode 100644 src/lib/libcrypto/man/CMS_add1_recipient_cert.3 delete mode 100644 src/lib/libcrypto/man/CMS_add1_signer.3 delete mode 100644 src/lib/libcrypto/man/CMS_compress.3 delete mode 100644 src/lib/libcrypto/man/CMS_decrypt.3 delete mode 100644 src/lib/libcrypto/man/CMS_encrypt.3 delete mode 100644 src/lib/libcrypto/man/CMS_final.3 delete mode 100644 src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 delete mode 100644 src/lib/libcrypto/man/CMS_get0_SignerInfos.3 delete mode 100644 src/lib/libcrypto/man/CMS_get0_type.3 delete mode 100644 src/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 delete mode 100644 src/lib/libcrypto/man/CMS_sign.3 delete mode 100644 src/lib/libcrypto/man/CMS_sign_receipt.3 delete mode 100644 src/lib/libcrypto/man/CMS_uncompress.3 delete mode 100644 src/lib/libcrypto/man/CMS_verify.3 delete mode 100644 src/lib/libcrypto/man/CMS_verify_receipt.3 delete mode 100644 src/lib/libcrypto/man/CONF_modules_free.3 delete mode 100644 src/lib/libcrypto/man/CONF_modules_load_file.3 delete mode 100644 src/lib/libcrypto/man/CRYPTO_get_mem_functions.3 delete mode 100644 src/lib/libcrypto/man/CRYPTO_lock.3 delete mode 100644 src/lib/libcrypto/man/CRYPTO_memcmp.3 delete mode 100644 src/lib/libcrypto/man/CRYPTO_set_ex_data.3 delete mode 100644 src/lib/libcrypto/man/ChaCha.3 delete mode 100644 src/lib/libcrypto/man/DES_set_key.3 delete mode 100644 src/lib/libcrypto/man/DH_generate_key.3 delete mode 100644 src/lib/libcrypto/man/DH_generate_parameters.3 delete mode 100644 src/lib/libcrypto/man/DH_get0_pqg.3 delete mode 100644 src/lib/libcrypto/man/DH_get_ex_new_index.3 delete mode 100644 src/lib/libcrypto/man/DH_new.3 delete mode 100644 src/lib/libcrypto/man/DH_set_method.3 delete mode 100644 src/lib/libcrypto/man/DH_size.3 delete mode 100644 src/lib/libcrypto/man/DIST_POINT_new.3 delete mode 100644 src/lib/libcrypto/man/DSA_SIG_new.3 delete mode 100644 src/lib/libcrypto/man/DSA_do_sign.3 delete mode 100644 src/lib/libcrypto/man/DSA_dup_DH.3 delete mode 100644 src/lib/libcrypto/man/DSA_generate_key.3 delete mode 100644 src/lib/libcrypto/man/DSA_generate_parameters.3 delete mode 100644 src/lib/libcrypto/man/DSA_get0_pqg.3 delete mode 100644 src/lib/libcrypto/man/DSA_get_ex_new_index.3 delete mode 100644 src/lib/libcrypto/man/DSA_meth_new.3 delete mode 100644 src/lib/libcrypto/man/DSA_new.3 delete mode 100644 src/lib/libcrypto/man/DSA_set_method.3 delete mode 100644 src/lib/libcrypto/man/DSA_sign.3 delete mode 100644 src/lib/libcrypto/man/DSA_size.3 delete mode 100644 src/lib/libcrypto/man/ECDH_compute_key.3 delete mode 100644 src/lib/libcrypto/man/ECDSA_SIG_new.3 delete mode 100644 src/lib/libcrypto/man/EC_GFp_simple_method.3 delete mode 100644 src/lib/libcrypto/man/EC_GROUP_copy.3 delete mode 100644 src/lib/libcrypto/man/EC_GROUP_new.3 delete mode 100644 src/lib/libcrypto/man/EC_KEY_METHOD_new.3 delete mode 100644 src/lib/libcrypto/man/EC_KEY_new.3 delete mode 100644 src/lib/libcrypto/man/EC_POINT_add.3 delete mode 100644 src/lib/libcrypto/man/EC_POINT_new.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_add.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_ctrl.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_get_default_RSA.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_init.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_new.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_register_RSA.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_register_all_RSA.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_set_RSA.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_set_default.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_set_flags.3 delete mode 100644 src/lib/libcrypto/man/ENGINE_unregister_RSA.3 delete mode 100644 src/lib/libcrypto/man/ERR.3 delete mode 100644 src/lib/libcrypto/man/ERR_GET_LIB.3 delete mode 100644 src/lib/libcrypto/man/ERR_asprintf_error_data.3 delete mode 100644 src/lib/libcrypto/man/ERR_clear_error.3 delete mode 100644 src/lib/libcrypto/man/ERR_error_string.3 delete mode 100644 src/lib/libcrypto/man/ERR_get_error.3 delete mode 100644 src/lib/libcrypto/man/ERR_load_crypto_strings.3 delete mode 100644 src/lib/libcrypto/man/ERR_load_strings.3 delete mode 100644 src/lib/libcrypto/man/ERR_print_errors.3 delete mode 100644 src/lib/libcrypto/man/ERR_put_error.3 delete mode 100644 src/lib/libcrypto/man/ERR_remove_state.3 delete mode 100644 src/lib/libcrypto/man/ERR_set_mark.3 delete mode 100644 src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 delete mode 100644 src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 delete mode 100644 src/lib/libcrypto/man/EVP_BytesToKey.3 delete mode 100644 src/lib/libcrypto/man/EVP_DigestInit.3 delete mode 100644 src/lib/libcrypto/man/EVP_DigestSignInit.3 delete mode 100644 src/lib/libcrypto/man/EVP_DigestVerifyInit.3 delete mode 100644 src/lib/libcrypto/man/EVP_EncodeInit.3 delete mode 100644 src/lib/libcrypto/man/EVP_EncryptInit.3 delete mode 100644 src/lib/libcrypto/man/EVP_OpenInit.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_CTX_new.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_asn1_new.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_cmp.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_decrypt.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_derive.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_encrypt.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_keygen.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_meth_get0_info.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_meth_new.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_new.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_print_private.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_sign.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_verify.3 delete mode 100644 src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 delete mode 100644 src/lib/libcrypto/man/EVP_SealInit.3 delete mode 100644 src/lib/libcrypto/man/EVP_SignInit.3 delete mode 100644 src/lib/libcrypto/man/EVP_VerifyInit.3 delete mode 100644 src/lib/libcrypto/man/EVP_aes_128_cbc.3 delete mode 100644 src/lib/libcrypto/man/EVP_camellia_128_cbc.3 delete mode 100644 src/lib/libcrypto/man/EVP_des_cbc.3 delete mode 100644 src/lib/libcrypto/man/EVP_rc4.3 delete mode 100644 src/lib/libcrypto/man/EVP_sm3.3 delete mode 100644 src/lib/libcrypto/man/EVP_sm4_cbc.3 delete mode 100644 src/lib/libcrypto/man/EVP_whirlpool.3 delete mode 100644 src/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 delete mode 100644 src/lib/libcrypto/man/GENERAL_NAME_new.3 delete mode 100644 src/lib/libcrypto/man/HMAC.3 delete mode 100644 src/lib/libcrypto/man/MD5.3 delete mode 100644 src/lib/libcrypto/man/Makefile delete mode 100644 src/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 delete mode 100644 src/lib/libcrypto/man/OBJ_nid2obj.3 delete mode 100644 src/lib/libcrypto/man/OCSP_CRLID_new.3 delete mode 100644 src/lib/libcrypto/man/OCSP_REQUEST_new.3 delete mode 100644 src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 delete mode 100644 src/lib/libcrypto/man/OCSP_cert_to_id.3 delete mode 100644 src/lib/libcrypto/man/OCSP_request_add1_nonce.3 delete mode 100644 src/lib/libcrypto/man/OCSP_resp_find_status.3 delete mode 100644 src/lib/libcrypto/man/OCSP_response_status.3 delete mode 100644 src/lib/libcrypto/man/OCSP_sendreq_new.3 delete mode 100644 src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 delete mode 100644 src/lib/libcrypto/man/OPENSSL_cleanse.3 delete mode 100644 src/lib/libcrypto/man/OPENSSL_config.3 delete mode 100644 src/lib/libcrypto/man/OPENSSL_init_crypto.3 delete mode 100644 src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 delete mode 100644 src/lib/libcrypto/man/OPENSSL_malloc.3 delete mode 100644 src/lib/libcrypto/man/OPENSSL_sk_new.3 delete mode 100644 src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 delete mode 100644 src/lib/libcrypto/man/PEM_ASN1_read.3 delete mode 100644 src/lib/libcrypto/man/PEM_X509_INFO_read.3 delete mode 100644 src/lib/libcrypto/man/PEM_bytes_read_bio.3 delete mode 100644 src/lib/libcrypto/man/PEM_read.3 delete mode 100644 src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 delete mode 100644 src/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 delete mode 100644 src/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 delete mode 100644 src/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 delete mode 100644 src/lib/libcrypto/man/PKCS12_create.3 delete mode 100644 src/lib/libcrypto/man/PKCS12_new.3 delete mode 100644 src/lib/libcrypto/man/PKCS12_newpass.3 delete mode 100644 src/lib/libcrypto/man/PKCS12_parse.3 delete mode 100644 src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_add_attribute.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_dataFinal.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_dataInit.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_decrypt.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_encrypt.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_final.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_get_signer_info.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_new.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_set_content.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_set_type.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_sign.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_sign_add_signer.3 delete mode 100644 src/lib/libcrypto/man/PKCS7_verify.3 delete mode 100644 src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 delete mode 100644 src/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 delete mode 100644 src/lib/libcrypto/man/POLICYINFO_new.3 delete mode 100644 src/lib/libcrypto/man/PROXY_POLICY_new.3 delete mode 100644 src/lib/libcrypto/man/RAND_add.3 delete mode 100644 src/lib/libcrypto/man/RAND_bytes.3 delete mode 100644 src/lib/libcrypto/man/RAND_load_file.3 delete mode 100644 src/lib/libcrypto/man/RAND_set_rand_method.3 delete mode 100644 src/lib/libcrypto/man/RC4.3 delete mode 100644 src/lib/libcrypto/man/RIPEMD160.3 delete mode 100644 src/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 delete mode 100644 src/lib/libcrypto/man/RSA_blinding_on.3 delete mode 100644 src/lib/libcrypto/man/RSA_check_key.3 delete mode 100644 src/lib/libcrypto/man/RSA_generate_key.3 delete mode 100644 src/lib/libcrypto/man/RSA_get0_key.3 delete mode 100644 src/lib/libcrypto/man/RSA_get_ex_new_index.3 delete mode 100644 src/lib/libcrypto/man/RSA_meth_new.3 delete mode 100644 src/lib/libcrypto/man/RSA_new.3 delete mode 100644 src/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 delete mode 100644 src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 delete mode 100644 src/lib/libcrypto/man/RSA_print.3 delete mode 100644 src/lib/libcrypto/man/RSA_private_encrypt.3 delete mode 100644 src/lib/libcrypto/man/RSA_public_encrypt.3 delete mode 100644 src/lib/libcrypto/man/RSA_set_method.3 delete mode 100644 src/lib/libcrypto/man/RSA_sign.3 delete mode 100644 src/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 delete mode 100644 src/lib/libcrypto/man/RSA_size.3 delete mode 100644 src/lib/libcrypto/man/SHA1.3 delete mode 100644 src/lib/libcrypto/man/SMIME_read_CMS.3 delete mode 100644 src/lib/libcrypto/man/SMIME_read_PKCS7.3 delete mode 100644 src/lib/libcrypto/man/SMIME_write_CMS.3 delete mode 100644 src/lib/libcrypto/man/SMIME_write_PKCS7.3 delete mode 100644 src/lib/libcrypto/man/STACK_OF.3 delete mode 100644 src/lib/libcrypto/man/SXNET_new.3 delete mode 100644 src/lib/libcrypto/man/TS_REQ_new.3 delete mode 100644 src/lib/libcrypto/man/UI_UTIL_read_pw.3 delete mode 100644 src/lib/libcrypto/man/UI_create_method.3 delete mode 100644 src/lib/libcrypto/man/UI_get_string_type.3 delete mode 100644 src/lib/libcrypto/man/UI_new.3 delete mode 100644 src/lib/libcrypto/man/X25519.3 delete mode 100644 src/lib/libcrypto/man/X509V3_EXT_print.3 delete mode 100644 src/lib/libcrypto/man/X509V3_extensions_print.3 delete mode 100644 src/lib/libcrypto/man/X509V3_get_d2i.3 delete mode 100644 src/lib/libcrypto/man/X509_ALGOR_dup.3 delete mode 100644 src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 delete mode 100644 src/lib/libcrypto/man/X509_CINF_new.3 delete mode 100644 src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 delete mode 100644 src/lib/libcrypto/man/X509_CRL_new.3 delete mode 100644 src/lib/libcrypto/man/X509_CRL_print.3 delete mode 100644 src/lib/libcrypto/man/X509_EXTENSION_set_object.3 delete mode 100644 src/lib/libcrypto/man/X509_INFO_new.3 delete mode 100644 src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 delete mode 100644 src/lib/libcrypto/man/X509_LOOKUP_new.3 delete mode 100644 src/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 delete mode 100644 src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 delete mode 100644 src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 delete mode 100644 src/lib/libcrypto/man/X509_NAME_hash.3 delete mode 100644 src/lib/libcrypto/man/X509_NAME_new.3 delete mode 100644 src/lib/libcrypto/man/X509_NAME_print_ex.3 delete mode 100644 src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 delete mode 100644 src/lib/libcrypto/man/X509_PUBKEY_new.3 delete mode 100644 src/lib/libcrypto/man/X509_PURPOSE_set.3 delete mode 100644 src/lib/libcrypto/man/X509_REQ_new.3 delete mode 100644 src/lib/libcrypto/man/X509_REVOKED_new.3 delete mode 100644 src/lib/libcrypto/man/X509_SIG_new.3 delete mode 100644 src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 delete mode 100644 src/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 delete mode 100644 src/lib/libcrypto/man/X509_STORE_CTX_new.3 delete mode 100644 src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 delete mode 100644 src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 delete mode 100644 src/lib/libcrypto/man/X509_STORE_get_by_subject.3 delete mode 100644 src/lib/libcrypto/man/X509_STORE_load_locations.3 delete mode 100644 src/lib/libcrypto/man/X509_STORE_new.3 delete mode 100644 src/lib/libcrypto/man/X509_STORE_set1_param.3 delete mode 100644 src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 delete mode 100644 src/lib/libcrypto/man/X509_TRUST_set.3 delete mode 100644 src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 delete mode 100644 src/lib/libcrypto/man/X509_add1_trust_object.3 delete mode 100644 src/lib/libcrypto/man/X509_check_ca.3 delete mode 100644 src/lib/libcrypto/man/X509_check_host.3 delete mode 100644 src/lib/libcrypto/man/X509_check_issued.3 delete mode 100644 src/lib/libcrypto/man/X509_check_private_key.3 delete mode 100644 src/lib/libcrypto/man/X509_check_purpose.3 delete mode 100644 src/lib/libcrypto/man/X509_check_trust.3 delete mode 100644 src/lib/libcrypto/man/X509_cmp.3 delete mode 100644 src/lib/libcrypto/man/X509_cmp_time.3 delete mode 100644 src/lib/libcrypto/man/X509_digest.3 delete mode 100644 src/lib/libcrypto/man/X509_find_by_subject.3 delete mode 100644 src/lib/libcrypto/man/X509_get0_notBefore.3 delete mode 100644 src/lib/libcrypto/man/X509_get0_signature.3 delete mode 100644 src/lib/libcrypto/man/X509_get1_email.3 delete mode 100644 src/lib/libcrypto/man/X509_get_pubkey.3 delete mode 100644 src/lib/libcrypto/man/X509_get_serialNumber.3 delete mode 100644 src/lib/libcrypto/man/X509_get_subject_name.3 delete mode 100644 src/lib/libcrypto/man/X509_get_version.3 delete mode 100644 src/lib/libcrypto/man/X509_keyid_set1.3 delete mode 100644 src/lib/libcrypto/man/X509_new.3 delete mode 100644 src/lib/libcrypto/man/X509_ocspid_print.3 delete mode 100644 src/lib/libcrypto/man/X509_policy_check.3 delete mode 100644 src/lib/libcrypto/man/X509_policy_tree_level_count.3 delete mode 100644 src/lib/libcrypto/man/X509_print_ex.3 delete mode 100644 src/lib/libcrypto/man/X509_sign.3 delete mode 100644 src/lib/libcrypto/man/X509_signature_dump.3 delete mode 100644 src/lib/libcrypto/man/X509_verify_cert.3 delete mode 100644 src/lib/libcrypto/man/X509v3_get_ext_by_NID.3 delete mode 100644 src/lib/libcrypto/man/bn_dump.3 delete mode 100644 src/lib/libcrypto/man/crypto.3 delete mode 100644 src/lib/libcrypto/man/d2i_ASN1_NULL.3 delete mode 100644 src/lib/libcrypto/man/d2i_ASN1_OBJECT.3 delete mode 100644 src/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3 delete mode 100644 src/lib/libcrypto/man/d2i_ASN1_SEQUENCE_ANY.3 delete mode 100644 src/lib/libcrypto/man/d2i_AUTHORITY_KEYID.3 delete mode 100644 src/lib/libcrypto/man/d2i_BASIC_CONSTRAINTS.3 delete mode 100644 src/lib/libcrypto/man/d2i_CMS_ContentInfo.3 delete mode 100644 src/lib/libcrypto/man/d2i_DHparams.3 delete mode 100644 src/lib/libcrypto/man/d2i_DIST_POINT.3 delete mode 100644 src/lib/libcrypto/man/d2i_DSAPublicKey.3 delete mode 100644 src/lib/libcrypto/man/d2i_ECPKParameters.3 delete mode 100644 src/lib/libcrypto/man/d2i_ESS_SIGNING_CERT.3 delete mode 100644 src/lib/libcrypto/man/d2i_GENERAL_NAME.3 delete mode 100644 src/lib/libcrypto/man/d2i_OCSP_REQUEST.3 delete mode 100644 src/lib/libcrypto/man/d2i_OCSP_RESPONSE.3 delete mode 100644 src/lib/libcrypto/man/d2i_PKCS12.3 delete mode 100644 src/lib/libcrypto/man/d2i_PKCS7.3 delete mode 100644 src/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 delete mode 100644 src/lib/libcrypto/man/d2i_PKCS8_PRIV_KEY_INFO.3 delete mode 100644 src/lib/libcrypto/man/d2i_PKEY_USAGE_PERIOD.3 delete mode 100644 src/lib/libcrypto/man/d2i_POLICYINFO.3 delete mode 100644 src/lib/libcrypto/man/d2i_PROXY_POLICY.3 delete mode 100644 src/lib/libcrypto/man/d2i_PrivateKey.3 delete mode 100644 src/lib/libcrypto/man/d2i_RSAPublicKey.3 delete mode 100644 src/lib/libcrypto/man/d2i_TS_REQ.3 delete mode 100644 src/lib/libcrypto/man/d2i_X509.3 delete mode 100644 src/lib/libcrypto/man/d2i_X509_ALGOR.3 delete mode 100644 src/lib/libcrypto/man/d2i_X509_ATTRIBUTE.3 delete mode 100644 src/lib/libcrypto/man/d2i_X509_CRL.3 delete mode 100644 src/lib/libcrypto/man/d2i_X509_EXTENSION.3 delete mode 100644 src/lib/libcrypto/man/d2i_X509_NAME.3 delete mode 100644 src/lib/libcrypto/man/d2i_X509_REQ.3 delete mode 100644 src/lib/libcrypto/man/d2i_X509_SIG.3 delete mode 100644 src/lib/libcrypto/man/des_read_pw.3 delete mode 100644 src/lib/libcrypto/man/evp.3 delete mode 100644 src/lib/libcrypto/man/get_rfc3526_prime_8192.3 delete mode 100644 src/lib/libcrypto/man/i2d_CMS_bio_stream.3 delete mode 100644 src/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 delete mode 100644 src/lib/libcrypto/man/lh_new.3 delete mode 100644 src/lib/libcrypto/man/lh_stats.3 delete mode 100644 src/lib/libcrypto/man/openssl.cnf.5 delete mode 100644 src/lib/libcrypto/man/x509_verify.3 delete mode 100644 src/lib/libcrypto/man/x509v3.cnf.5 (limited to 'src/lib/libcrypto/man') diff --git a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 deleted file mode 100644 index a53723fbfd..0000000000 --- a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 +++ /dev/null @@ -1,151 +0,0 @@ -.\" $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt ACCESS_DESCRIPTION_NEW 3 -.Os -.Sh NAME -.Nm ACCESS_DESCRIPTION_new , -.Nm ACCESS_DESCRIPTION_free , -.Nm AUTHORITY_INFO_ACCESS_new , -.Nm AUTHORITY_INFO_ACCESS_free -.Nd X.509 information access extensions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft ACCESS_DESCRIPTION * -.Fn ACCESS_DESCRIPTION_new void -.Ft void -.Fn ACCESS_DESCRIPTION_free "ACCESS_DESCRIPTION *ad" -.Ft AUTHORITY_INFO_ACCESS -.Fn AUTHORITY_INFO_ACCESS_new void -.Ft void -.Fn AUTHORITY_INFO_ACCESS_free "AUTHORITY_INFO_ACCESS *aia" -.Sh DESCRIPTION -Using the information access extensions, certificates and certificate -revocation lists can point to auxiliary information and services -available online, for example online validation services or CA -policy data. -.Pp -.Fn ACCESS_DESCRIPTION_new -allocates and initializes an empty -.Vt ACCESS_DESCRIPTION -object, representing an ASN.1 -.Vt AccessDescription -structure defined in RFC 5280 section 4.2.2.1. -It can hold a pointer to a -.Vt GENERAL_NAME -object documented in -.Xr GENERAL_NAME_new 3 -and an access method identifier. -.Fn ACCESS_DESCRIPTION_free -frees -.Fa ad . -.Pp -The access method identifier is somewhat misnamed; it identifies -the type and format of the information provided. -How to access that information is often obvious from the -.Vt GENERAL_NAME -which may for example include a uniform resource identifier. -.Pp -Four standard access method identifiers are defined in RFC 5280: -.Bl -bullet -.It -.Qq id-ad-caIssuers -can occur in the authority information access extension of certificates -and certificate revocation lists and provides access to certificates -issued to the CA that issued the certificate, or provides access -to certificates used for signing the CRL, in order to help constructing -a certification path. -.It -.Qq id-ad-ocsp -can occur in the authority information access extension of certificates -and provides access to revocation information via the Online -Certificate Status Protocol (OCSP) defined in RFC 6960. -.It -.Qq id-ad-caRepository -can occur in the subject information access extension of CA -certificates and provides access to an online repository of -certificates issued by the CA. -.It -.Qq id-ad-timeStamping -can occur in the subject information access extension of end entity -certificates and indicates that the subject offers timestamping -services using the Time Stamp Protocol defined in RFC 3161. -.El -.Pp -.Fn AUTHORITY_INFO_ACCESS_new -allocates and initializes an empty -.Vt AUTHORITY_INFO_ACCESS -object, which is a -.Vt STACK_OF(ACCESS_DESCRIPTION) -and represents an ASN.1 -.Vt AuthorityInfoAccessSyntax -structure defined in RFC 5280 section 4.2.2.1. -If can be used for the authority information access extension of -certificates and certificate revocation lists and for the subject -information access extension of certificates. -.Fn AUTHORITY_INFO_ACCESS_free -frees -.Fa aia . -.Sh RETURN VALUES -.Fn ACCESS_DESCRIPTION_new -and -.Fn AUTHORITY_INFO_ACCESS_new -return the new -.Vt ACCESS_DESCRIPTION -or -.Vt AUTHORITY_INFO_ACCESS -object, respectively, or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_ACCESS_DESCRIPTION 3 , -.Xr DIST_POINT_new 3 , -.Xr GENERAL_NAME_new 3 , -.Xr OCSP_REQUEST_new 3 , -.Xr TS_REQ_new 3 , -.Xr X509_CRL_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 -.Sh STANDARDS -These extensions are only defined in the following RFC and not -specified in the underlying X.509 standard. -.Pp -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile: -.Bl -dash -compact -.It -section 4.2.2.1: Certificate Extensions: Authority Information Access -.It -section 4.2.2.2: Certificate Extensions: Subject Information Access -.It -section 5.2.7: CRL Extensions: Authority Information Access -.El -.Pp -Regarding OCSP and TSP, see: -.Pp -RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate -Status Protocol -.Pp -RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol -.Sh HISTORY -.Fn ACCESS_DESCRIPTION_new , -.Fn ACCESS_DESCRIPTION_free , -.Fn AUTHORITY_INFO_ACCESS_new , -and -.Fn AUTHORITY_INFO_ACCESS_free -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/AES_encrypt.3 b/src/lib/libcrypto/man/AES_encrypt.3 deleted file mode 100644 index f022848a61..0000000000 --- a/src/lib/libcrypto/man/AES_encrypt.3 +++ /dev/null @@ -1,173 +0,0 @@ -.\" $OpenBSD: AES_encrypt.3,v 1.1 2019/08/28 10:37:42 schwarze Exp $ -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 28 2019 $ -.Dt AES_ENCRYPT 3 -.Os -.Sh NAME -.Nm AES_set_encrypt_key , -.Nm AES_set_decrypt_key , -.Nm AES_encrypt , -.Nm AES_decrypt , -.Nm AES_cbc_encrypt -.Nd low-level interface to the AES symmetric cipher -.Sh SYNOPSIS -.In openssl/aes.h -.Ft int -.Fo AES_set_encrypt_key -.Fa "const unsigned char *userKey" -.Fa "const int bits" -.Fa "AES_KEY *key" -.Fc -.Ft int -.Fo AES_set_decrypt_key -.Fa "const unsigned char *userKey" -.Fa "const int bits" -.Fa "AES_KEY *key" -.Fc -.Ft void -.Fo AES_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "const AES_KEY *key" -.Fc -.Ft void -.Fo AES_decrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "const AES_KEY *key" -.Fc -.Ft void -.Fo AES_cbc_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "size_t length" -.Fa "const AES_KEY *key" -.Fa "unsigned char *ivec" -.Fa "const int enc" -.Fc -.Sh DESCRIPTION -These function provide a low-level interface to the AES symmetric -cipher algorithm, also called Rijndael. -For reasons of flexibility, it is recommended that application -programs use the high-level interface described in -.Xr EVP_EncryptInit 3 -and -.Xr EVP_aes_128_cbc 3 -instead whenever possible. -.Pp -.Vt AES_KEY -is a structure that can hold up to 60 -.Vt int -values and a number of rounds. -.Pp -.Fn AES_set_encrypt_key -expands the -.Fa userKey , -which is -.Fa bits -long, into the -.Fa key -structure to prepare for encryption. -The number of bits and bytes read from -.Fa userKey , -the number of -.Vt int -values stored into -.Fa key , -and the number of rounds are as follows: -.Pp -.Bl -column bits bytes ints rounds -offset indent -compact -.It bits Ta bytes Ta ints Ta rounds -.It 128 Ta 16 Ta 44 Ta 10 -.It 192 Ta 24 Ta 52 Ta 12 -.It 256 Ta 32 Ta 60 Ta 14 -.El -.Pp -.Fn AES_set_decrypt_key -does the same, but in preparation for decryption. -.Pp -.Fn AES_encrypt -reads a single 16 byte block from -.Pf * Fa in , -encrypts it with the -.Fa key , -and writes the 16 resulting bytes to -.Pf * Fa out . -The 16 byte buffers starting at -.Fa in -and -.Fa out -can overlap, and -.Fa in -and -.Fa out -can even point to the same memory location. -.Pp -.Fn AES_decrypt -decrypts a single block and is otherwise identical to -.Fn AES_encrypt . -.Pp -If -.Fa enc -is non-zero, -.Fn AES_cbc_encrypt -encrypts -.Fa len -bytes at -.Fa in -to -.Fa out -using the 128 bit -.Fa key -and the 128 bit -initialization vector -.Fa ivec -in CBC mode. -If -.Fa enc -is 0, -.Fn AES_cbc_encrypt -performs the corresponding decryption. -.Sh RETURN VALUES -.Fn AES_set_encrypt_key -and -.Fn AES_set_decrypt_key -return 0 for success, -1 if -.Fa userKey -or -.Fa key -is -.Dv NULL , -or -2 if the number of -.Fa bits -is unsupported. -.Sh SEE ALSO -.Xr crypto 3 , -.Xr EVP_aes_128_cbc 3 , -.Xr EVP_EncryptInit 3 -.Sh STANDARDS -ISO/IEC 18033-3:2010 -Information technology \(em Security techniques \(em -Encryption algorithms \(em Part 3: Block ciphers -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . -.Sh AUTHORS -.An Vincent Rijmen -.An Antoon Bosselaers -.An Paulo Barreto diff --git a/src/lib/libcrypto/man/ASN1_INTEGER_get.3 b/src/lib/libcrypto/man/ASN1_INTEGER_get.3 deleted file mode 100644 index 72342ec1e0..0000000000 --- a/src/lib/libcrypto/man/ASN1_INTEGER_get.3 +++ /dev/null @@ -1,285 +0,0 @@ -.\" $OpenBSD: ASN1_INTEGER_get.3,v 1.3 2019/08/26 12:45:27 schwarze Exp $ -.\" selective merge up to: -.\" OpenSSL man3/ASN1_INTEGER_get_int64 df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018, 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 26 2019 $ -.Dt ASN1_INTEGER_GET 3 -.Os -.Sh NAME -.Nm ASN1_INTEGER_get , -.Nm ASN1_INTEGER_set , -.Nm BN_to_ASN1_INTEGER , -.Nm ASN1_INTEGER_to_BN , -.Nm i2a_ASN1_INTEGER , -.Nm ASN1_ENUMERATED_get , -.Nm ASN1_ENUMERATED_set , -.Nm BN_to_ASN1_ENUMERATED , -.Nm ASN1_ENUMERATED_to_BN -.Nd ASN.1 INTEGER and ENUMERATED utilities -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft long -.Fo ASN1_INTEGER_get -.Fa "const ASN1_INTEGER *a" -.Fc -.Ft int -.Fo ASN1_INTEGER_set -.Fa "ASN1_INTEGER *a" -.Fa "long v" -.Fc -.Ft ASN1_INTEGER * -.Fo BN_to_ASN1_INTEGER -.Fa "const BIGNUM *bn" -.Fa "ASN1_INTEGER *ai" -.Fc -.Ft BIGNUM * -.Fo ASN1_INTEGER_to_BN -.Fa "const ASN1_INTEGER *ai" -.Fa "BIGNUM *bn" -.Fc -.Ft int -.Fo i2a_ASN1_INTEGER -.Fa "BIO *out_bio" -.Fa "const ASN1_INTEGER *a" -.Fc -.Ft long -.Fo ASN1_ENUMERATED_get -.Fa "const ASN1_ENUMERATED *a" -.Fc -.Ft int -.Fo ASN1_ENUMERATED_set -.Fa "ASN1_ENUMERATED *a" -.Fa "long v" -.Fc -.Ft ASN1_ENUMERATED * -.Fo BN_to_ASN1_ENUMERATED -.Fa "const BIGNUM *bn" -.Fa "ASN1_ENUMERATED *ai" -.Fc -.Ft BIGNUM * -.Fo ASN1_ENUMERATED_to_BN -.Fa "const ASN1_ENUMERATED *ai" -.Fa "BIGNUM *bn" -.Fc -.Sh DESCRIPTION -These functions convert to and from -.Vt ASN1_INTEGER -and -.Vt ASN1_ENUMERATED -objects. -.Pp -.Fn ASN1_INTEGER_get -converts -.Fa a -to the -.Vt long -type. -.Pp -.Fn ASN1_INTEGER_set -sets the value of -.Fa a -to -.Fa v . -.Pp -.Fn BN_to_ASN1_INTEGER -converts -.Fa bn -to an -.Vt ASN1_INTEGER . -If -.Fa ai -is -.Dv NULL , -a new -.Vt ASN1_INTEGER -object is returned. -Otherwise, the existing object -.Fa ai -is used instead. -.Pp -.Fn ASN1_INTEGER_to_BN -converts -.Fa ai -into a -.Vt BIGNUM . -If -.Fa bn -is -.Dv NULL , -a new -.Vt BIGNUM -object is returned. -Otherwise, the existing object -.Fa bn -is used instead. -.Pp -.Fn i2a_ASN1_INTEGER -writes a hexadecimal representation of -.Fa a -to -.Fa out_bio . -The output optionally starts with a minus sign, -followed by an even number of upper case ASCII hexadecimal digits. -After each group of 70 digits, a backslash and a linefeed -are inserted before the next digit. -.Pp -.Fn ASN1_ENUMERATED_get , -.Fn ASN1_ENUMERATED_set , -.Fn BN_to_ASN1_ENUMERATED , -and -.Fn ASN1_ENUMERATED_to_BN -behave like their -.Vt ASN1_INTEGER -counterparts except that they operate on an -.Vt ASN1_ENUMERATED -object. -.Sh RETURN VALUES -.Fn ASN1_INTEGER_get -and -.Fn ASN1_ENUMERATED_get -return the converted value, 0 if -.Fa a -is -.Dv NULL , -or \-1 on error, which is ambiguous because \-1 is a legitimate -value for an -.Vt ASN1_INTEGER . -.Pp -.Fn ASN1_INTEGER_set -and -.Fn ASN1_ENUMERATED_set -return 1 for success or 0 for failure. -They only fail if a memory allocation error occurs. -.Pp -.Fn BN_to_ASN1_INTEGER -and -.Fn BN_to_ASN1_ENUMERATED -return an -.Vt ASN1_INTEGER -or -.Vt ASN1_ENUMERATED -object, respectively, or -.Dv NULL -if an error occurs. -They only fail due to memory allocation errors. -.Pp -.Fn ASN1_INTEGER_to_BN -and -.Fn ASN1_ENUMERATED_to_BN -return a -.Vt BIGNUM -object of -.Dv NULL -if an error occurs. -They can fail if the passed type is incorrect (due to a programming error) -or due to memory allocation failures. -.Pp -In case of success, -.Fn i2a_ASN1_INTEGER -returns the total number of bytes written, which is at least 2. -It returns 0 if -.Fa a -is -.Dv NULL -or -1 if -.Xr BIO_write 3 -fails. -.Sh SEE ALSO -.Xr ASN1_INTEGER_new 3 -.Sh HISTORY -.Fn ASN1_INTEGER_set -first appeared in SSLeay 0.5.1. -.Fn ASN1_INTEGER_get , -.Fn BN_to_ASN1_INTEGER , -.Fn ASN1_INTEGER_to_BN , -and -.Fn i2a_ASN1_INTEGER -first appeared in SSLeay 0.6.0. -These functions have been available since -.Ox 2.3 . -.Pp -.Fn ASN1_ENUMERATED_get , -.Fn ASN1_ENUMERATED_set , -.Fn BN_to_ASN1_ENUMERATED , -and -.Fn ASN1_ENUMERATED_to_BN -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . -.Sh CAVEATS -In general an -.Vt ASN1_INTEGER -or -.Vt ASN1_ENUMERATED -type can contain an integer of almost arbitrary size -and so cannot always be represented by a C -.Vt long -type. -The ambiguous return values of -.Fn ASN1_INTEGER_get -and -.Fn ASN1_ENUMERATED_get -imply that these functions should be avoided if possible. diff --git a/src/lib/libcrypto/man/ASN1_OBJECT_new.3 b/src/lib/libcrypto/man/ASN1_OBJECT_new.3 deleted file mode 100644 index cf48cccef9..0000000000 --- a/src/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ /dev/null @@ -1,142 +0,0 @@ -.\" $OpenBSD: ASN1_OBJECT_new.3,v 1.11 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL 99d63d4 Mar 19 12:28:58 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson. -.\" Copyright (c) 2002, 2006 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt ASN1_OBJECT_NEW 3 -.Os -.Sh NAME -.Nm ASN1_OBJECT_new , -.Nm ASN1_OBJECT_free -.Nd ASN.1 object identifiers -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_OBJECT * -.Fo ASN1_OBJECT_new -.Fa void -.Fc -.Ft void -.Fo ASN1_OBJECT_free -.Fa "ASN1_OBJECT *a" -.Fc -.Sh DESCRIPTION -.Fn ASN1_OBJECT_new -allocates and initializes an empty -.Vt ASN1_OBJECT -object, representing an ASN.1 OBJECT IDENTIFIER. -It can hold a short name, a long name, a numeric identifier (NID), -and a sequence of integers identifying a node in the International -Object Identifier tree as specified in ITU-T recommendation X.660. -The new object is marked as dynamically allocated. -.Pp -Application programs normally use utility functions like -.Xr OBJ_nid2obj 3 -rather than using -.Fn ASN1_OBJECT_new -directly. -.Pp -.Fn ASN1_OBJECT_free -has the following effects: -.Pp -All data contained in -.Fa a -that is marked as dynamically allocated is freed, -and the respective fields of -.Fa a -become empty. -Contained data not marked as dynamically allocated remains intact. -.Pp -If the object -.Fa a -itself is marked as dynamically allocated, it is freed. -Otherwise, the pointer -.Fa a -remains valid. -.Pp -If -.Fa a -is a -.Dv NULL -pointer or if neither the object itself nor any of its content -is marked as dynamically allocated, no action occurs. -.Sh RETURN VALUES -If the allocation fails, -.Fn ASN1_OBJECT_new -returns -.Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 . -Otherwise it returns a pointer to the new object. -.Sh SEE ALSO -.Xr ASN1_TYPE_get 3 , -.Xr d2i_ASN1_OBJECT 3 , -.Xr OBJ_nid2obj 3 -.Sh HISTORY -.Fn ASN1_OBJECT_new -and -.Fn ASN1_OBJECT_free -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 b/src/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 deleted file mode 100644 index c4ae6c9bfa..0000000000 --- a/src/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 +++ /dev/null @@ -1,101 +0,0 @@ -.\" $OpenBSD: ASN1_STRING_TABLE_add.3,v 1.4 2019/06/14 13:59:32 schwarze Exp $ -.\" OpenSSL ASN1_STRING_TABLE_add.pod 7b608d08 Jul 27 01:18:50 2017 +0800 -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt ASN1_STRING_TABLE_ADD 3 -.Os -.Sh NAME -.Nm ASN1_STRING_TABLE_add , -.Nm ASN1_STRING_TABLE_get , -.Nm ASN1_STRING_TABLE_cleanup -.Nd maintain the global ASN.1 string table -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft int -.Fo ASN1_STRING_TABLE_add -.Fa "int nid" -.Fa "long minsize" -.Fa "long maxsize" -.Fa "unsigned long mask" -.Fa "unsigned long flags" -.Fc -.Ft ASN1_STRING_TABLE * -.Fo ASN1_STRING_TABLE_get -.Fa "int nid" -.Fc -.Ft void -.Fn ASN1_STRING_TABLE_cleanup void -.Sh DESCRIPTION -The ASN.1 string table is a unique global object. -Each entry is of the type -.Vt ASN1_STRING_TABLE -and contains information about one NID object. -Some entries are predefined according to RFC 3280 appendix A.1. -.Pp -The function -.Fn ASN1_STRING_TABLE_add -changes the existing entry for -.Fa nid -or, if there is none, allocates a new entry. -Each field of the entry is modified according to the function argument -of the same name. -The -.Fa minsize -and -.Fa maxsize -arguments overwrite the existing fields unless they are \-1. -The -.Fa mask -argument always overwrites the existing field. -The bits set in the -.Fa flags -argument are OR'ed into the existing field. -No useful flags are currently defined, so passing 0 is recommended. -.Pp -The function -.Fn ASN1_STRING_TABLE_get -retrieves the entry for -.Fa nid . -.Pp -The function -.Fn ASN1_STRING_TABLE_cleanup -removes and frees all entries except the predefined ones. -.Sh RETURN VALUES -The -.Fn ASN1_STRING_TABLE_add -function returns 1 if successful; otherwise 0 is returned -and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Pp -.Fn ASN1_STRING_TABLE_get -returns a valid -.Vt ASN1_STRING_TABLE -structure or -.Dv NULL -if nothing is found. -.Sh SEE ALSO -.Xr ASN1_OBJECT_new 3 , -.Xr OBJ_nid2obj 3 -.Sh HISTORY -.Fn ASN1_STRING_TABLE_add , -.Fn ASN1_STRING_TABLE_get , -and -.Fn ASN1_STRING_TABLE_cleanup -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Sh BUGS -Most aspects of the semantics considerably differ from OpenSSL. diff --git a/src/lib/libcrypto/man/ASN1_STRING_length.3 b/src/lib/libcrypto/man/ASN1_STRING_length.3 deleted file mode 100644 index b87cf9987c..0000000000 --- a/src/lib/libcrypto/man/ASN1_STRING_length.3 +++ /dev/null @@ -1,358 +0,0 @@ -.\" $OpenBSD: ASN1_STRING_length.3,v 1.20 2019/08/26 07:59:02 schwarze Exp $ -.\" full merge up to: OpenSSL 4a56d2a3 Feb 25 16:49:27 2018 +0300 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018, 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson. -.\" Copyright (c) 2002, 2006, 2013, 2015, 2016, 2017 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 26 2019 $ -.Dt ASN1_STRING_LENGTH 3 -.Os -.Sh NAME -.Nm ASN1_STRING_cmp , -.Nm ASN1_OCTET_STRING_cmp , -.Nm ASN1_STRING_data , -.Nm ASN1_STRING_dup , -.Nm ASN1_OCTET_STRING_dup , -.Nm ASN1_STRING_get0_data , -.Nm ASN1_STRING_length , -.Nm ASN1_STRING_length_set , -.Nm ASN1_STRING_set , -.Nm ASN1_OCTET_STRING_set , -.Nm ASN1_STRING_to_UTF8 , -.Nm ASN1_STRING_type -.Nd ASN1_STRING utility functions -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft int -.Fo ASN1_STRING_cmp -.Fa "const ASN1_STRING *a" -.Fa "const ASN1_STRING *b" -.Fc -.Ft int -.Fo ASN1_OCTET_STRING_cmp -.Fa "const ASN1_OCTET_STRING *a" -.Fa "const ASN1_OCTET_STRING *b" -.Fc -.Ft unsigned char * -.Fo ASN1_STRING_data -.Fa "ASN1_STRING *x" -.Fc -.Ft ASN1_STRING * -.Fo ASN1_STRING_dup -.Fa "const ASN1_STRING *a" -.Fc -.Ft ASN1_OCTET_STRING * -.Fo ASN1_OCTET_STRING_dup -.Fa "const ASN1_OCTET_STRING *a" -.Fc -.Ft const unsigned char * -.Fo ASN1_STRING_get0_data -.Fa "const ASN1_STRING *x" -.Fc -.Ft int -.Fo ASN1_STRING_length -.Fa "const ASN1_STRING *x" -.Fc -.Ft void -.Fo ASN1_STRING_length_set -.Fa "ASN1_STRING *x" -.Fa "int len" -.Fc -.Ft int -.Fo ASN1_STRING_set -.Fa "ASN1_STRING *str" -.Fa "const void *data" -.Fa "int len" -.Fc -.Ft int -.Fo ASN1_OCTET_STRING_set -.Fa "ASN1_OCTET_STRING *str" -.Fa "const unsigned char *data" -.Fa "int len" -.Fc -.Ft int -.Fo ASN1_STRING_to_UTF8 -.Fa "unsigned char **out" -.Fa "const ASN1_STRING *in" -.Fc -.Ft int -.Fo ASN1_STRING_type -.Fa "const ASN1_STRING *x" -.Fc -.Sh DESCRIPTION -These functions manipulate -.Vt ASN1_STRING -structures. -.Pp -.Fn ASN1_STRING_cmp -and -.Fn ASN1_OCTET_STRING_cmp -compare the type, the length, and the content of -.Fa a -and -.Fa b . -.Pp -.Fn ASN1_STRING_data -is similar to -.Fn ASN1_STRING_get0_data -except that the returned value is not constant. -This function is deprecated. -Applications should use -.Fn ASN1_STRING_get0_data -instead. -.Pp -.Fn ASN1_STRING_dup -and -.Fn ASN1_OCTET_STRING_dup -copy -.Fa a . -.Pp -.Fn ASN1_STRING_get0_data -returns an internal pointer to the data of -.Fa x . -It should not be freed or modified in any way. -.Pp -.Fn ASN1_STRING_length -returns the length attribute of -.Fa x , -measured in bytes. -.Pp -.Fn ASN1_STRING_length_set -sets the length attribute of -.Fa x -to -.Fa len . -It may put -.Fa x -into an inconsistent internal state. -.Pp -.Fn ASN1_STRING_set -and -.Fn ASN1_OCTET_STRING_set -set the length attribute of -.Fa str -to -.Fa len -and copy that number of bytes from -.Fa data -into -.Fa str . -If -.Fa len -is -1, then -.Fn strlen data -is used instead of -.Fa len . -If -.Fa data -is -.Dv NULL , -the content of -.Fa str -remains uninitialized; that is not considered an error unless -.Fa len -is negative. -.Pp -.Fn ASN1_STRING_to_UTF8 -converts the string -.Fa in -to UTF-8 format. -The converted data is copied into a newly allocated buffer -.Pf * Fa out . -The buffer -.Pf * Fa out -should be freed using -.Xr free 3 . -.Pp -.Fn ASN1_STRING_type -returns the type of -.Fa x . -.Pp -Almost all ASN.1 types are represented as -.Vt ASN1_STRING -structures. -Other types such as -.Vt ASN1_OCTET_STRING -are simply typedefed to -.Vt ASN1_STRING -and the functions call the -.Vt ASN1_STRING -equivalents. -.Vt ASN1_STRING -is also used for some CHOICE types which consist entirely of primitive -string types such as -.Vt DirectoryString -and -.Vt Time . -.Pp -These functions should -.Em not -be used to examine or modify -.Vt ASN1_INTEGER -or -.Vt ASN1_ENUMERATED -types: the relevant INTEGER or ENUMERATED utility functions should -be used instead. -.Pp -In general it cannot be assumed that the data returned by -.Fn ASN1_STRING_get0_data -and -.Fn ASN1_STRING_data -is NUL terminated, and it may contain embedded NUL characters. -The format of the data depends on the string type: -for example for an -.Vt IA5String -the data contains ASCII characters, for a -.Vt BMPString -two bytes per character in big endian format, and for a -.Vt UTF8String -UTF-8 characters. -.Pp -Similar care should be taken to ensure the data is in the correct format -when calling -.Fn ASN1_STRING_set . -.Sh RETURN VALUES -.Fn ASN1_STRING_cmp -and -.Fn ASN1_OCTET_STRING_cmp -return 0 if the type, the length, and the content of -.Fa a -and -.Fa b -agree, or a non-zero value otherwise. -In contrast to -.Xr strcmp 3 , -the sign of the return value does not indicate lexicographical ordering. -.Pp -.Fn ASN1_STRING_data -and -.Fn ASN1_STRING_get0_data -return an internal pointer to the data of -.Fa x . -.Pp -.Fn ASN1_STRING_dup -and -.Fn ASN1_OCTET_STRING_dup -return a pointer to a newly allocated -.Vt ASN1_STRING -structure or -.Dv NULL -if an error occurred. -.Pp -.Fn ASN1_STRING_length -returns a number of bytes. -.Pp -.Fn ASN1_STRING_set -and -.Fn ASN1_OCTET_STRING_set -return 1 on success or 0 on failure. -.Pp -.Fn ASN1_STRING_to_UTF8 -returns the number of bytes in the output buffer -.Pf * Fa out , -or a negative number if an error occurred. -.Pp -.Fn ASN1_STRING_type -returns an integer constant, for example -.Dv V_ASN1_OCTET_STRING . -.Pp -In some cases of failure of -.Fn ASN1_STRING_dup , -.Fn ASN1_STRING_set , -and -.Fn ASN1_STRING_to_UTF8 , -the reason can be determined with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr ASN1_STRING_new 3 -.Sh HISTORY -.Fn ASN1_STRING_cmp , -.Fn ASN1_STRING_dup , -.Fn ASN1_STRING_set , -and -.Fn ASN1_OCTET_STRING_set -first appeared in SSLeay 0.6.5. -.Fn ASN1_OCTET_STRING_cmp , -.Fn ASN1_STRING_data , -.Fn ASN1_OCTET_STRING_dup , -and -.Fn ASN1_STRING_type -first appeared in SSLeay 0.8.0. -.Fn ASN1_STRING_length -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn ASN1_STRING_length_set -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn ASN1_STRING_to_UTF8 -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . -.Pp -.Fn ASN1_STRING_get0_data -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/ASN1_STRING_new.3 b/src/lib/libcrypto/man/ASN1_STRING_new.3 deleted file mode 100644 index 46325f3968..0000000000 --- a/src/lib/libcrypto/man/ASN1_STRING_new.3 +++ /dev/null @@ -1,294 +0,0 @@ -.\" $OpenBSD: ASN1_STRING_new.3,v 1.17 2019/06/14 13:59:32 schwarze Exp $ -.\" OpenSSL 99d63d46 Tue Mar 24 07:52:24 2015 -0400 -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt ASN1_STRING_NEW 3 -.Os -.Sh NAME -.Nm ASN1_STRING_new , -.Nm ASN1_STRING_type_new , -.Nm ASN1_STRING_free , -.Nm ASN1_OCTET_STRING_new , -.Nm ASN1_OCTET_STRING_free , -.Nm ASN1_BIT_STRING_new , -.Nm ASN1_BIT_STRING_free , -.Nm ASN1_INTEGER_new , -.Nm ASN1_INTEGER_free , -.Nm ASN1_ENUMERATED_new , -.Nm ASN1_ENUMERATED_free , -.Nm ASN1_UTF8STRING_new , -.Nm ASN1_UTF8STRING_free , -.Nm ASN1_IA5STRING_new , -.Nm ASN1_IA5STRING_free , -.Nm ASN1_UNIVERSALSTRING_new , -.Nm ASN1_UNIVERSALSTRING_free , -.Nm ASN1_BMPSTRING_new , -.Nm ASN1_BMPSTRING_free , -.Nm ASN1_GENERALSTRING_new , -.Nm ASN1_GENERALSTRING_free , -.Nm ASN1_T61STRING_new , -.Nm ASN1_T61STRING_free , -.Nm ASN1_VISIBLESTRING_new , -.Nm ASN1_VISIBLESTRING_free , -.Nm ASN1_PRINTABLESTRING_new , -.Nm ASN1_PRINTABLESTRING_free , -.Nm ASN1_PRINTABLE_new , -.Nm ASN1_PRINTABLE_free , -.Nm DIRECTORYSTRING_new , -.Nm DIRECTORYSTRING_free , -.Nm DISPLAYTEXT_new , -.Nm DISPLAYTEXT_free , -.Nm ASN1_GENERALIZEDTIME_new , -.Nm ASN1_GENERALIZEDTIME_free , -.Nm ASN1_UTCTIME_new , -.Nm ASN1_UTCTIME_free , -.Nm ASN1_TIME_new , -.Nm ASN1_TIME_free -.Nd allocate and free ASN1_STRING objects -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_STRING * -.Fn ASN1_STRING_new void -.Ft ASN1_STRING * -.Fn ASN1_STRING_type_new "int type" -.Ft void -.Fn ASN1_STRING_free "ASN1_STRING *a" -.Ft ASN1_OCTET_STRING * -.Fn ASN1_OCTET_STRING_new void -.Ft void -.Fn ASN1_OCTET_STRING_free "ASN1_OCTET_STRING *a" -.Ft ASN1_BIT_STRING * -.Fn ASN1_BIT_STRING_new void -.Ft void -.Fn ASN1_BIT_STRING_free "ASN1_BIT_STRING *a" -.Ft ASN1_INTEGER * -.Fn ASN1_INTEGER_new void -.Ft void -.Fn ASN1_INTEGER_free "ASN1_INTEGER *a" -.Ft ASN1_ENUMERATED * -.Fn ASN1_ENUMERATED_new void -.Ft void -.Fn ASN1_ENUMERATED_free "ASN1_ENUMERATED *a" -.Ft ASN1_UTF8STRING * -.Fn ASN1_UTF8STRING_new void -.Ft void -.Fn ASN1_UTF8STRING_free "ASN1_UTF8STRING *a" -.Ft ASN1_IA5STRING * -.Fn ASN1_IA5STRING_new void -.Ft void -.Fn ASN1_IA5STRING_free "ASN1_IA5STRING *a" -.Ft ASN1_UNIVERSALSTRING * -.Fn ASN1_UNIVERSALSTRING_new void -.Ft void -.Fn ASN1_UNIVERSALSTRING_free "ASN1_UNIVERSALSTRING *a" -.Ft ASN1_BMPSTRING * -.Fn ASN1_BMPSTRING_new void -.Ft void -.Fn ASN1_BMPSTRING_free "ASN1_BMPSTRING *a" -.Ft ASN1_GENERALSTRING * -.Fn ASN1_GENERALSTRING_new void -.Ft void -.Fn ASN1_GENERALSTRING_free "ASN1_GENERALSTRING *a" -.Ft ASN1_T61STRING * -.Fn ASN1_T61STRING_new void -.Ft void -.Fn ASN1_T61STRING_free "ASN1_T61STRING *a" -.Ft ASN1_VISIBLESTRING * -.Fn ASN1_VISIBLESTRING_new void -.Ft void -.Fn ASN1_VISIBLESTRING_free "ASN1_VISIBLESTRING *a" -.Ft ASN1_PRINTABLESTRING * -.Fn ASN1_PRINTABLESTRING_new void -.Ft void -.Fn ASN1_PRINTABLESTRING_free "ASN1_PRINTABLESTRING *a" -.Ft ASN1_STRING * -.Fn ASN1_PRINTABLE_new void -.Ft void -.Fn ASN1_PRINTABLE_free "ASN1_STRING *a" -.Ft ASN1_STRING * -.Fn DIRECTORYSTRING_new void -.Ft void -.Fn DIRECTORYSTRING_free "ASN1_STRING *a" -.Ft ASN1_STRING * -.Fn DISPLAYTEXT_new void -.Ft void -.Fn DISPLAYTEXT_free "ASN1_STRING *a" -.Ft ASN1_GENERALIZEDTIME * -.Fn ASN1_GENERALIZEDTIME_new void -.Ft void -.Fn ASN1_GENERALIZEDTIME_free "ASN1_GENERALIZEDTIME *a" -.Ft ASN1_UTCTIME * -.Fn ASN1_UTCTIME_new void -.Ft void -.Fn ASN1_UTCTIME_free "ASN1_UTCTIME *a" -.Ft ASN1_TIME * -.Fn ASN1_TIME_new void -.Ft void -.Fn ASN1_TIME_free "ASN1_TIME *a" -.Sh DESCRIPTION -The -.Vt ASN1_STRING -object can represent a variety of ASN.1 built-in types. -It can store a type and a value. -.Pp -All the -.Fn *_new -functions -allocate and initialize an empty -.Vt ASN1_STRING -object. -The following table shows the type assigned to the new object, -and which ASN.1 type it represents. -.Bl -column "ASN1_GENERALIZEDTIME_new()" "V_ASN1_GENERALIZEDTIME" -.It Em constructor function Ta Em OpenSSL type Ta Em ASN.1 type -.It Ta -.It Fn ASN1_STRING_new Ta Dv V_ASN1_OCTET_STRING -.It Fn ASN1_STRING_type_new Ta Fa type No argument -.It Ta -.It Fn ASN1_OCTET_STRING_new Ta Dv V_ASN1_OCTET_STRING Ta OCTET STRING -.It Fn ASN1_BIT_STRING_new Ta Dv V_ASN1_BIT_STRING Ta BIT STRING -.It Fn ASN1_INTEGER_new Ta Dv V_ASN1_INTEGER Ta INTEGER -.It Fn ASN1_ENUMERATED_new Ta Dv V_ASN1_ENUMERATED Ta ENUMERATED -.It Ta -.It Fn ASN1_UTF8STRING_new Ta Dv V_ASN1_UTF8STRING Ta UTF8String -.It Fn ASN1_IA5STRING_new Ta Dv V_ASN1_IA5STRING Ta IA5String -.It Ta -.It Fn ASN1_UNIVERSALSTRING_new Ta Dv V_ASN1_UNIVERSALSTRING Ta UniversalString -.It Fn ASN1_BMPSTRING_new Ta Dv V_ASN1_BMPSTRING Ta BMPString -.It Fn ASN1_GENERALSTRING_new Ta Dv V_ASN1_GENERALSTRING Ta GeneralString -.It Fn ASN1_T61STRING_new Ta Dv V_ASN1_T61STRING Ta T61String -.It Fn ASN1_VISIBLESTRING_new Ta Dv V_ASN1_VISIBLESTRING Ta VisibleString -.It Fn ASN1_PRINTABLESTRING_new Ta Dv V_ASN1_PRINTABLESTRING Ta PrintableString -.It Ta -.It Fn ASN1_PRINTABLE_new Ta Dv V_ASN1_UNDEF -.It Fn DIRECTORYSTRING_new Ta Dv V_ASN1_UNDEF -.It Fn DISPLAYTEXT_new Ta Dv V_ASN1_UNDEF -.It Ta -.It Fn ASN1_GENERALIZEDTIME_new Ta Dv V_ASN1_GENERALIZEDTIME Ta GeneralizedTime -.It Fn ASN1_UTCTIME_new Ta Dv V_ASN1_UTCTIME Ta UTCTime -.It Fn ASN1_TIME_new Ta Dv V_ASN1_UNDEF Ta TIME -.El -.Pp -All the -.Fn *_free -functions free -.Fa a -including any data contained in it. -If -.Fa a -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -All the -.Fn *_new -functions return the new -.Vt ASN1_STRING -object if successful; otherwise -.Dv NULL -is returned and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr ASN1_INTEGER_get 3 , -.Xr ASN1_STRING_length 3 , -.Xr ASN1_STRING_print_ex 3 , -.Xr ASN1_time_parse 3 , -.Xr ASN1_TIME_set 3 , -.Xr ASN1_TYPE_get 3 , -.Xr d2i_ASN1_OBJECT 3 , -.Xr d2i_ASN1_OCTET_STRING 3 , -.Xr X509_cmp_time 3 , -.Xr X509_EXTENSION_get_object 3 , -.Xr X509_get_ext_by_OBJ 3 , -.Xr X509_NAME_ENTRY_get_object 3 -.Sh HISTORY -.Fn ASN1_OCTET_STRING_new , -.Fn ASN1_OCTET_STRING_free , -.Fn ASN1_BIT_STRING_new , -.Fn ASN1_BIT_STRING_free , -.Fn ASN1_INTEGER_new , -.Fn ASN1_INTEGER_free , -.Fn ASN1_IA5STRING_new , -.Fn ASN1_IA5STRING_free , -.Fn ASN1_T61STRING_new , -.Fn ASN1_T61STRING_free , -.Fn ASN1_PRINTABLESTRING_new , -.Fn ASN1_PRINTABLESTRING_free , -.Fn ASN1_PRINTABLE_new , -.Fn ASN1_PRINTABLE_free , -.Fn ASN1_UTCTIME_new , -and -.Fn ASN1_UTCTIME_free -first appeared in SSLeay 0.5.1. -.Fn ASN1_STRING_new , -.Fn ASN1_STRING_type_new , -and -.Fn ASN1_STRING_free -first appeared in SSLeay 0.6.5. -.Fn ASN1_UNIVERSALSTRING_new , -.Fn ASN1_UNIVERSALSTRING_free , -.Fn ASN1_GENERALSTRING_new , -and -.Fn ASN1_GENERALSTRING_free -first appeared in SSLeay 0.8.0. -.Fn ASN1_BMPSTRING_new , -.Fn ASN1_BMPSTRING_free , -.Fn ASN1_GENERALIZEDTIME_new , -and -.Fn ASN1_GENERALIZEDTIME_free -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn ASN1_ENUMERATED_new , -.Fn ASN1_ENUMERATED_free , -.Fn ASN1_TIME_new , -and -.Fn ASN1_TIME_free -first appeared in OpenSSL 0.9.2b. -.Fn ASN1_UTF8STRING_new , -.Fn ASN1_UTF8STRING_free , -.Fn ASN1_VISIBLESTRING_new , -.Fn ASN1_VISIBLESTRING_free , -.Fn DIRECTORYSTRING_new , -.Fn DIRECTORYSTRING_free , -.Fn DISPLAYTEXT_new , -and -.Fn DISPLAYTEXT_free -first appeared in OpenSSL 0.9.3. -These functions have been available since -.Ox 2.6 . -.Sh BUGS -.Vt ASN1_OCTET_STRING , -.Vt ASN1_BIT_STRING , -.Vt ASN1_INTEGER , -.Vt ASN1_ENUMERATED , -.Vt ASN1_UTF8STRING , -.Vt ASN1_IA5STRING , -.Vt ASN1_UNIVERSALSTRING , -.Vt ASN1_BMPSTRING , -.Vt ASN1_GENERALSTRING , -.Vt ASN1_T61STRING , -.Vt ASN1_VISIBLESTRING , -.Vt ASN1_PRINTABLESTRING , -.Vt ASN1_GENERALIZEDTIME , -.Vt ASN1_UTCTIME , -and -.Vt ASN1_TIME -are merely typedef aliases of -.Vt ASN1_STRING -and provide no type safety whatsoever. diff --git a/src/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/src/lib/libcrypto/man/ASN1_STRING_print_ex.3 deleted file mode 100644 index 2d48a42c4d..0000000000 --- a/src/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ /dev/null @@ -1,240 +0,0 @@ -.\" $OpenBSD: ASN1_STRING_print_ex.3,v 1.17 2021/07/11 19:03:45 schwarze Exp $ -.\" full merge up to: OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Dr. Stephen Henson. -.\" Copyright (c) 2002, 2004, 2007, 2013, 2016, 2017 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 11 2021 $ -.Dt ASN1_STRING_PRINT_EX 3 -.Os -.Sh NAME -.Nm ASN1_STRING_print_ex , -.Nm ASN1_STRING_print_ex_fp , -.Nm ASN1_STRING_print , -.Nm ASN1_tag2str -.Nd ASN1_STRING output routines -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft int -.Fo ASN1_STRING_print_ex -.Fa "BIO *out" -.Fa "const ASN1_STRING *str" -.Fa "unsigned long flags" -.Fc -.Ft int -.Fo ASN1_STRING_print_ex_fp -.Fa "FILE *fp" -.Fa "const ASN1_STRING *str" -.Fa "unsigned long flags" -.Fc -.Ft int -.Fo ASN1_STRING_print -.Fa "BIO *out" -.Fa "const ASN1_STRING *str" -.Fc -.Ft const char * -.Fo ASN1_tag2str -.Fa "int tag" -.Fc -.Sh DESCRIPTION -These functions output an -.Vt ASN1_STRING -structure. -.Vt ASN1_STRING -is used to -represent all the ASN.1 string types. -.Pp -.Fn ASN1_STRING_print_ex -outputs -.Fa str -to -.Fa out , -the format being determined by the options -.Fa flags . -.Fn ASN1_STRING_print_ex_fp -is identical except it outputs to -.Fa fp -instead. -.Pp -.Fn ASN1_STRING_print -prints -.Fa str -to -.Fa out -but using a different format to -.Fn ASN1_STRING_print_ex . -It replaces unprintable characters (other than CR, LF) with -.Sq \&. . -.Pp -.Fn ASN1_tag2str -returns a human-readable name of the specified ASN.1 -.Fa tag . -.Pp -.Fn ASN1_STRING_print -is a deprecated function which should be avoided; use -.Fn ASN1_STRING_print_ex -instead. -.Pp -Although there are a large number of options, -.Dv ASN1_STRFLGS_RFC2253 -is often suitable, or on UTF-8 terminals -.Dv ASN1_STRFLGS_RFC2253 -and -.Pf ~ Dv ASN1_STRFLGS_ESC_MSB . -.Pp -The complete set of supported options for -.Fa flags -is listed below. -.Pp -Various characters can be escaped. -If -.Dv ASN1_STRFLGS_ESC_2253 -is set, the characters determined by RFC 2253 are escaped. -If -.Dv ASN1_STRFLGS_ESC_CTRL -is set, control characters are escaped. -If -.Dv ASN1_STRFLGS_ESC_MSB -is set, characters with the MSB set are escaped: this option should -.Em not -be used if the terminal correctly interprets UTF-8 sequences. -.Pp -Escaping takes several forms. -If the character being escaped is a 16-bit character then the form "\eUXXXX" -is used using exactly four characters for the hex representation. -If it is 32 bits then "\eWXXXXXXXX" is used using eight characters -of its hex representation. -These forms will only be used if UTF-8 conversion is not set (see below). -.Pp -Printable characters are normally escaped using the backslash -.Pq Sq \e -character. -If -.Dv ASN1_STRFLGS_ESC_QUOTE -is set, then the whole string is instead surrounded by double quote -characters: this is arguably more readable than the backslash notation. -Other characters use the "\eXX" using exactly two characters of the hex -representation. -.Pp -If -.Dv ASN1_STRFLGS_UTF8_CONVERT -is set, then characters are converted to UTF-8 format first. -If the terminal supports the display of UTF-8 sequences then this -option will correctly display multi-byte characters. -.Pp -If -.Dv ASN1_STRFLGS_IGNORE_TYPE -is set, then the string type is not interpreted at all: -everything is assumed to be one byte per character. -This is primarily for debugging purposes and can result -in confusing output in multi-character strings. -.Pp -If -.Dv ASN1_STRFLGS_SHOW_TYPE -is set, then the string type itself is printed before its value -(for example "BMPSTRING"), using -.Fn ASN1_tag2str . -.Pp -Instead of being interpreted the contents of a string can be "dumped": -this just outputs the value of the string using the form #XXXX -using hex format for each octet. -.Pp -If -.Dv ASN1_STRFLGS_DUMP_ALL -is set, then any type is dumped. -.Pp -Normally non-character string types (such as OCTET STRING) -are assumed to be one byte per character; if -.Dv ASN1_STRFLGS_DUMP_UNKNOWN -is set, then they will be dumped instead. -.Pp -When a type is dumped normally just the content octets are printed; if -.Dv ASN1_STRFLGS_DUMP_DER -is set, then the complete encoding is dumped -instead (including tag and length octets). -.Pp -.Dv ASN1_STRFLGS_RFC2253 -includes all the flags required by RFC 2253. -It is equivalent to -.Dv ASN1_STRFLGS_ESC_2253 | -.Dv ASN1_STRFLGS_ESC_CTRL | -.Dv ASN1_STRFLGS_ESC_MSB | -.Dv ASN1_STRFLGS_UTF8_CONVERT | -.Dv ASN1_STRFLGS_DUMP_UNKNOWN | -.Dv ASN1_STRFLGS_DUMP_DER . -.Sh RETURN VALUES -.Fn ASN1_STRING_print_ex -and -.Fn ASN1_STRING_print_ex_fp -return the number of characters written or \-1 if an error occurred. -.Pp -.Fn ASN1_STRING_print -returns 1 on success or 0 on error. -.Pp -.Fn ASN1_tag2str -returns a static string. -.Sh SEE ALSO -.Xr ASN1_parse_dump 3 , -.Xr ASN1_STRING_new 3 , -.Xr X509_NAME_print_ex 3 , -.Xr X509_signature_dump 3 -.Sh HISTORY -.Fn ASN1_STRING_print -first appeared in SSLeay 0.6.5 and has been available since -.Ox 2.4 . -.Pp -.Fn ASN1_tag2str -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn ASN1_STRING_print_ex -and -.Fn ASN1_STRING_print_ex_fp -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . diff --git a/src/lib/libcrypto/man/ASN1_TIME_set.3 b/src/lib/libcrypto/man/ASN1_TIME_set.3 deleted file mode 100644 index 7aa3009207..0000000000 --- a/src/lib/libcrypto/man/ASN1_TIME_set.3 +++ /dev/null @@ -1,466 +0,0 @@ -.\" $OpenBSD: ASN1_TIME_set.3,v 1.15 2019/06/06 01:06:58 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 -.\" -.\" This file was written by Dr. Stephen Henson -.\" and Todd Short . -.\" Copyright (c) 2015, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt ASN1_TIME_SET 3 -.Os -.Sh NAME -.Nm ASN1_TIME_set , -.Nm ASN1_UTCTIME_set , -.Nm ASN1_GENERALIZEDTIME_set , -.Nm ASN1_TIME_adj , -.Nm ASN1_UTCTIME_adj , -.Nm ASN1_GENERALIZEDTIME_adj , -.Nm ASN1_TIME_set_string , -.Nm ASN1_UTCTIME_set_string , -.Nm ASN1_GENERALIZEDTIME_set_string , -.Nm ASN1_TIME_check , -.Nm ASN1_UTCTIME_check , -.Nm ASN1_GENERALIZEDTIME_check , -.Nm ASN1_TIME_print , -.Nm ASN1_UTCTIME_print , -.Nm ASN1_GENERALIZEDTIME_print , -.Nm ASN1_UTCTIME_cmp_time_t , -.Nm ASN1_TIME_to_generalizedtime -.Nd ASN.1 Time functions -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_TIME * -.Fo ASN1_TIME_set -.Fa "ASN1_TIME *s" -.Fa "time_t t" -.Fc -.Ft ASN1_UTCTIME * -.Fo ASN1_UTCTIME_set -.Fa "ASN1_UTCTIME *s" -.Fa "time_t t" -.Fc -.Ft ASN1_GENERALIZEDTIME * -.Fo ASN1_GENERALIZEDTIME_set -.Fa "ASN1_GENERALIZEDTIME *s" -.Fa "time_t t" -.Fc -.Ft ASN1_TIME * -.Fo ASN1_TIME_adj -.Fa "ASN1_TIME *s" -.Fa "time_t t" -.Fa "int offset_day" -.Fa "long offset_sec" -.Fc -.Ft ASN1_UTCTIME * -.Fo ASN1_UTCTIME_adj -.Fa "ASN1_UTCTIME *s" -.Fa "time_t t" -.Fa "int offset_day" -.Fa "long offset_sec" -.Fc -.Ft ASN1_GENERALIZEDTIME * -.Fo ASN1_GENERALIZEDTIME_adj -.Fa "ASN1_GENERALIZEDTIME *s" -.Fa "time_t t" -.Fa "int offset_day" -.Fa "long offset_sec" -.Fc -.Ft int -.Fo ASN1_TIME_set_string -.Fa "ASN1_TIME *s" -.Fa "const char *str" -.Fc -.Ft int -.Fo ASN1_UTCTIME_set_string -.Fa "ASN1_UTCTIME *s" -.Fa "const char *str" -.Fc -.Ft int -.Fo ASN1_GENERALIZEDTIME_set_string -.Fa "ASN1_GENERALIZEDTIME *s" -.Fa "const char *str" -.Fc -.Ft int -.Fo ASN1_TIME_check -.Fa "const ASN1_TIME *t" -.Fc -.Ft int -.Fo ASN1_UTCTIME_check -.Fa "const ASN1_UTCTIME *t" -.Fc -.Ft int -.Fo ASN1_GENERALIZEDTIME_check -.Fa "const ASN1_GENERALIZEDTIME *t" -.Fc -.Ft int -.Fo ASN1_TIME_print -.Fa "BIO *b" -.Fa "const ASN1_TIME *s" -.Fc -.Ft int -.Fo ASN1_UTCTIME_print -.Fa "BIO *b" -.Fa "const ASN1_UTCTIME *s" -.Fc -.Ft int -.Fo ASN1_GENERALIZEDTIME_print -.Fa "BIO *b" -.Fa "const ASN1_GENERALIZEDTIME *s" -.Fc -.Ft int -.Fo ASN1_UTCTIME_cmp_time_t -.Fa "const ASN1_UTCTIME *s" -.Fa "time_t t" -.Fc -.Ft ASN1_GENERALIZEDTIME * -.Fo ASN1_TIME_to_generalizedtime -.Fa "const ASN1_TIME *t" -.Fa "ASN1_GENERALIZEDTIME **out" -.Fc -.Sh DESCRIPTION -The functions -.Fn ASN1_TIME_set , -.Fn ASN1_UTCTIME_set , -and -.Fn ASN1_GENERALIZEDTIME_set -set the time structure -.Fa s -to the time represented by the -.Vt time_t -value -.Fa t . -If -.Fa s -is -.Dv NULL , -a new time structure is allocated and returned. -.Pp -The functions -.Fn ASN1_TIME_adj , -.Fn ASN1_UTCTIME_adj , -and -.Fn ASN1_GENERALIZEDTIME_adj -set the time structure -.Fa s -to the time represented by the time -.Fa offset_day -and -.Fa offset_sec -after the -.Vt time_t -value -.Fa t . -The values of -.Fa offset_day -or -.Fa offset_sec -can be negative to set a time before -.Fa t . -The -.Fa offset_sec -value can also exceed the number of seconds in a day. -If -.Fa s -is -.Dv NULL , -a new time structure is allocated and returned. -.Pp -.Fn ASN1_TIME_adj -may change the type from -.Vt ASN1_GENERALIZEDTIME -to -.Vt ASN1_UTCTIME -or vice versa depending on the resulting year. -The functions -.Fn ASN1_UTCTIME_adj -and -.Fn ASN1_GENERALIZEDTIME_adj -do not modify the type of the return structure. -.Pp -The functions -.Fn ASN1_TIME_set_string , -.Fn ASN1_UTCTIME_set_string , -and -.Fn ASN1_GENERALIZEDTIME_set_string -set the time structure -.Fa s -to the time represented by the string -.Fa str , -which must be in appropriate ASN.1 time format (for example -YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). -The string -.Fa str -is copied into -.Fa s . -If -.Fa s -is -.Dv NULL , -these functions only perform a format check on -.Fa str . -.Pp -The functions -.Fn ASN1_TIME_check , -.Fn ASN1_UTCTIME_check , -and -.Fn ASN1_GENERALIZEDTIME_check -check the syntax of the time structure -.Fa s . -.Pp -The functions -.Fn ASN1_TIME_print , -.Fn ASN1_UTCTIME_print , -and -.Fn ASN1_GENERALIZEDTIME_print -print out the time -.Fa s -to -.Vt BIO -.Fa b -in human readable format. -It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example "Feb 3 -00:55:52 2015 GMT". -It does not include a newline. -If the time structure has an invalid format, -it prints out "Bad time value" and returns an error. -The output of -.Fn ASN1_GENERALIZEDTIME_print -may include a fractional part following the second. -.Pp -The function -.Fn ASN1_UTCTIME_cmp_time_t -compares the two times represented by -.Fa s -and -.Fa t . -.Pp -The function -.Fn ASN1_TIME_to_generalizedtime -converts the -.Vt ASN1_TIME -.Fa t -to an -.Vt ASN1_GENERALIZEDTIME , -regardless of year. -If either -.Fa out -or -.Pf * Fa out -is -.Dv NULL , -then a new object is allocated and must be freed after use. -.Pp -The -.Vt ASN1_TIME -structure corresponds to the ASN.1 structure -.Sy Time -defined in RFC 5280 et al. -The time setting functions obey the rules outlined in RFC 5280: if the -date can be represented by UTCTime it is used, otherwise GeneralizedTime is -used. -.Pp -The -.Vt ASN1_TIME , -.Vt ASN1_UTCTIME , -and -.Vt ASN1_GENERALIZEDTIME -structures are represented as -.Vt ASN1_STRING -structures internally and can be freed using -.Xr ASN1_STRING_free 3 . -.Pp -The -.Vt ASN1_TIME -structure can represent years from 0000 to 9999 but no attempt is -made to correct ancient calendar changes (for example from Julian -to Gregorian calendars). -.Pp -.Vt ASN1_UTCTIME -is limited to a year range of 1950 through 2049. -.Pp -It is recommended that -.Vt ASN1_TIME -functions be used instead of -.Vt ASN1_UTCTIME -or -.Vt ASN1_GENERALIZEDTIME -functions because the -.Vt ASN1_UTCTIME -and -.Vt ASN1_GENERALIZEDTIME -functions act only on that specific time format, while the -.Vt ASN1_TIME -functions operate on either format. -.Sh RETURN VALUES -.Fn ASN1_TIME_set , -.Fn ASN1_UTCTIME_set , -.Fn ASN1_GENERALIZEDTIME_set , -.Fn ASN1_TIME_adj , -.Fn ASN1_UTCTIME_adj , -.Fn ASN1_GENERALIZEDTIME_adj , -and -.Fn ASN1_TIME_to_generalizedtime -return a pointer to a time structure or -.Dv NULL -if an error occurred. -.Pp -.Fn ASN1_TIME_set_string , -.Fn ASN1_UTCTIME_set_string , -and -.Fn ASN1_GENERALIZEDTIME_set_string -return 1 if the time value is successfully set or 0 otherwise. -.Pp -.Fn ASN1_TIME_check , -.Fn ASN1_UTCTIME_check , -and -.Fn ASN1_GENERALIZEDTIME_check -return 1 if the time structure is syntactically correct or 0 otherwise. -.Pp -.Fn ASN1_TIME_print , -.Fn ASN1_UTCTIME_print , -and -.Fn ASN1_GENERALIZEDTIME_print -return 1 if the time is successfully printed or 0 if an error -occurred (I/O error or invalid time format). -.Pp -.Fn ASN1_UTCTIME_cmp_time_t -returns \-1 if -.Fa s -is earlier than -.Fa t , -0 if both are equal, 1 if -.Fa s -is later than -.Fa t , -or \-2 on error. -.Sh EXAMPLES -Set a time structure to one hour after the current time and print it -out: -.Bd -literal -offset indent -#include -#include - -ASN1_TIME *tm; -time_t t; -BIO *b; - -t = time(NULL); -tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); -b = BIO_new_fp(stdout, BIO_NOCLOSE); -ASN1_TIME_print(b, tm); -ASN1_STRING_free(tm); -BIO_free(b); -.Ed -.Sh SEE ALSO -.Xr ASN1_TIME_new 3 , -.Xr ASN1_time_parse 3 , -.Xr X509_cmp_time 3 -.Sh HISTORY -.Fn ASN1_UTCTIME_check -and -.Fn ASN1_UTCTIME_print -first appeared in SSLeay 0.5.1. -.Fn ASN1_UTCTIME_set -first appeared in SSLeay 0.6.0. -.Fn ASN1_UTCTIME_set_string -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn ASN1_TIME_set , -.Fn ASN1_GENERALIZEDTIME_set , -.Fn ASN1_GENERALIZEDTIME_set_string , -.Fn ASN1_GENERALIZEDTIME_check , -.Fn ASN1_TIME_print , -and -.Fn ASN1_GENERALIZEDTIME_print -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . -.Pp -.Fn ASN1_UTCTIME_cmp_time_t -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . -.Pp -.Fn ASN1_TIME_check -and -.Fn ASN1_TIME_to_generalizedtime -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ASN1_TIME_adj , -.Fn ASN1_UTCTIME_adj , -.Fn ASN1_GENERALIZEDTIME_adj , -and -.Fn ASN1_TIME_set_string -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Sh CAVEATS -Some applications add offset times directly to a -.Vt time_t -value and pass the results to -.Fn ASN1_TIME_set -(or equivalent). -This can cause problems as the -.Vt time_t -value can overflow on some systems resulting in unexpected results. -New applications should use -.Fn ASN1_TIME_adj -instead and pass the offset value in the -.Fa offset_sec -and -.Fa offset_day -parameters instead of directly manipulating a -.Vt time_t -value. -.Sh BUGS -.Fn ASN1_TIME_print , -.Fn ASN1_UTCTIME_print , -and -.Fn ASN1_GENERALIZEDTIME_print -do not print the time zone: they either print "GMT" or nothing. -But all certificates complying with RFC 5280 et al use GMT anyway. diff --git a/src/lib/libcrypto/man/ASN1_TYPE_get.3 b/src/lib/libcrypto/man/ASN1_TYPE_get.3 deleted file mode 100644 index 284ad61b34..0000000000 --- a/src/lib/libcrypto/man/ASN1_TYPE_get.3 +++ /dev/null @@ -1,309 +0,0 @@ -.\" $OpenBSD: ASN1_TYPE_get.3,v 1.12 2021/07/11 19:03:45 schwarze Exp $ -.\" OpenSSL 99d63d46 Mon Jun 6 00:43:05 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 11 2021 $ -.Dt ASN1_TYPE_GET 3 -.Os -.Sh NAME -.Nm ASN1_TYPE_new , -.Nm ASN1_TYPE_free , -.Nm ASN1_TYPE_get , -.Nm ASN1_TYPE_set , -.Nm ASN1_TYPE_set1 , -.Nm ASN1_TYPE_cmp -.Nd ASN.1 objects of arbitrary type -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_TYPE * -.Fn ASN1_TYPE_new void -.Ft void -.Fn ASN1_TYPE_free "ASN1_TYPE *a" -.Ft int -.Fo ASN1_TYPE_get -.Fa "const ASN1_TYPE *a" -.Fc -.Ft void -.Fo ASN1_TYPE_set -.Fa "ASN1_TYPE *a" -.Fa "int type" -.Fa "void *value" -.Fc -.Ft int -.Fo ASN1_TYPE_set1 -.Fa "ASN1_TYPE *a" -.Fa "int type" -.Fa "const void *value" -.Fc -.Ft int -.Fo ASN1_TYPE_cmp -.Fa "const ASN1_TYPE *a" -.Fa "const ASN1_TYPE *b" -.Fc -.Sh DESCRIPTION -.Vt ASN1_TYPE -represents the ASN.1 ANY type. -An -.Vt ASN1_TYPE -object can store an ASN.1 value of arbitrary type, -including constructed types such as a SEQUENCE. -It also remembers internally which type it currently holds. -.Pp -.Fn ASN1_TYPE_new -allocates and initializes an empty -.Vt ASN1_TYPE -object of undefined type. -.Pp -.Fn ASN1_TYPE_free -frees -.Fa a -including the value stored in it, if any. -If -.Fa a -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn ASN1_TYPE_get -returns the type of -.Fa a , -represented by one of the -.Dv V_ASN1_* -constants defined in -.In openssl/asn1.h . -.Pp -.Fn ASN1_TYPE_set -frees the value contained in -.Fa a , -if any, and sets -.Fa a -to -.Fa type -and -.Fa value . -This function uses the pointer -.Fa value -internally so it must -.Sy not -be freed up after the call. -.Pp -.Fn ASN1_TYPE_set1 -sets the type of -.Fa a -to -.Fa type -and its value to a copy of -.Fa value . -If copying succeeds, the previous value that was contained in -.Fa a -is freed. -If copying fails, -.Fa a -remains unchanged. -.Pp -The type and meaning of the -.Fa value -argument of -.Fn ASN1_TYPE_set -and -.Fn ASN1_TYPE_set1 -is determined by the -.Fa type -argument. -If -.Fa type -is -.Dv V_ASN1_NULL , -.Fa value -is ignored. -If -.Fa type -is -.Dv V_ASN1_BOOLEAN , -then the boolean is set to TRUE if -.Fa value -is not -.Dv NULL . -If -.Fa type -is -.Dv V_ASN1_OBJECT , -then -.Fa value -is an -.Vt ASN1_OBJECT -structure. -Otherwise -.Fa type -is an -.Vt ASN1_STRING -structure. -If -.Fa type -corresponds to a primitive type or a string type, then the contents -of the -.Vt ASN1_STRING -contains the content octets of the type. -If -.Fa type -corresponds to a constructed type or a tagged type -.Pq Dv V_ASN1_SEQUENCE , V_ASN1_SET , No or Dv V_ASN1_OTHER , -then the -.Vt ASN1_STRING -contains the entire ASN.1 encoding verbatim, including tag and -length octets. -.Pp -.Fn ASN1_TYPE_cmp -checks that -.Fa a -and -.Fa b -have the same type, the same value, and are encoded in the same way. -.Pp -If the types agree and the values have the same meaning but are -encoded differently, they are considered different. -For example, a boolean value is represented -using a single content octet. -Under BER, any non-zero octet represents the TRUE value, but -.Fn ASN1_TYPE_cmp -will only report a match if the content octet is the same. -.Pp -If either or both of the arguments passed to -.Fn ASN1_TYPE_cmp -is -.Dv NULL , -the result is a mismatch. -Technically, if both arguments are -.Dv NULL , -the two types could be absent OPTIONAL fields and so should match, -however passing -.Dv NULL -values could also indicate a programming error (for example an -unparseable type which returns -.Dv NULL ) -for types which do -.Sy not -match. -So applications should handle the case of two absent values separately. -.Sh RETURN VALUES -.Fn ASN1_TYPE_new -returns the new -.Vt ASN1_TYPE -object or -.Dv NULL -if an error occurs. -.Pp -.Fn ASN1_TYPE_get -returns the type of -.Fa a -or 0 if an error occurs. -The latter can happen if -.Fa a -does not contain a value even though its type is not -.Dv V_ASN1_NULL . -For example, it will always happen for empty objects -newly constructed with -.Fn ASN1_TYPE_new . -.Pp -.Fn ASN1_TYPE_set1 -returns 1 if the copying succeeds or 0 if it fails. -.Pp -.Fn ASN1_TYPE_cmp -returns 0 for a match or non-zero for a mismatch. -.Sh SEE ALSO -.Xr ASN1_generate_nconf 3 , -.Xr ASN1_get_object 3 , -.Xr ASN1_item_free 3 , -.Xr ASN1_OBJECT_new 3 , -.Xr ASN1_parse_dump 3 , -.Xr ASN1_put_object 3 , -.Xr ASN1_STRING_dup 3 , -.Xr ASN1_STRING_new 3 , -.Xr crypto 3 , -.Xr d2i_ASN1_NULL 3 , -.Xr d2i_ASN1_SEQUENCE_ANY 3 , -.Xr d2i_ASN1_TYPE 3 , -.Xr OBJ_dup 3 -.Sh HISTORY -.Fn ASN1_TYPE_new -and -.Fn ASN1_TYPE_free -first appeared in SSLeay 0.5.1. -.Fn ASN1_TYPE_get -and -.Fn ASN1_TYPE_set -first appeared in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn ASN1_TYPE_set1 -first appeared in OpenSSL 0.9.8h and has been available since -.Ox 4.5 . -.Pp -.Fn ASN1_TYPE_cmp -first appeared in OpenSSL 0.9.8zd, 1.0.0p, and 1.0.1k -and has been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/ASN1_generate_nconf.3 b/src/lib/libcrypto/man/ASN1_generate_nconf.3 deleted file mode 100644 index b15d4295a9..0000000000 --- a/src/lib/libcrypto/man/ASN1_generate_nconf.3 +++ /dev/null @@ -1,394 +0,0 @@ -.\" $OpenBSD: ASN1_generate_nconf.3,v 1.13 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL 05ea606a Fri May 20 20:52:46 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson. -.\" Copyright (c) 2002, 2003, 2006-2009, 2013-2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt ASN1_GENERATE_NCONF 3 -.Os -.Sh NAME -.Nm ASN1_generate_nconf , -.Nm ASN1_generate_v3 -.Nd ASN.1 generation functions -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_TYPE * -.Fo ASN1_generate_nconf -.Fa "const char *str" -.Fa "CONF *nconf" -.Fc -.Ft ASN1_TYPE * -.Fo ASN1_generate_v3 -.Fa "const char *str" -.Fa "X509V3_CTX *cnf" -.Fc -.Sh DESCRIPTION -These functions generate the ASN.1 encoding of a string in an -.Vt ASN1_TYPE -structure. -.Pp -.Fa str -contains the string to encode -.Fa nconf -or -.Fa cnf -contains the optional configuration information -where additional strings will be read from. -.Fa nconf -will typically come from a config file whereas -.Fa cnf -is obtained from an -.Vt X509V3_CTX -structure which will typically be used -by X509 v3 certificate extension functions. -.Fa cnf -or -.Fa nconf -can be set to -.Dv NULL -if no additional configuration will be used. -.Sh GENERATION STRING FORMAT -The actual data encoded is determined by the string -.Fa str -and the configuration information. -The general format of the string is: -.Pp -.D1 Oo Ar modifier , Oc Ns Ar type Ns Op : Ns Ar value -.Pp -That is zero or more comma separated modifiers followed by a type -followed by an optional colon and a value. -The formats of -.Ar type , -.Ar value -and -.Ar modifier -are explained below. -.Ss Supported types -The supported types are listed below. -Unless otherwise specified, only the -.Cm ASCII -format is permissible. -.Bl -tag -width Ds -.It Cm BOOLEAN , BOOL -This encodes a boolean type. -The -.Ar value -string is mandatory and should be -.Cm TRUE -or -.Cm FALSE . -Additionally -.Cm true , -.Cm Y , -.Cm y , -.Cm YES , -.Cm yes , -.Cm false , -.Cm N , -.Cm n , -.Cm NO -and -.Cm no -are acceptable. -.It Cm NULL -Encode the NULL type. -The -.Ar value -string must not be present. -.It Cm INTEGER , INT -Encodes an ASN.1 INTEGER type. -The -.Ar value -string represents the value of the integer. -It can be prefaced by a minus sign -and is normally interpreted as a decimal value unless the prefix -.Cm 0x -is included. -.It Cm ENUMERATED , ENUM -Encodes the ASN.1 ENUMERATED type. -It is otherwise identical to -.Cm INTEGER . -.It Cm OBJECT , OID -Encodes an ASN.1 OBJECT IDENTIFIER. -The -.Ar value -string can be a short name, a long name, or numerical format. -.It Cm UTCTIME , UTC -Encodes an ASN.1 UTCTime structure. -The value should be in the format -.Ar YYMMDDHHMMSSZ . -.It Cm GENERALIZEDTIME , GENTIME -Encodes an ASN.1 GeneralizedTime structure. -The value should be in the format -.Ar YYYYMMDDHHMMSSZ . -.It Cm OCTETSTRING , OCT -Encodes an ASN.1 OCTET STRING. -.Ar value -represents the contents of this structure. -The format strings -.Cm ASCII -and -.Cm HEX -can be used to specify the format of -.Ar value . -.It Cm BITSTRING , BITSTR -Encodes an ASN.1 BIT STRING. -.Ar value -represents the contents of this structure. -The format strings -.Cm ASCII , -.Cm HEX , -and -.Cm BITLIST -can be used to specify the format of -.Ar value . -.Pp -If the format is anything other than -.Cm BITLIST , -the number of unused bits is set to zero. -.It Xo -.Cm BMPSTRING , BMP , -.Cm GeneralString , -.Cm IA5STRING , IA5 , -.Cm NUMERICSTRING , NUMERIC , -.Cm PRINTABLESTRING , PRINTABLE , -.Cm T61STRING , T61 , -.Cm TELETEXSTRING , -.Cm UNIVERSALSTRING , UNIV , -.Cm UTF8String , UTF8 , -.Cm VISIBLESTRING , VISIBLE -.Xc -These encode the corresponding string types. -.Ar value -represents the contents of this structure. -The format can be -.Cm ASCII -or -.Cm UTF8 . -.It Cm SEQUENCE , SEQ , SET -Formats the result as an ASN.1 SEQUENCE or SET type. -.Ar value -should be a section name which will contain the contents. -The field names in the section are ignored -and the values are in the generated string format. -If -.Ar value -is absent, then an empty SEQUENCE will be encoded. -.El -.Ss Modifiers -Modifiers affect the following structure. -They can be used to add EXPLICIT or IMPLICIT tagging, add wrappers, -or to change the string format of the final type and value. -The supported formats are: -.Bl -tag -width Ds -.It Cm EXPLICIT , EXP -Add an explicit tag to the following structure. -This string should be followed by a colon -and the tag value to use as a decimal value. -.Pp -By following the number with -.Cm U , -.Cm A , -.Cm P -or -.Cm C , -UNIVERSAL, APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used. -The default is CONTEXT SPECIFIC. -.It Cm IMPLICIT , IMP -This is the same as -.Cm EXPLICIT -except IMPLICIT tagging is used instead. -.It Cm OCTWRAP , SEQWRAP , SETWRAP , BITWRAP -The following structure is surrounded by -an OCTET STRING, a SEQUENCE, a SET, or a BIT STRING, respectively. -For a BIT STRING the number of unused bits is set to zero. -.It Cm FORMAT -This specifies the format of the ultimate value. -It should be followed by a colon and one of the strings -.Cm ASCII , -.Cm UTF8 , -.Cm HEX , -or -.Cm BITLIST . -.Pp -If no format specifier is included, then -.Cm ASCII -is used. -If -.Cm UTF8 -is specified, then the -.Ar value -string must be a valid UTF-8 string. -For -.Cm HEX , -the output must be a set of hex digits. -.Cm BITLIST -(which is only valid for a BIT STRING) is a comma separated list -of the indices of the set bits, all other bits are zero. -.El -.Sh RETURN VALUES -.Fn ASN1_generate_nconf -and -.Fn ASN1_generate_v3 -return the encoded data as an -.Vt ASN1_TYPE -structure or -.Dv NULL -if an error occurred. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh EXAMPLES -A simple -.Vt IA5String : -.Pp -.Dl IA5STRING:Hello World -.Pp -An -.Vt IA5String -explicitly tagged: -.Pp -.Dl EXPLICIT:0,IA5STRING:Hello World -.Pp -An -.Vt IA5String -explicitly tagged using APPLICATION tagging: -.Pp -.Dl EXPLICIT:0A,IA5STRING:Hello World -.Pp -A BITSTRING with bits 1 and 5 set and all others zero: -.Pp -.Dl FORMAT:BITLIST,BITSTRING:1,5 -.Pp -A more complex example using a config file to produce a -SEQUENCE consisting of a BOOL an OID and a -.Vt UTF8String : -.Bd -literal -offset indent -asn1 = SEQUENCE:seq_section - -[seq_section] - -field1 = BOOLEAN:TRUE -field2 = OID:commonName -field3 = UTF8:Third field -.Ed -.Pp -This example produces an -.Vt RSAPrivateKey -structure. -This is the key contained in the file -.Pa client.pem -in all OpenSSL distributions. -Note that the field names such as -.Qq coeff -are ignored and are present just for clarity. -.Bd -literal -offset 2n -asn1=SEQUENCE:private_key -[private_key] -version=INTEGER:0 - -n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e -D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 - -e=INTEGER:0x010001 - -d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e -F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D - -p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e -D4BD57 - -q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e -46EC4F - -exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e -9C0A39B9 - -exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e -E7B2458F - -coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e -628657053A -.Ed -.Pp -This example is the corresponding public key in an ASN.1 -.Vt SubjectPublicKeyInfo -structure: -.Bd -literal -offset 2n -# Start with a SEQUENCE -asn1=SEQUENCE:pubkeyinfo - -# pubkeyinfo contains an algorithm identifier and the public key -# wrapped in a BIT STRING -[pubkeyinfo] -algorithm=SEQUENCE:rsa_alg -pubkey=BITWRAP,SEQUENCE:rsapubkey - -# algorithm ID for RSA is just an OID and a NULL -[rsa_alg] -algorithm=OID:rsaEncryption -parameter=NULL - -# Actual public key: modulus and exponent -[rsapubkey] -n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e -D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 - -e=INTEGER:0x010001 -.Ed -.Sh SEE ALSO -.Xr ASN1_TYPE_get 3 , -.Xr d2i_ASN1_TYPE 3 , -.Xr x509v3.cnf 5 -.Sh HISTORY -.Fn ASN1_generate_nconf -and -.Fn ASN1_generate_v3 -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ASN1_get_object.3 b/src/lib/libcrypto/man/ASN1_get_object.3 deleted file mode 100644 index 781b12ad5a..0000000000 --- a/src/lib/libcrypto/man/ASN1_get_object.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" $OpenBSD: ASN1_get_object.3,v 1.2 2021/07/11 19:03:45 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 11 2021 $ -.Dt ASN1_GET_OBJECT 3 -.Os -.Sh NAME -.Nm ASN1_get_object -.Nd parse identifier and length octets -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft int -.Fo ASN1_get_object -.Fa "const unsigned char **ber_in" -.Fa "long *plength" -.Fa "int *ptag" -.Fa "int *pclass" -.Fa "long omax" -.Fc -.Sh DESCRIPTION -.Fn ASN1_get_object -parses the identifier and length octets of a BER-encoded value. -On function entry, -.Pf * Fa ber_in -is expected to point to the first identifier octet. -If the identifier and length octets turn out to be valid, -the function advances -.Pf * Fa ber_in -to the first content octet before returning. -.Pp -If the identifier octets are valid, -.Fn ASN1_get_object -stores the tag number in -.Pf * Fa ptag -and the class of the tag in -.Pf * Fa pclass . -The class is either -.Dv V_ASN1_UNIVERSAL -or -.Dv V_ASN1_APPLICATION -or -.Dv V_ASN1_CONTEXT_SPECIFIC -or -.Dv V_ASN1_PRIVATE . -.Pp -If the length octets are valid, too, -.Fn ASN1_get_object -stores the number encoded in the length octets in -.Pf * Fa plength . -If the length octet indicates the indefinite form, -.Pf * Fa plength -is set to 0. -.Pp -.Fn ASN1_get_object -inspects at most -.Fa omax -bytes. -If parsing of the length octets remains incomplete after inspecting -that number of bytes, parsing fails with -.Dv ASN1_R_HEADER_TOO_LONG . -.Sh RETURN VALUES -Bits set in the return value of -.Fn ASN1_get_object -have the following meanings: -.Bl -tag -width Ds -.It 0x80 -An error occurred. -One of the -.Sx ERRORS -described below has been set. -.It 0x20 = Dv V_ASN1_CONSTRUCTED -The encoding is constructed rather than primitive, -and the identifier and length octets are valid. -.It 0x01 -The length octet indicates the indefinite form. -This bit can only occur if -.Dv V_ASN1_CONSTRUCTED -is also set. -.El -.Pp -Consequently, the following combinations can occur: -.Bl -tag -width Ds -.It 0x00 -A valid primitive encoding. -.It 0x20 -A valid constructed encoding, definite form. -.It 0x21 -A valid constructed encoding, indefinite form. -.It 0x80 -Either a primitive encoding with a valid tag and definite length, -but the content octets won't fit into -.Fa omax , -or parsing failed. -Use -.Xr ERR_GET_REASON 3 -to distinguish the two cases. -.It 0xa0 -A constructed encoding with a valid tag and definite length, -but the content octets won't fit into -.Fa omax . -.El -.Pp -The bit combinations 0x01, 0x81, and 0xa1 cannot occur as return values. -.Sh ERRORS -If the bit 0x80 is set in the return value, -diagnostics can be retrieved with -.Xr ERR_get_error 3 , -.Xr ERR_GET_REASON 3 , -and -.Xr ERR_reason_error_string 3 : -.Bl -tag -width Ds -.It Dv ASN1_R_HEADER_TOO_LONG Qq "header too long" -Inspecting -.Fa omax -bytes was insufficient to finish parsing, -the tag number encoded in the identifier octets exceeds -.Dv INT_MAX , -the number encoded in the length octets exceeds -.Dv LONG_MAX , -or using the indefinite form for the length octets is attempted -even though the encoding is primitive. -.Pp -In this case, the return value is exactly 0x80; no other bits are set. -.Pp -If the problem occurred while parsing the identifier octets, -.Pf * Fa ptag -and -.Pf * Fa pclass -remain unchanged. -If the problem occurred while parsing the length octets, -.Pf * Fa ptag -and -.Pf * Fa pclass -are set according to the identifier octets. -In both cases, -.Pf * Fa ber_in -and -.Pf * Fa plength -remain unchanged. -.Pp -The wording of the error message is confusing. -On the one hand, the header might be just fine, -and the root cause of the problem could be that the chosen -.Fa omax -argument was too small. -On the other hand, outright BER syntax errors are also reported as -.Dv ASN1_R_HEADER_TOO_LONG . -.It Dv ASN1_R_TOO_LONG Qq "too long" -The identifier and length octets are valid, -but the content octets won't fit into -.Fa omax . -The following have been set as appropriate and can safely be inspected: -.Pf * pclass , -.Pf * ptag , -.Pf * plength , -and the bits -.Dv V_ASN1_CONSTRUCTED -and 0x01 in the return value. -The parse pointer -.Pf * ber_in -has been advanced to the first content octet. -.Pp -Again, the error message may occasionally sound confusing. -The length of the content may be reasonable, and the root cause of -the problem could be that the chosen -.Fa omax -argument was too small. -.El -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr ASN1_item_new 3 , -.Xr ASN1_parse_dump 3 -.Sh STANDARDS -ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: -Information technology - ASN.1 encoding rules: -Specification of Basic Encoding Rules (BER), Canonical Encoding -Rules (CER) and Distinguished Encoding Rules (DER): -.Bl -dash -offset 2n -width 1n -compact -.It -Section 8.1.2: Identifier octets -.It -Section 8.1.3: Length octets -.El -.Sh HISTORY -.Fn ASN1_get_object -first appeared in SSLeay 0.5.1 and has been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ASN1_item_d2i.3 b/src/lib/libcrypto/man/ASN1_item_d2i.3 deleted file mode 100644 index 140ea6f1ba..0000000000 --- a/src/lib/libcrypto/man/ASN1_item_d2i.3 +++ /dev/null @@ -1,490 +0,0 @@ -.\" $OpenBSD: ASN1_item_d2i.3,v 1.10 2021/07/11 15:30:21 schwarze Exp $ -.\" OpenSSL doc/man3/d2i_X509.pod b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2003, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 11 2021 $ -.Dt ASN1_ITEM_D2I 3 -.Os -.Sh NAME -.Nm ASN1_item_d2i , -.Nm ASN1_item_d2i_bio , -.Nm ASN1_item_d2i_fp , -.Nm d2i_ASN1_TYPE , -.Nm ASN1_item_i2d , -.Nm ASN1_item_i2d_bio , -.Nm ASN1_item_i2d_fp , -.Nm i2d_ASN1_TYPE , -.Nm ASN1_item_dup , -.Nm ASN1_item_print -.Nd decode and encode ASN.1 objects -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_VALUE * -.Fo ASN1_item_d2i -.Fa "ASN1_VALUE **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fa "const ASN1_ITEM *it" -.Fc -.Ft void * -.Fo ASN1_item_d2i_bio -.Fa "const ASN1_ITEM *it" -.Fa "BIO *in_bio" -.Fa "void *val_out" -.Fc -.Ft void * -.Fo ASN1_item_d2i_fp -.Fa "const ASN1_ITEM *it" -.Fa "FILE *in_fp" -.Fa "void *val_out" -.Fc -.Ft ASN1_TYPE * -.Fo d2i_ASN1_TYPE -.Fa "ASN1_TYPE **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo ASN1_item_i2d -.Fa "ASN1_VALUE *val_in" -.Fa "unsigned char **der_out" -.Fa "const ASN1_ITEM *it" -.Fc -.Ft int -.Fo ASN1_item_i2d_bio -.Fa "const ASN1_ITEM *it" -.Fa "BIO *out_bio" -.Fa "void *val_in" -.Fc -.Ft int -.Fo ASN1_item_i2d_fp -.Fa "const ASN1_ITEM *it" -.Fa "FILE *out_fp" -.Fa "void *val_in" -.Fc -.Ft int -.Fo i2d_ASN1_TYPE -.Fa "ASN1_TYPE *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft void * -.Fo ASN1_item_dup -.Fa "const ASN1_ITEM *it" -.Fa "void *val_in" -.Fc -.Ft int -.Fo ASN1_item_print -.Fa "BIO *out_bio" -.Fa "ASN1_VALUE *val_in" -.Fa "int indent" -.Fa "const ASN1_ITEM *it" -.Fa "const ASN1_PCTX *pctx" -.Fc -.Sh DESCRIPTION -These functions convert ASN.1 values from their BER encoding to -internal C structures -.Pq Dq d2i -and vice versa -.Pq Dq i2d . -Unlike the C structures which contain pointers to sub-objects, BER -is a serialized encoding, suitable for transfer over the network -and for storage in a file. -.Pp -.Fn ASN1_item_d2i -interprets -.Pf * Fa der_in -as a DER- or BER-encoded byte array and decodes one value of type -.Fa it -represented by up to -.Fa length -bytes. -If successful, -.Pf * Fa der_in -is advanced to the byte following the parsed data. -.Pp -If decoding succeeds and -.Fa val_out -or -.Pf * Fa val_out -is -.Dv NULL , -a new object is allocated. -.Pp -If decoding succeeds and -.Pf * Fa val_out -is not -.Dv NULL , -it is assumed to point to a valid populated object and an attempt -is made to reuse it. -It must not be an empty structure such as one returned by -.Xr ASN1_item_new 3 -or by one of the various type-specific -.Fn *_new -functions. -This -.Dq reuse -capability is present for backward compatibility, but its use is -strongly discouraged; see the -.Sx BUGS -section below. -.Pp -.Fn ASN1_item_d2i_bio -and -.Fn ASN1_item_d2i_fp -are similar to -.Fn ASN1_item_d2i -except that they read from a -.Vt BIO -or -.Vt FILE , -respectively. -.Pp -.Fn d2i_ASN1_TYPE -is similar to -.Fn ASN1_item_d2i -except that it does not require a desired type to be specified by -the user, but instead returns an -.Vt ASN1_TYPE -wrapper object containing both the type and the value found in the input. -.Pp -.Fn ASN1_item_i2d -encodes the object pointed to by -.Fa val_in -into DER format. -.Pp -If -.Pf * Fa der_out -is not -.Dv NULL , -it writes the DER-encoded data to the buffer at -.Pf * Fa der_out -and increments it to point after the data just written. -In this case, it is the responsibility of the user to make sure -that the buffer pointed to by -.Pf * Fa der_out -is long enough, such that no buffer overflow can occur. -.Pp -If -.Pf * Fa der_out -is -.Dv NULL , -memory is allocated for a buffer, and -.Pf * Fa der_out -is not incremented, but points to the start of the data just written. -.Pp -If -.Fa der_out -is -.Dv NULL , -the encoded bytes are not written anywhere but discarded. -For -.Fa val_in -objects of variable encoding size, this is sometimes used to first -find the number of bytes that will be written. -Then, a sufficient amount of memory is allocated before calling -.Fn ASN1_item_i2d -again. -This explicit double-call technique is often not needed because the -auto-allocation technique described in the previous paragraph can -be used. -.Pp -.Fn ASN1_item_i2d_bio -and -.Fn ASN1_item_i2d_fp -are similar to -.Fn ASN1_item_i2d -except that they write to a -.Vt BIO -or -.Vt FILE , -respectively. -.Pp -.Fn i2d_ASN1_TYPE -is similar to -.Fn ASN1_item_i2d -except that the type and the value are not provided separately, -but in the form of a single -.Vt ASN1_TYPE -object. -.Pp -.Fn ASN1_item_dup -creates a deep copy of -.Fa val_in -by calling -.Fn ASN1_item_i2d -and -.Fn ASN1_item_d2i . -.Sh RETURN VALUES -If successful, -.Fn ASN1_item_d2i , -.Fn ASN1_item_d2i_bio , -.Fn ASN1_item_d2i_fp , -and -.Fn d2i_ASN1_TYPE -return a pointer to the decoded ASN.1 value. -In addition, if -.Fa val_out -is not -.Dv NULL , -the pointer is also written to -.Pf * Fa val_out . -If an error occurs, -.Dv NULL -is returned. -.Pp -.Fn ASN1_item_i2d -and -.Fn i2d_ASN1_TYPE -return the number of bytes written -or a negative value if an error occurs. -.Pp -.Fn ASN1_item_i2d_bio -and -.Fn ASN1_item_i2d_fp -return 1 for success or 0 for failure. -.Pp -.Fn ASN1_item_dup -returns the new -.Vt ASN1_VALUE -object or -.Dv NULL -if an error occurs. -.Sh EXAMPLES -Many type-specific wrapper functions exist. -Using those wrappers is recommended in application code -because it restores part of the type safety that the low-level -interfaces using -.Vt ASN1_VALUE -lack. -.Pp -For example, to allocate a buffer and write the DER encoding of an -.Vt X509 -object into it: -.Bd -literal -offset indent -X509 *x; -unsigned char *buf; -int len; - -buf = NULL; -len = i2d_X509(x, &buf); -if (len < 0) - /* error */ -.Ed -.Pp -Attempt to decode a buffer: -.Bd -literal -offset indent -X509 *x; -unsigned char *buf, *p; -int len; - -/* Set up buf and len to point to the input buffer. */ -p = buf; -x = d2i_X509(NULL, &p, len); -if (x == NULL) - /* error */ -.Ed -.Pp -Equivalent technique: -.Bd -literal -offset indent -X509 *x; -unsigned char *buf, *p; -int len; - -/* Set up buf and len to point to the input buffer. */ -p = buf; -x = NULL; - -if (d2i_X509(&x, &p, len) == NULL) - /* error */ -.Ed -.Sh SEE ALSO -.Xr ASN1_get_object 3 , -.Xr ASN1_item_new 3 , -.Xr ASN1_TYPE_new 3 -.Sh HISTORY -.Fn d2i_ASN1_TYPE -and -.Fn i2d_ASN1_TYPE -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn ASN1_item_d2i , -.Fn ASN1_item_d2i_bio , -.Fn ASN1_item_d2i_fp , -.Fn ASN1_item_i2d , -.Fn ASN1_item_i2d_bio , -.Fn ASN1_item_i2d_fp , -and -.Fn ASN1_item_dup -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ASN1_item_print -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . -.Sh CAVEATS -If the type described by -.Fa it -fails to match the true type of -.Fa val_in -or -.Pf * Fa val_out , -buffer overflows and segmentation faults are likely to occur. -For more details about why the type -.Vt ASN1_VALUE -constitutes dangerous user interface design, see -.Xr ASN1_item_new 3 . -.Pp -The encoded data is in binary form and may contain embedded NUL bytes. -Functions such as -.Xr strlen 3 -will not return the correct length of the encoded data. -.Pp -While the way that -.Pf * Fa der_in -and -.Pf * Fa der_out -are incremented after the operation supports the typical usage -patterns of reading or writing one object after another, this -behaviour can trap the unwary. -.Pp -Using a temporary pointer into the buffer is mandatory. -A common mistake is to attempt to use a buffer directly as follows: -.Bd -literal -offset indent -X509 *x; -unsigned char *buf; -int len; - -len = i2d_X509(x, NULL); -buf = malloc(len); -i2d_X509(x, &buf); -/* do something with buf[] */ -free(buf); -.Ed -.Pp -This code will result in -.Va buf -apparently containing garbage because it was incremented during -.Fn i2d_X509 -to point after the data just written. -Also -.Va buf -will no longer contain the pointer allocated by -.Xr malloc 3 -and the subsequent call to -.Xr free 3 -is likely to crash. -.Pp -Another trap to avoid is misuse of the -.Fa val_out -argument: -.Bd -literal -offset indent -X509 *x; - -if (d2i_X509(&x, &p, len) == NULL) - /* error */ -.Ed -.Pp -This will probably crash somewhere in -.Fn d2i_X509 -because -.Va x -is uninitialized and an attempt will be made to interpret its invalid -content as an -.Vt X509 -object, typically causing a segmentation violation. -If -.Va x -is set to -.Dv NULL -first, then this will not happen. -.Sh BUGS -If the -.Dq reuse -capability is used, a valid object is passed in via -.Pf * Fa val_out , -and an error occurs, then the object is not freed and may be left -in an invalid or inconsistent state. -.Pp -In some versions of OpenSSL, the -.Dq reuse -behaviour is broken such that some parts of the reused object may -persist if they are not present in the new one. -.Pp -In many versions of OpenSSL, -.Fn ASN1_item_i2d -will not return an error if mandatory fields are not initialized -due to a programming error. -In that case, the encoded structure may contain invalid data and -some fields may be missing entirely, such that trying to parse it -with -.Fn ASN1_item_d2i -may fail. -.Pp -Any function which encodes an object may return a stale encoding -if the object has been modified after deserialization or previous -serialization. -This is because some objects cache the encoding for efficiency reasons. diff --git a/src/lib/libcrypto/man/ASN1_item_new.3 b/src/lib/libcrypto/man/ASN1_item_new.3 deleted file mode 100644 index a5bf8aa58f..0000000000 --- a/src/lib/libcrypto/man/ASN1_item_new.3 +++ /dev/null @@ -1,123 +0,0 @@ -.\" $OpenBSD: ASN1_item_new.3,v 1.6 2021/07/11 15:30:21 schwarze Exp $ -.\" -.\" Copyright (c) 2016, 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 11 2021 $ -.Dt ASN1_ITEM_NEW 3 -.Os -.Sh NAME -.Nm ASN1_item_new , -.Nm ASN1_item_free -.Nd generic ASN.1 value constructor and destructor -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_VALUE * -.Fo ASN1_item_new -.Fa "const ASN1_ITEM *it" -.Fc -.Ft void -.Fo ASN1_item_free -.Fa "ASN1_VALUE *val_in" -.Fa "const ASN1_ITEM *it" -.Fc -.Sh DESCRIPTION -.Fn ASN1_item_new -allocates and initializes an empty ASN.1 value -of the type described by the global static object -.Fa it . -.Pp -If the item type described by -.Fa it -is reference counted, -.Fn ASN1_item_free -decrements the reference count of -.Fa val_in . -Otherwise, or if the reference count reaches 0, -.Fn ASN1_item_free -frees -.Fa val_in , -assuming that it is of the type described by -.Fa it . -If the true type of -.Fa val_in -fails to match the specified -.Fa it , -buffer overflows and segmentation faults are likely to occur. -It is not possible to recover the type of an -.Vt ASN1_VALUE -object by inspecting it; the type always needs to be remembered -separately. -.Pp -.Vt ASN1_VALUE -is an incomplete type, and pointers to it always require casting -to the correct complete type before they can be dereferenced. -For all practical purposes, a pointer to -.Vt ASN1_VALUE -is equivalent to a -.Vt void -pointer. -.Pp -Depending on -.Fa it , -there are more than 150 different types that -.Fn ASN1_item_new -may return. -Most of them are pointers to structures or pointers to arrays of -structures, but there are a few exceptions, for example: -If -.Fa it -is -.Dv ASN1_NULL_it , -.Fn ASN1_item_new -returns a specific invalid pointer representing the unique -.Vt ASN1_NULL -object. -If -.Fa it -is -.Dv ASN1_BOOLEAN_it -or -.Dv LONG_it , -.Fn ASN1_item_new -does not return a pointer at all, but a -.Vt long -value cast to -.Vt ASN1_VALUE * . -.Sh RETURN VALUES -The -.Fn ASN1_item_new -function returns the new -.Vt ASN1_VALUE -object if successful; otherwise -.Dv NULL -is returned and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr ASN1_get_object 3 , -.Xr ASN1_item_d2i 3 , -.Xr ASN1_TYPE_new 3 , -.Xr d2i_ASN1_NULL 3 , -.Xr OBJ_nid2obj 3 -.Sh HISTORY -.Fn ASN1_item_new -and -.Fn ASN1_item_free -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Sh BUGS -The -.Vt ASN1_VALUE -type compromises type safety and invites programming mistakes that -will typically have severe consequences. diff --git a/src/lib/libcrypto/man/ASN1_parse_dump.3 b/src/lib/libcrypto/man/ASN1_parse_dump.3 deleted file mode 100644 index 240d2d338e..0000000000 --- a/src/lib/libcrypto/man/ASN1_parse_dump.3 +++ /dev/null @@ -1,210 +0,0 @@ -.\" $OpenBSD: ASN1_parse_dump.3,v 1.1 2021/07/11 19:03:45 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 11 2021 $ -.Dt ASN1_PARSE_DUMP 3 -.Os -.Sh NAME -.Nm ASN1_parse_dump , -.Nm ASN1_parse -.Nd parse BER and print information about it -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft int -.Fo ASN1_parse_dump -.Fa "BIO *bio" -.Fa "const unsigned char *ber_in" -.Fa "long length" -.Fa "int indent" -.Fa "int dump" -.Fc -.Ft int -.Fo ASN1_parse -.Fa "BIO *bio" -.Fa "const unsigned char *ber_in" -.Fa "long length" -.Fa "int indent" -.Fc -.Sh DESCRIPTION -.Fn ASN1_parse_dump -parses BER-encoded values and prints information about them to -.Fa bio . -On function entry, -.Pf * Fa ber_in -is expected to point to the first identifier octet of an encoded value. -At most -.Fa length -bytes are inspected. -.Pp -For each value successfully parsed, the following information is printed: -.Bl -enum -.It -The index of its first identifier octet relative to -.Fa ber_in -as a decimal number followed by a colon. -For the first value parsed and printed, this is -.Qq 0:\& . -.It -The nesting depth as a decimal integer. -For the first value parsed and printed, this is -.Qq d=0 . -.It -The header length in bytes, including the identifier octets and the -length octets, as a decimal integer. -For example, for a boolean value, this is -.Qq hl=2 -because the encoding of a boolean value contains -one identifier octet (0x01) and one length octet (also 0x01, -because one content octet follows after the header). -.It -If the value is encoded using the definite form for the length octets, -the number encoded in the length octets as a decimal integer. -This is the number of content octets that follow. -For example, for a boolean value, this is -.Qq l=1 . -If the value is encoded using a length octet indicating the indefinite form, -.Qq l=inf -is printed instead. -.It -If the value is primitive, -.Qq prim:\& -is printed; -if it is constructed, -.Qq cons:\& . -.It -The next field depends on the class of the tag: -.Bl -tag -width Ds -.It Dv V_ASN1_PRIVATE -.Qq priv -followed by the decimal tag number in square brackets -.It Dv V_ASN1_CONTEXT_SPECIFIC -.Qq cont -followed by the decimal tag number in square brackets -.It Dv V_ASN1_APPLICATION -.Qq appl -followed by the decimal tag number in square brackets -.It V_ASN1_UNIVERSAL -If the tag number is 30 or less, the return value from -.Xr ASN1_tag2str 3 -is printed; otherwise, -.Qq -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 26 2019 $ -.Dt ASN1_PUT_OBJECT 3 -.Os -.Sh NAME -.Nm ASN1_put_object , -.Nm ASN1_put_eoc -.Nd start and end the BER encoding of an arbitrary ASN.1 data element -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft void -.Fo ASN1_put_object -.Fa "unsigned char **ber_out" -.Fa "int constructed" -.Fa "int length" -.Fa "int tag" -.Fa "int class" -.Fc -.Ft int -.Fo ASN1_put_eoc -.Fa "unsigned char **ber_out" -.Fc -.Sh DESCRIPTION -.Fn ASN1_put_object -begins writing the BER encoding of an arbitrary ASN.1 data element -to the buffer -.Pf * ber_out -by writing the identifier and the length bytes. -Making sure that there is sufficient space in the buffer -is the responsibility of the caller. -This function does not write any content bytes -nor any end-of-content bytes. -.Pp -The tag -.Fa class -can be -.Dv V_ASN1_UNIVERSAL , -.Dv V_ASN1_APPLICATION , -.Dv V_ASN1_CONTEXT_SPECIFIC , -or -.Dv V_ASN1_PRIVATE -and is written to the two most significant bits of the first byte written. -.Pp -The -.Fa constructed -argument can have the following values: -.Bl -tag -width 1n -offset 2n -compact -.It 0 -Start a primitive value by setting the third most significant bit -of the first byte written to 0. -Always use the definite form. -.It 1 -Start a constructed value by setting the third most significant bit -of the first byte written to 1, and use the definite form. -.It 2 -Start a constructed value and use the indefinite form, -.El -.Pp -If the -.Fa tag -is less than 0x1f, it is written to the five least significant bits -of the only identifier byte written. -Otherwise, these five bits are all set to 1, and the -.Fa tag -is encoded in one or more following identifier bytes as needed. -.Pp -After completing the identifier byte(s), -when using the definite form, the given -.Fa length -is encoded in one or more bytes as needed. -Otherwise, the special byte 0x80 is written instead and the -.Ar length -argument is ignored. -.Pp -At the end, -.Pf * Fa ber_out -is set to the byte following the last byte written. -The calling code can then start writing content bytes. -.Pp -If the indefinite form was selected, -the calling code is also responsible for calling -.Fn ASN1_put_eoc -which writes an end-of-content marker to -.Pf * Fa ber_out , -consisting of two NUL bytes, and advances -.Pf * Fa ber_out -by two bytes. -.Sh RETURN VALUES -.Fn ASN1_put_eoc -returns the number of bytes written, which is always 2. -.Sh SEE ALSO -.Xr ASN1_item_i2d 3 , -.Xr ASN1_TYPE_get 3 , -.Xr i2d_ASN1_NULL 3 , -.Xr i2d_ASN1_OBJECT 3 , -.Xr i2d_ASN1_OCTET_STRING 3 , -.Xr i2d_ASN1_SEQUENCE_ANY 3 -.Sh HISTORY -.Fn ASN1_put_object -first appeared in SSLeay 0.5.1 and has been available since -.Ox 2.4 . -.Pp -.Fn ASN1_put_eoc -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . -.Sh CAVEATS -Neither -.Fn ASN1_put_object -nor -.Fn ASN1_put_eoc -do any sanity checking. -When called in inconsistent ways, invalid content may result in -.Pf * Fa ber_out , -for example -.Bl -dash -compact -.It -a -.Fa tag -number less than 0x1f with a non-universal -.Fa class -.It -a -.Fa tag -number equal to 0x00 or 0x1f -.It -a -.Vt BOOLEAN , -.Vt INTEGER , -.Vt NULL -etc. with the -.Fa constructed -bit set -.It -a -.Vt SEQUENCE -or -.Vt SET -etc. without the -.Fa constructed -bit set -.It -a -.Fa length -that makes no sense for the given -.Fa tag -.It -a -.Fa length -that disagrees with the following data -.It -a -.Vt BOOLEAN , -.Vt INTEGER , -.Vt NULL -etc. in indefinite form -.It -an end-of-content marker even though no indefinite form was started -.It -\&... -.El -.Pp -If the calling code wants to find out how many bytes were written, -it needs to save a copy of the pointer -.Pf * Fa ber_out -before calling -.Fn ASN1_put_object . diff --git a/src/lib/libcrypto/man/ASN1_time_parse.3 b/src/lib/libcrypto/man/ASN1_time_parse.3 deleted file mode 100644 index 6ec45e5dcc..0000000000 --- a/src/lib/libcrypto/man/ASN1_time_parse.3 +++ /dev/null @@ -1,141 +0,0 @@ -.\" $OpenBSD: ASN1_time_parse.3,v 1.9 2020/11/02 17:45:35 tb Exp $ -.\" -.\" Copyright (c) 2016 Bob Beck -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: November 2 2020 $ -.Dt ASN1_TIME_PARSE 3 -.Os -.Sh NAME -.Nm ASN1_time_parse , -.Nm ASN1_time_tm_cmp , -.Nm ASN1_TIME_set_tm -.Nd LibreSSL utilities for ASN.1 time types -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft int -.Fn ASN1_time_parse "const char *bytes" "size_t len" "struct tm *tm" "int mode" -.Ft int -.Fn ASN1_time_tm_cmp "struct tm *tm1" "struct tm *tm2" -.Ft ASN1_TIME * -.Fn ASN1_TIME_set_tm "ASN1_TIME *s" "struct tm *tm" -.Sh DESCRIPTION -The -.Fn ASN1_time_parse -function parses an ASN.1 time string of -.Ar len -bytes starting at -.Ar bytes . -The resulting time is stored in -.Ar tm -if -.Ar tm -is not -.Dv NULL . -.Pp -The -.Ar mode -parameter must be one of -.Bl -bullet -offset four -.It -0 to parse a time as specified in RFC 5280 for an X509 object, -which may be either a UTC time or a Generalized time. -.It -.Dv V_ASN1_UTCTIME -to parse an RFC 5280 format UTC time. -.It -.Dv V_ASN1_GENERALIZEDTIME -to parse an RFC 5280 format Generalized time. -.El -.Pp -The -.Fn ASN1_time_tm_cmp -function compares two times in -.Ar tm1 -and -.Ar tm2 . -.Pp -The function -.Fn ASN1_TIME_set_tm -sets the -.Vt ASN1_TIME -structure -.Fa s -to the time represented by the -.Vt struct tm -value pointed to by -.Fa tm . -If -.Fa s -is -.Dv NULL , -a new -.Vt ASN1_TIME -structure is allocated and returned. -.Sh RETURN VALUES -.Fn ASN1_time_parse -returns -.Bl -bullet -offset four -.It --1 if the string was invalid for the -.Ar mode -specified. -.It -.Dv V_ASN1_UTCTIME -if the string parsed as a valid UTC time. -.It -.Dv V_ASN1_GENERALIZEDTIME -if the string parsed as a valid Generalized time. -.El -.Pp -.Fn ASN1_time_tm_cmp -returns -.Bl -bullet -offset four -.It --1 if -.Ar tm1 -is less than -.Ar tm2 . -.It -1 if -.Ar tm1 -is greater than -.Ar tm2 . -.It -0 if -.Ar tm1 -is the same as -.Ar tm2 . -.El -.Pp -.Fn ASN1_TIME_set_tm -returns a pointer to an -.Vt ASN1_TIME -structure or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr ASN1_TIME_new 3 , -.Xr ASN1_TIME_set 3 , -.Xr X509_cmp_time 3 -.Sh HISTORY -.Fn ASN1_time_parse -and -.Fn ASN1_time_tm_cmp -first appeared in -.Ox 6.1 -and -.Fn ASN1_TIME_set_tm -in -.Ox 6.2 . diff --git a/src/lib/libcrypto/man/AUTHORITY_KEYID_new.3 b/src/lib/libcrypto/man/AUTHORITY_KEYID_new.3 deleted file mode 100644 index bff451ff36..0000000000 --- a/src/lib/libcrypto/man/AUTHORITY_KEYID_new.3 +++ /dev/null @@ -1,73 +0,0 @@ -.\" $OpenBSD: AUTHORITY_KEYID_new.3,v 1.4 2019/06/06 01:06:58 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt AUTHORITY_KEYID_NEW 3 -.Os -.Sh NAME -.Nm AUTHORITY_KEYID_new , -.Nm AUTHORITY_KEYID_free -.Nd X.509 authority key identifier extension -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft AUTHORITY_KEYID * -.Fn AUTHORITY_KEYID_new void -.Ft void -.Fn AUTHORITY_KEYID_free "AUTHORITY_KEYID *id" -.Sh DESCRIPTION -Using the authority key identifier extension, an X.509 certificate -or certificate revocation list can specify which key pair was used -for signing it. -.Pp -.Fn AUTHORITY_KEYID_new -allocates and initializes an empty -.Vt AUTHORITY_KEYID -object, representing an ASN.1 -.Vt AuthorityKeyIdentifier -structure defined in RFC 5280 section 4.2.1.1. -It can hold an issuer name, a serial number, and a key identifier. -.Pp -.Fn AUTHORITY_KEYID_free -frees -.Fa id . -.Sh RETURN VALUES -.Fn AUTHORITY_KEYID_new -returns the new -.Vt AUTHORITY_KEYID -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_AUTHORITY_KEYID 3 , -.Xr GENERAL_NAMES_new 3 , -.Xr X509_CRL_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile: -.Bl -dash -compact -.It -section 4.2.1.1: Certificate Extensions: Authority Key Identifier -.It -section 5.2.1: CRL Extensions: Authority Key Identifier -.El -.Sh HISTORY -.Fn AUTHORITY_KEYID_new -and -.Fn AUTHORITY_KEYID_free -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 b/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 deleted file mode 100644 index cfe6737c41..0000000000 --- a/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 +++ /dev/null @@ -1,88 +0,0 @@ -.\" $OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.5 2019/08/22 15:15:35 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 22 2019 $ -.Dt BASIC_CONSTRAINTS_NEW 3 -.Os -.Sh NAME -.Nm BASIC_CONSTRAINTS_new , -.Nm BASIC_CONSTRAINTS_free -.Nd X.509 extension to mark CA certificates -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft BASIC_CONSTRAINTS * -.Fn BASIC_CONSTRAINTS_new void -.Ft void -.Fn BASIC_CONSTRAINTS_free "BASIC_CONSTRAINTS *bc" -.Sh DESCRIPTION -.Fn BASIC_CONSTRAINTS_new -allocates and initializes an empty -.Vt BASIC_CONSTRAINTS -object, representing an ASN.1 -.Vt BasicConstraints -structure defined in RFC 5280 section 4.2.1.9. -.Pp -This object contains two fields. -The field -.Fa "int ca" -is non-zero if the certificate is a CA certificate. -The field -.Fa "ASN1_INTEGER *pathlen" -specifies the maximum number of non-self-issued intermediate -certificates that may follow this certificate in a valid -certification path. -.Pp -If an X.509 version 3 certificate does not contain this extension -or if the -.Fa ca -field of the -.Vt BASIC_CONSTRAINTS -object is 0, or if the certificate contains a key usage extension -having the -.Dv KU_KEY_CERT_SIGN -bit unset, then it is not a CA certificate but an end entity -certificate. -.Pp -.Fn BASIC_CONSTRAINTS_free -frees -.Fa bc . -.Sh RETURN VALUES -.Fn BASIC_CONSTRAINTS_new -returns the new -.Vt BASIC_CONSTRAINTS -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_BASIC_CONSTRAINTS 3 , -.Xr X509_check_purpose 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile: -.Bl -dash -compact -.It -section 4.2.1.9: Basic Constraints -.It -section 6.1: Basic Path Validation -.El -.Sh HISTORY -.Fn BASIC_CONSTRAINTS_new -and -.Fn BASIC_CONSTRAINTS_free -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BF_set_key.3 b/src/lib/libcrypto/man/BF_set_key.3 deleted file mode 100644 index c7e83a7526..0000000000 --- a/src/lib/libcrypto/man/BF_set_key.3 +++ /dev/null @@ -1,275 +0,0 @@ -.\" $OpenBSD: BF_set_key.3,v 1.10 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL 99d63d46 Jul 19 09:27:53 2016 -0400 -.\" -.\" This file was written by Richard Levitte . -.\" Copyright (c) 2000, 2002, 2005, 2014, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt BF_SET_KEY 3 -.Os -.Sh NAME -.Nm BF_set_key , -.Nm BF_encrypt , -.Nm BF_decrypt , -.Nm BF_ecb_encrypt , -.Nm BF_cbc_encrypt , -.Nm BF_cfb64_encrypt , -.Nm BF_ofb64_encrypt , -.Nm BF_options -.Nd Blowfish encryption -.Sh SYNOPSIS -.In openssl/blowfish.h -.Ft void -.Fo BF_set_key -.Fa "BF_KEY *key" -.Fa "int len" -.Fa "const unsigned char *data" -.Fc -.Ft void -.Fo BF_encrypt -.Fa "BF_LONG *data" -.Fa "const BF_KEY *key" -.Fc -.Ft void -.Fo BF_decrypt -.Fa "BF_LONG *data" -.Fa "const BF_KEY *key" -.Fc -.Ft void -.Fo BF_ecb_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "BF_KEY *key" -.Fa "int enc" -.Fc -.Ft void -.Fo BF_cbc_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "long length" -.Fa "BF_KEY *schedule" -.Fa "unsigned char *ivec" -.Fa "int enc" -.Fc -.Ft void -.Fo BF_cfb64_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "long length" -.Fa "BF_KEY *schedule" -.Fa "unsigned char *ivec" -.Fa "int *num" -.Fa "int enc" -.Fc -.Ft void -.Fo BF_ofb64_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "long length" -.Fa "BF_KEY *schedule" -.Fa "unsigned char *ivec" -.Fa "int *num" -.Fc -.Ft const char * -.Fo BF_options -.Fa void -.Fc -.Sh DESCRIPTION -This library implements the Blowfish cipher, -which was invented and defined by -.An Counterpane . -Note that applications should use higher level functions such as -.Xr EVP_EncryptInit 3 -instead of calling the Blowfish functions directly. -.Pp -Blowfish is a block cipher that operates on 64-bit (8 byte) blocks of data. -It uses a variable size key, but typically, 128-bit (16 byte) keys -are considered good for strong encryption. -Blowfish can be used in the same modes as DES -and is currently one of the faster block ciphers. -It is quite a bit faster than DES, and much faster than IDEA or RC2. -.Pp -Blowfish consists of a key setup phase -and the actual encryption or decryption phase. -.Pp -.Fn BF_set_key -sets up the -.Vt BF_KEY -.Fa key -using the -.Fa len -bytes long key at -.Fa data . -.Pp -.Fn BF_ecb_encrypt -is the basic Blowfish encryption and decryption function. -It encrypts or decrypts the first 64 bits of -.Fa in -using the key -.Fa key , -putting the result in -.Fa out . -.Fa enc -decides if encryption -.Pq Dv BF_ENCRYPT -or decryption -.Pq Dv BF_DECRYPT -shall be performed. -The vector pointed at by -.Fa in -and -.Fa out -must be 64 bits in length, no less. -If they are larger, everything after the first 64 bits is ignored. -.Pp -The mode functions -.Fn BF_cbc_encrypt , -.Fn BF_cfb64_encrypt , -and -.Fn BF_ofb64_encrypt -all operate on variable length data. -They all take an initialization vector -.Fa ivec -which needs to be passed along into the next call of the same function -for the same message. -.Fa ivec -may be initialized with anything, but the recipient needs to know what -it was initialized with, or it won't be able to decrypt. -Some programs and protocols simplify this, like SSH, where -.Fa ivec -is simply initialized to zero. -.Fn BF_cbc_encrypt -operates on data that is a multiple of 8 bytes long, while -.Fn BF_cfb64_encrypt -and -.Fn BF_ofb64_encrypt -are used to encrypt a variable number of bytes (the amount -does not have to be an exact multiple of 8). -The purpose of the latter two is to simulate stream ciphers and, -therefore, they need the parameter -.Fa num , -which is a pointer to an integer where the current offset in -.Fa ivec -is stored between calls. -This integer must be initialized to zero when -.Fa ivec -is initialized. -.Pp -.Fn BF_cbc_encrypt -is the Cipher Block Chaining function for Blowfish. -It encrypts or decrypts the 64-bit chunks of -.Fa in -using the key -.Fa schedule , -putting the result in -.Fa out . -.Fa enc -decides if encryption -.Pq Dv BF_ENCRYPT -or decryption -.Pq Dv BF_DECRYPT -shall be performed. -.Fa ivec -must point at an 8-byte long initialization vector. -.Pp -.Fn BF_cfb64_encrypt -is the CFB mode for Blowfish with 64-bit feedback. -It encrypts or decrypts the bytes in -.Fa in -using the key -.Fa schedule , -putting the result in -.Fa out . -.Fa enc -decides if encryption -.Pq Dv BF_ENCRYPT -or decryption -.Pq Dv BF_DECRYPT -shall be performed. -.Fa ivec -must point at an -8-byte long initialization vector. -.Fa num -must point at an integer which must be initially zero. -.Pp -.Fn BF_ofb64_encrypt -is the OFB mode for Blowfish with 64-bit feedback. -It uses the same parameters as -.Fn BF_cfb64_encrypt , -which must be initialized the same way. -.Pp -.Fn BF_encrypt -and -.Fn BF_decrypt -are the lowest level functions for Blowfish encryption. -They encrypt/decrypt the first 64 bits of the vector pointed by -.Fa data , -using the key -.Fa key . -These functions should not be used unless implementing `modes' of Blowfish. -The alternative is to use -.Fn BF_ecb_encrypt . -Be aware that these functions take each 32-bit chunk in host-byte order, -which is little-endian on little-endian platforms -and big-endian on big-endian ones. -.Sh SEE ALSO -.Xr EVP_EncryptInit 3 -.Sh HISTORY -.Fn BF_set_key , -.Fn BF_encrypt , -.Fn BF_ecb_encrypt , -.Fn BF_cbc_encrypt , -.Fn BF_cfb64_encrypt , -.Fn BF_ofb64_encrypt , -and -.Fn BF_options -first appeared in SSLeay 0.6.6. -.Fn BF_decrypt -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_ctrl.3 b/src/lib/libcrypto/man/BIO_ctrl.3 deleted file mode 100644 index 24265c0318..0000000000 --- a/src/lib/libcrypto/man/BIO_ctrl.3 +++ /dev/null @@ -1,354 +0,0 @@ -.\" $OpenBSD: BIO_ctrl.3,v 1.15 2020/12/03 22:47:21 jmc Exp $ -.\" OpenSSL b055fceb Thu Oct 20 09:56:18 2016 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: December 3 2020 $ -.Dt BIO_CTRL 3 -.Os -.Sh NAME -.Nm BIO_ctrl , -.Nm BIO_callback_ctrl , -.Nm BIO_ptr_ctrl , -.Nm BIO_int_ctrl , -.Nm BIO_reset , -.Nm BIO_seek , -.Nm BIO_tell , -.Nm BIO_flush , -.Nm BIO_eof , -.Nm BIO_set_close , -.Nm BIO_get_close , -.Nm BIO_pending , -.Nm BIO_wpending , -.Nm BIO_ctrl_pending , -.Nm BIO_ctrl_wpending , -.Nm BIO_get_info_callback , -.Nm BIO_set_info_callback , -.Nm bio_info_cb -.Nd BIO control operations -.Sh SYNOPSIS -.In openssl/bio.h -.Ft long -.Fo BIO_ctrl -.Fa "BIO *bp" -.Fa "int cmd" -.Fa "long larg" -.Fa "void *parg" -.Fc -.Ft long -.Fo BIO_callback_ctrl -.Fa "BIO *b" -.Fa "int cmd" -.Fa "bio_info_cb cb" -.Fc -.Ft char * -.Fo BIO_ptr_ctrl -.Fa "BIO *bp" -.Fa "int cmd" -.Fa "long larg" -.Fc -.Ft long -.Fo BIO_int_ctrl -.Fa "BIO *bp" -.Fa "int cmd" -.Fa "long larg" -.Fa "int iarg" -.Fc -.Ft int -.Fo BIO_reset -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_seek -.Fa "BIO *b" -.Fa "int ofs" -.Fc -.Ft int -.Fo BIO_tell -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_flush -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_eof -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_set_close -.Fa "BIO *b" -.Fa "long flag" -.Fc -.Ft int -.Fo BIO_get_close -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_pending -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_wpending -.Fa "BIO *b" -.Fc -.Ft size_t -.Fo BIO_ctrl_pending -.Fa "BIO *b" -.Fc -.Ft size_t -.Fo BIO_ctrl_wpending -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_get_info_callback -.Fa "BIO *b" -.Fa "bio_info_cb **cbp" -.Fc -.Ft int -.Fo BIO_set_info_callback -.Fa "BIO *b" -.Fa "bio_info_cb *cb" -.Fc -.Ft typedef void -.Fo bio_info_cb -.Fa "BIO *b" -.Fa "int oper" -.Fa "const char *ptr" -.Fa "int arg1" -.Fa "long arg2" -.Fa "long arg3" -.Fc -.Sh DESCRIPTION -.Fn BIO_ctrl , -.Fn BIO_callback_ctrl , -.Fn BIO_ptr_ctrl , -and -.Fn BIO_int_ctrl -are BIO "control" operations taking arguments of various types. -These functions are not normally called directly - -various macros are used instead. -The standard macros are described below. -Macros specific to a particular type of BIO -are described in the specific BIO's manual page -as well as any special features of the standard calls. -.Pp -.Fn BIO_reset -typically resets a BIO to some initial state. -In the case of file related BIOs, for example, -it rewinds the file pointer to the start of the file. -.Pp -.Fn BIO_seek -resets a file related BIO's (that is file descriptor and -FILE BIOs) file position pointer to -.Fa ofs -bytes from start of file. -.Pp -.Fn BIO_tell -returns the current file position of a file related BIO. -.Pp -.Fn BIO_flush -normally writes out any internally buffered data. -In some cases it is used to signal EOF and that no more data will be written. -.Pp -.Fn BIO_eof -returns 1 if the BIO has read EOF. -The precise meaning of "EOF" varies according to the BIO type. -.Pp -.Fn BIO_set_close -sets the BIO -.Fa b -close flag to -.Fa flag . -.Fa flag -can take the value -.Dv BIO_CLOSE -or -.Dv BIO_NOCLOSE . -Typically -.Dv BIO_CLOSE -is used in a source/sink BIO to indicate that the underlying I/O stream -should be closed when the BIO is freed. -.Pp -.Fn BIO_get_close -returns the BIO's close flag. -.Pp -.Fn BIO_pending , -.Fn BIO_ctrl_pending , -.Fn BIO_wpending , -and -.Fn BIO_ctrl_wpending -return the number of pending characters in the BIO's read and write buffers. -Not all BIOs support these calls. -.Fn BIO_ctrl_pending -and -.Fn BIO_ctrl_wpending -return a -.Vt size_t -type and are functions. -.Fn BIO_pending -and -.Fn BIO_wpending -are macros which call -.Fn BIO_ctrl . -.Sh RETURN VALUES -.Fn BIO_reset -normally returns 1 for success and 0 or -1 for failure. -File BIOs are an exception, returning 0 for success and -1 for failure. -.Pp -.Fn BIO_seek -and -.Fn BIO_tell -both return the current file position on success -and -1 for failure, except file BIOs which for -.Fn BIO_seek -always return 0 for success and -1 for failure. -.Pp -.Fn BIO_flush -returns 1 for success and 0 or -1 for failure. -.Pp -.Fn BIO_eof -returns 1 if EOF has been reached or 0 otherwise. -.Pp -.Fn BIO_set_close -always returns 1. -.Pp -.Fn BIO_get_close -returns the close flag value -.Dv BIO_CLOSE -or -.Dv BIO_NOCLOSE . -.Pp -.Fn BIO_pending , -.Fn BIO_ctrl_pending , -.Fn BIO_wpending , -and -.Fn BIO_ctrl_wpending -return the amount of pending data. -.Sh NOTES -Because it can write data, -.Fn BIO_flush -may return 0 or -1 indicating that the call should be retried later -in a similar manner to -.Xr BIO_write 3 . -The -.Xr BIO_should_retry 3 -call should be used and appropriate action taken if the call fails. -.Pp -The return values of -.Fn BIO_pending -and -.Fn BIO_wpending -may not reliably determine the amount of pending data in all cases. -For example in the case of a file BIO some data may be available in the -.Vt FILE -structure's internal buffers but it is not possible -to determine this in a portable way. -For other types of BIO they may not be supported. -.Pp -If they do not internally handle a particular -.Fn BIO_ctrl -operation, filter BIOs usually pass the operation -to the next BIO in the chain. -This often means there is no need to locate the required BIO for -a particular operation: it can be called on a chain and it will -be automatically passed to the relevant BIO. -However this can cause unexpected results. -For example no current filter BIOs implement -.Fn BIO_seek , -but this may still succeed if the chain ends -in a FILE or file descriptor BIO. -.Pp -Source/sink BIOs return a 0 if they do not recognize the -.Fn BIO_ctrl -operation. -.Sh SEE ALSO -.Xr BIO_meth_new 3 , -.Xr BIO_new 3 -.Sh HISTORY -.Fn BIO_ctrl , -.Fn BIO_reset , -.Fn BIO_flush , -.Fn BIO_eof , -.Fn BIO_set_close , -.Fn BIO_get_close , -and -.Fn BIO_pending -first appeared in SSLeay 0.6.0. -.Fn BIO_wpending -first appeared in SSLeay 0.8.1. -.Fn BIO_ptr_ctrl , -.Fn BIO_int_ctrl , -.Fn BIO_get_info_callback -and -.Fn BIO_set_info_callback -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn BIO_seek -and -.Fn BIO_tell -first appeared in SSLeay 0.9.1. -.Fn BIO_ctrl_pending -and -.Fn BIO_ctrl_wpending -first appeared in OpenSSL 0.9.4. -These functions have been available since -.Ox 2.6 . -.Pp -.Fn BIO_callback_ctrl -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Sh BUGS -Some of the return values are ambiguous and care should be taken. -In particular a return value of 0 can be returned if an operation -is not supported, if an error occurred, if EOF has not been reached -and in the case of -.Fn BIO_seek -on a file BIO for a successful operation. diff --git a/src/lib/libcrypto/man/BIO_dump.3 b/src/lib/libcrypto/man/BIO_dump.3 deleted file mode 100644 index 1b66d95679..0000000000 --- a/src/lib/libcrypto/man/BIO_dump.3 +++ /dev/null @@ -1,125 +0,0 @@ -.\" $OpenBSD: BIO_dump.3,v 1.2 2021/07/11 20:18:07 beck Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 11 2021 $ -.Dt BIO_DUMP 3 -.Os -.Sh NAME -.Nm BIO_dump , -.Nm BIO_dump_indent , -.Nm BIO_dump_fp , -.Nm BIO_dump_indent_fp -.Nd hexadecimal printout of arbitrary byte arrays -.Sh SYNOPSIS -.In openssl/bio.h -.Ft int -.Fo BIO_dump -.Fa "BIO *b" -.Fa "const char *s" -.Fa "int len" -.Fc -.Ft int -.Fo BIO_dump_indent -.Fa "BIO *b" -.Fa "const char *s" -.Fa "int len" -.Fa "int indent" -.Fc -.Ft int -.Fo BIO_dump_fp -.Fa "FILE *fp" -.Fa "const char *s" -.Fa "int len" -.Fc -.Ft int -.Fo BIO_dump_indent_fp -.Fa "FILE *fp" -.Fa "const char *s" -.Fa "int len" -.Fa "int indent" -.Fc -.Sh DESCRIPTION -.Fn BIO_dump -prints -.Fa len -bytes starting at -.Fa s -to -.Fa bio -in hexadecimal format. -.Pp -The first column of output contains the index, in the byte array starting at -.Fa s , -of the first byte shown on the respective output line, expressed as a -four-digit hexadecimal number starting at 0000, followed by a dash. -After the dash, sixteen bytes of data are printed as two-digit -hexadecimal numbers, respecting the order in which they appear in -the array -.Fa s . -Another dash is printed after the eighth column. -.Pp -To the right of the hexadecimal representation of the bytes, -the same bytes are printed again, this time as ASCII characters. -Non-printable ASCII characters are replaced with dots. -.Pp -Trailing space characters and NUL bytes are omitted from the main table. -If there are any, an additional line is printed, constisting of the -.Fa len -argument as a four-digit hexadecimal number, a dash, and the fixed string -.Qq . -.Pp -.Fn BIO_dump_indent -is similar except that -.Fa indent -space characters are prepended to each output line. -If -.Fa indent -is 7 or more, the number of data columns is reduced such that the -total width of the output does not exceed 79 characters per line. -.Pp -.Fn BIO_dump_fp -and -.Fn BIO_dump_indent_fp -are similar except that -.Xr fwrite 3 -is used instead of -.Xr BIO_write 3 . -.Sh RETURN VALUES -On success these functions return the total number of bytes written by -.Xr BIO_write 3 -or -.Xr fwrite 3 . -If a failure occurs at any point when writing, these -functions will stop after having potentially written out partial results, -and return -1. -.Sh SEE ALSO -.Xr hexdump 1 , -.Xr BIO_new 3 , -.Xr BIO_write 3 -.Sh HISTORY -.Fn BIO_dump -first appeared in SSLeay 0.6.5 and has been available since -.Ox 2.4 . -.Pp -.Fn BIO_dump_indent -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . -.Pp -.Fn BIO_dump_fp -and -.Fn BIO_dump_indent_fp -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/BIO_f_base64.3 b/src/lib/libcrypto/man/BIO_f_base64.3 deleted file mode 100644 index 68265b6c9e..0000000000 --- a/src/lib/libcrypto/man/BIO_f_base64.3 +++ /dev/null @@ -1,135 +0,0 @@ -.\" $OpenBSD: BIO_f_base64.3,v 1.11 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL fc1d88f0 Wed Jul 2 22:42:40 2014 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2003, 2005, 2014 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt BIO_F_BASE64 3 -.Os -.Sh NAME -.Nm BIO_f_base64 -.Nd base64 BIO filter -.Sh SYNOPSIS -.In openssl/bio.h -.In openssl/evp.h -.Ft const BIO_METHOD * -.Fo BIO_f_base64 -.Fa void -.Fc -.Sh DESCRIPTION -.Fn BIO_f_base64 -returns the base64 BIO method. -This is a filter BIO that base64 encodes any data written through it -and decodes any data read through it. -.Pp -Base64 BIOs do not support -.Xr BIO_gets 3 -or -.Xr BIO_puts 3 . -.Pp -.Xr BIO_flush 3 -on a base64 BIO that is being written through -is used to signal that no more data is to be encoded: -this is used to flush the final block through the BIO. -.Pp -To encode the data all on one line and to expect the data to be all -on one line, initialize the base64 BIO as follows: -.Bd -literal -offset indent -BIO *b64 = BIO_new(BIO_f_base64()); -BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); -.Ed -.Sh RETURN VALUES -.Fn BIO_f_base64 -returns the base64 BIO method. -.Sh EXAMPLES -Base64 encode the string "Hello World\en" -and write the result to standard output: -.Bd -literal -offset indent -BIO *bio, *b64; -char message[] = "Hello World \en"; - -b64 = BIO_new(BIO_f_base64()); -bio = BIO_new_fp(stdout, BIO_NOCLOSE); -BIO_push(b64, bio); -BIO_write(b64, message, strlen(message)); -BIO_flush(b64); - -BIO_free_all(b64); -.Ed -.Pp -Read Base64-encoded data from standard input -and write the decoded data to standard output: -.Bd -literal -offset indent -BIO *bio, *b64, *bio_out; -char inbuf[512]; -int inlen; - -b64 = BIO_new(BIO_f_base64()); -bio = BIO_new_fp(stdin, BIO_NOCLOSE); -bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); -BIO_push(b64, bio); -while((inlen = BIO_read(b64, inbuf, 512)) > 0) - BIO_write(bio_out, inbuf, inlen); - -BIO_flush(bio_out); -BIO_free_all(b64); -.Ed -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr EVP_EncodeInit 3 -.Sh HISTORY -.Fn BIO_f_base64 -first appeared in SSLeay 0.6.5 and has been available since -.Ox 2.4 . -.Sh BUGS -The ambiguity of EOF in base64-encoded data can cause additional -data following the base64-encoded block to be misinterpreted. -.Pp -There should be some way of specifying a test that the BIO can perform -to reliably determine EOF (for example a MIME boundary). diff --git a/src/lib/libcrypto/man/BIO_f_buffer.3 b/src/lib/libcrypto/man/BIO_f_buffer.3 deleted file mode 100644 index 21a6e9a5fe..0000000000 --- a/src/lib/libcrypto/man/BIO_f_buffer.3 +++ /dev/null @@ -1,197 +0,0 @@ -.\" $OpenBSD: BIO_f_buffer.3,v 1.10 2018/05/01 17:05:05 schwarze Exp $ -.\" OpenSSL 9b86974e Mar 19 12:32:14 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2010, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 1 2018 $ -.Dt BIO_F_BUFFER 3 -.Os -.Sh NAME -.Nm BIO_f_buffer , -.Nm BIO_get_buffer_num_lines , -.Nm BIO_set_read_buffer_size , -.Nm BIO_set_write_buffer_size , -.Nm BIO_set_buffer_size , -.Nm BIO_set_buffer_read_data -.Nd buffering BIO -.Sh SYNOPSIS -.In openssl/bio.h -.Ft const BIO_METHOD * -.Fo BIO_f_buffer -.Fa void -.Fc -.Ft long -.Fo BIO_get_buffer_num_lines -.Fa "BIO *b" -.Fc -.Ft long -.Fo BIO_set_read_buffer_size -.Fa "BIO *b" -.Fa "long size" -.Fc -.Ft long -.Fo BIO_set_write_buffer_size -.Fa "BIO *b" -.Fa "long size" -.Fc -.Ft long -.Fo BIO_set_buffer_size -.Fa "BIO *b" -.Fa "long size" -.Fc -.Fo BIO_set_buffer_read_data -.Fa "BIO *b" -.Fa "void *buf" -.Fa "long num" -.Fc -.Sh DESCRIPTION -.Fn BIO_f_buffer -returns the buffering BIO method. -.Pp -Data written to a buffering BIO is buffered and periodically written -to the next BIO in the chain. -Data read from a buffering BIO comes from an internal buffer -which is filled from the next BIO in the chain. -Both -.Xr BIO_gets 3 -and -.Xr BIO_puts 3 -are supported. -.Pp -Calling -.Xr BIO_reset 3 -on a buffering BIO clears any buffered data. -.Pp -.Fn BIO_get_buffer_num_lines -returns the number of lines currently buffered. -.Pp -.Fn BIO_set_read_buffer_size , -.Fn BIO_set_write_buffer_size , -and -.Fn BIO_set_buffer_size -set the read, write or both read and write buffer sizes to -.Fa size . -The initial buffer size is -.Dv DEFAULT_BUFFER_SIZE , -currently 4096. -Any attempt to reduce the buffer size below -.Dv DEFAULT_BUFFER_SIZE -is ignored. -Any buffered data is cleared when the buffer is resized. -.Pp -.Fn BIO_set_buffer_read_data -clears the read buffer and fills it with -.Fa num -bytes of -.Fa buf . -If -.Fa num -is larger than the current buffer size the buffer is expanded. -.Pp -Except -.Fn BIO_f_buffer , -these functions are implemented as macros. -.Pp -Buffering BIOs implement -.Xr BIO_gets 3 -by using -.Xr BIO_read 3 -operations on the next BIO in the chain. -By prepending a buffering BIO to a chain -it is therefore possible to provide the functionality of -.Xr BIO_gets 3 -if the following BIOs do not support it (for example SSL BIOs). -.Pp -Data is only written to the next BIO in the chain -when the write buffer fills or when -.Xr BIO_flush 3 -is called. -It is therefore important to call -.Xr BIO_flush 3 -whenever any pending data should be written -such as when removing a buffering BIO using -.Xr BIO_pop 3 . -.Xr BIO_flush 3 -may need to be retried if the ultimate source/sink BIO is non-blocking. -.Sh RETURN VALUES -.Fn BIO_f_buffer -returns the buffering BIO method. -.Pp -.Fn BIO_get_buffer_num_lines -returns the number of lines buffered (may be 0). -.Pp -.Fn BIO_set_read_buffer_size , -.Fn BIO_set_write_buffer_size , -and -.Fn BIO_set_buffer_size -return 1 if the buffer was successfully resized or 0 for failure. -.Pp -.Fn BIO_set_buffer_read_data -returns 1 if the data was set correctly or 0 if there was an error. -.Sh SEE ALSO -.Xr BIO_ctrl 3 , -.Xr BIO_flush 3 , -.Xr BIO_new 3 , -.Xr BIO_pop 3 , -.Xr BIO_reset 3 -.Sh HISTORY -.Fn BIO_f_buffer -first appeared in SSLeay 0.6.0. -.Fn BIO_get_buffer_num_lines -and -.Fn BIO_set_buffer_size -first appeared in SSLeay 0.6.5. -.Fn BIO_set_read_buffer_size -and -.Fn BIO_set_write_buffer_size -first appeared in SSLeay 0.8.0. -.Fn BIO_set_buffer_read_data -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_f_cipher.3 b/src/lib/libcrypto/man/BIO_f_cipher.3 deleted file mode 100644 index 6a4e7c53eb..0000000000 --- a/src/lib/libcrypto/man/BIO_f_cipher.3 +++ /dev/null @@ -1,178 +0,0 @@ -.\" $OpenBSD: BIO_f_cipher.3,v 1.12 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2003, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt BIO_F_CIPHER 3 -.Os -.Sh NAME -.Nm BIO_f_cipher , -.Nm BIO_set_cipher , -.Nm BIO_get_cipher_status , -.Nm BIO_get_cipher_ctx -.Nd cipher BIO filter -.Sh SYNOPSIS -.In openssl/bio.h -.In openssl/evp.h -.Ft const BIO_METHOD * -.Fo BIO_f_cipher -.Fa void -.Fc -.Ft int -.Fo BIO_set_cipher -.Fa "BIO *b" -.Fa "const EVP_CIPHER *cipher" -.Fa "unsigned char *key" -.Fa "unsigned char *iv" -.Fa "int enc" -.Fc -.Ft int -.Fo BIO_get_cipher_status -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_get_cipher_ctx -.Fa "BIO *b" -.Fa "EVP_CIPHER_CTX **pctx" -.Fc -.Sh DESCRIPTION -.Fn BIO_f_cipher -returns the cipher BIO method. -This is a filter BIO that encrypts any data written through it, -and decrypts any data read from it. -It is a BIO wrapper for the cipher routines -.Xr EVP_CipherInit 3 , -.Xr EVP_CipherUpdate 3 , -and -.Xr EVP_CipherFinal 3 . -.Pp -Cipher BIOs do not support -.Xr BIO_gets 3 -or -.Xr BIO_puts 3 . -.Pp -.Xr BIO_flush 3 -on an encryption BIO that is being written through -is used to signal that no more data is to be encrypted: -this is used to flush and possibly pad the final block through the BIO. -.Pp -.Fn BIO_set_cipher -sets the cipher of BIO -.Fa b -to -.Fa cipher -using key -.Fa key -and IV -.Fa iv . -.Fa enc -should be set to 1 for encryption and zero for decryption. -.Pp -When reading from an encryption BIO, the final block is automatically -decrypted and checked when EOF is detected. -.Fn BIO_get_cipher_status -is a -.Xr BIO_ctrl 3 -macro which can be called to determine -whether the decryption operation was successful. -.Pp -.Fn BIO_get_cipher_ctx -is a -.Xr BIO_ctrl 3 -macro which retrieves the internal BIO cipher context. -The retrieved context can be used in conjunction -with the standard cipher routines to set it up. -This is useful when -.Fn BIO_set_cipher -is not flexible enough for the applications needs. -.Pp -When encrypting, -.Xr BIO_flush 3 -must be called to flush the final block through the BIO. -If it is not, then the final block will fail a subsequent decrypt. -.Pp -When decrypting, an error on the final block is signalled -by a zero return value from the read operation. -A successful decrypt followed by EOF -will also return zero for the final read. -.Fn BIO_get_cipher_status -should be called to determine if the decrypt was successful. -.Pp -As always, if -.Xr BIO_gets 3 -or -.Xr BIO_puts 3 -support is needed, then it can be achieved -by preceding the cipher BIO with a buffering BIO. -.Sh RETURN VALUES -.Fn BIO_f_cipher -returns the cipher BIO method. -.Fn BIO_set_cipher -returns 1 on success and 0 on error. -.Pp -.Fn BIO_get_cipher_status -returns 1 for a successful decrypt and 0 for failure. -.Pp -.Fn BIO_get_cipher_ctx -currently always returns 1. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr EVP_EncryptInit 3 -.Sh HISTORY -.Fn BIO_f_cipher , -.Fn BIO_set_cipher , -and -.Fn BIO_get_cipher_status -first appeared in SSLeay 0.6.5 and have been available since -.Ox 2.4 . -.Pp -.Fn BIO_get_cipher_ctx -first appeared in SSLeay 0.9.1 and has been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BIO_f_md.3 b/src/lib/libcrypto/man/BIO_f_md.3 deleted file mode 100644 index d1519bb079..0000000000 --- a/src/lib/libcrypto/man/BIO_f_md.3 +++ /dev/null @@ -1,279 +0,0 @@ -.\" $OpenBSD: BIO_f_md.3,v 1.11 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2006, 2009, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt BIO_F_MD 3 -.Os -.Sh NAME -.Nm BIO_f_md , -.Nm BIO_set_md , -.Nm BIO_get_md , -.Nm BIO_get_md_ctx -.Nd message digest BIO filter -.Sh SYNOPSIS -.In openssl/bio.h -.In openssl/evp.h -.Ft const BIO_METHOD * -.Fo BIO_f_md -.Fa void -.Fc -.Ft int -.Fo BIO_set_md -.Fa "BIO *b" -.Fa "EVP_MD *md" -.Fc -.Ft int -.Fo BIO_get_md -.Fa "BIO *b" -.Fa "EVP_MD **mdp" -.Fc -.Ft int -.Fo BIO_get_md_ctx -.Fa "BIO *b" -.Fa "EVP_MD_CTX **mdcp" -.Fc -.Sh DESCRIPTION -.Fn BIO_f_md -returns the message digest BIO method. -This is a filter BIO that digests any data passed through it. -It is a BIO wrapper for the digest routines -.Xr EVP_DigestInit 3 , -.Xr EVP_DigestUpdate 3 , -and -.Xr EVP_DigestFinal 3 . -.Pp -Any data written or read through a digest BIO using -.Xr BIO_read 3 -and -.Xr BIO_write 3 -is digested. -.Pp -.Xr BIO_gets 3 , -if its -.Sy size -parameter is large enough, -finishes the digest calculation and returns the digest value. -.Xr BIO_puts 3 -is -not supported. -.Pp -.Xr BIO_reset 3 -reinitialises a digest BIO. -.Pp -.Fn BIO_set_md -sets the message digest of BIO -.Fa b -to -.Fa md : -this must be called to initialize a digest BIO -before any data is passed through it. -It is a -.Xr BIO_ctrl 3 -macro. -.Pp -.Fn BIO_get_md -places a pointer to the digest BIOs digest method in -.Fa mdp . -It is a -.Xr BIO_ctrl 3 -macro. -.Pp -.Fn BIO_get_md_ctx -returns the digest BIOs context in -.Fa mdcp . -.Pp -The context returned by -.Fn BIO_get_md_ctx -can be used in calls to -.Xr EVP_DigestFinal 3 -and also in the signature routines -.Xr EVP_SignFinal 3 -and -.Xr EVP_VerifyFinal 3 . -.Pp -The context returned by -.Fn BIO_get_md_ctx -is an internal context structure. -Changes made to this context will affect the digest BIO itself, and -the context pointer will become invalid when the digest BIO is freed. -.Pp -After the digest has been retrieved from a digest BIO, -it must be reinitialized by calling -.Xr BIO_reset 3 -or -.Fn BIO_set_md -before any more data is passed through it. -.Pp -If an application needs to call -.Xr BIO_gets 3 -or -.Xr BIO_puts 3 -through a chain containing digest BIOs, -then this can be done by prepending a buffering BIO. -.Pp -Calling -.Fn BIO_get_md_ctx -will return the context and initialize the -.Vt BIO -state. -This allows applications to initialize the context externally -if the standard calls such as -.Fn BIO_set_md -are not sufficiently flexible. -.Sh RETURN VALUES -.Fn BIO_f_md -returns the digest BIO method. -.Pp -.Fn BIO_set_md , -.Fn BIO_get_md , -and -.Fn BIO_get_md_ctx -return 1 for success and 0 for failure. -.Sh EXAMPLES -The following example creates a BIO chain containing a SHA-1 and MD5 -digest BIO and passes the string "Hello World" through it. -Error checking has been omitted for clarity. -.Bd -literal -offset 2n -BIO *bio, *mdtmp; -const char message[] = "Hello World"; -bio = BIO_new(BIO_s_null()); -mdtmp = BIO_new(BIO_f_md()); -BIO_set_md(mdtmp, EVP_sha1()); -/* - * For BIO_push() we want to append the sink BIO - * and keep a note of the start of the chain. - */ -bio = BIO_push(mdtmp, bio); -mdtmp = BIO_new(BIO_f_md()); -BIO_set_md(mdtmp, EVP_md5()); -bio = BIO_push(mdtmp, bio); -/* Note: mdtmp can now be discarded */ -BIO_write(bio, message, strlen(message)); -.Ed -.Pp -The next example digests data by reading through a chain instead: -.Bd -literal -offset 2n -BIO *bio, *mdtmp; -char buf[1024]; -int rdlen; - -bio = BIO_new_file(file, "rb"); -mdtmp = BIO_new(BIO_f_md()); -BIO_set_md(mdtmp, EVP_sha1()); -bio = BIO_push(mdtmp, bio); -mdtmp = BIO_new(BIO_f_md()); -BIO_set_md(mdtmp, EVP_md5()); -bio = BIO_push(mdtmp, bio); -do { - rdlen = BIO_read(bio, buf, sizeof(buf)); - /* Might want to do something with the data here */ -} while (rdlen > 0); -.Ed -.Pp -This next example retrieves the message digests from a BIO chain -and outputs them. -This could be used with the examples above. -.Bd -literal -offset 2n -BIO *mdtmp; -unsigned char mdbuf[EVP_MAX_MD_SIZE]; -int mdlen; -int i; - -mdtmp = bio; /* Assume bio has previously been set up */ -do { - EVP_MD *md; - mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); - if (!mdtmp) - break; - BIO_get_md(mdtmp, &md); - printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); - mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); - for(i = 0; i < mdlen; i++) - printf(":%02X", mdbuf[i]); - printf("\en"); - mdtmp = BIO_next(mdtmp); -} while(mdtmp); -BIO_free_all(bio); -.Ed -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr EVP_DigestInit 3 -.Sh HISTORY -.Fn BIO_f_md , -.Fn BIO_set_md , -and -.Fn BIO_get_md -first appeared in SSLeay 0.6.0. -.Fn BIO_get_md_ctx -first appeared in SSLeay 0.8.1. -These functions have been available since -.Ox 2.4 . -.Pp -Before OpenSSL 1.0.0, the call to -.Fn BIO_get_md_ctx -would only work if the -.Vt BIO -had been initialized, for example by calling -.Fn BIO_set_md . -.Sh BUGS -The lack of support for -.Xr BIO_puts 3 -and the non-standard behaviour of -.Xr BIO_gets 3 -could be regarded as anomalous. -It could be argued that -.Xr BIO_gets 3 -and -.Xr BIO_puts 3 -should be passed to the next BIO in the chain and digest the data -passed through and that digests should be retrieved using a separate -.Xr BIO_ctrl 3 -call. diff --git a/src/lib/libcrypto/man/BIO_f_null.3 b/src/lib/libcrypto/man/BIO_f_null.3 deleted file mode 100644 index 755f37dae7..0000000000 --- a/src/lib/libcrypto/man/BIO_f_null.3 +++ /dev/null @@ -1,80 +0,0 @@ -.\" $OpenBSD: BIO_f_null.3,v 1.9 2018/05/01 17:05:05 schwarze Exp $ -.\" OpenSSL e117a890 Sep 14 12:14:41 2000 +0000 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 1 2018 $ -.Dt BIO_F_NULL 3 -.Os -.Sh NAME -.Nm BIO_f_null -.Nd null filter -.Sh SYNOPSIS -.In openssl/bio.h -.Ft const BIO_METHOD * -.Fo BIO_f_null -.Fa void -.Fc -.Sh DESCRIPTION -.Fn BIO_f_null -returns the null filter BIO method. -This is a filter BIO that does nothing. -As may be apparent, a null filter BIO is not particularly useful. -.Pp -All requests to a null filter BIO are passed through to the next BIO -in the chain: this means that a BIO chain containing a null filter BIO -behaves just as though the BIO was not there. -.Sh RETURN VALUES -.Fn BIO_f_null -returns the null filter BIO method. -.Sh SEE ALSO -.Xr BIO_new 3 -.Sh HISTORY -.Fn BIO_f_null -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_find_type.3 b/src/lib/libcrypto/man/BIO_find_type.3 deleted file mode 100644 index 99e93167a5..0000000000 --- a/src/lib/libcrypto/man/BIO_find_type.3 +++ /dev/null @@ -1,175 +0,0 @@ -.\" $OpenBSD: BIO_find_type.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2013, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt BIO_FIND_TYPE 3 -.Os -.Sh NAME -.Nm BIO_find_type , -.Nm BIO_next , -.Nm BIO_method_type -.Nd BIO chain traversal -.Sh SYNOPSIS -.In openssl/bio.h -.Ft BIO * -.Fo BIO_find_type -.Fa "BIO *b" -.Fa "int bio_type" -.Fc -.Ft BIO * -.Fo BIO_next -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_method_type -.Fa "const BIO *b" -.Fc -.Fd #define BIO_TYPE_NONE 0 -.Fd #define BIO_TYPE_MEM (1|0x0400) -.Fd #define BIO_TYPE_FILE (2|0x0400) -.Fd #define BIO_TYPE_FD (4|0x0400|0x0100) -.Fd #define BIO_TYPE_SOCKET (5|0x0400|0x0100) -.Fd #define BIO_TYPE_NULL (6|0x0400) -.Fd #define BIO_TYPE_SSL (7|0x0200) -.Fd #define BIO_TYPE_MD (8|0x0200) -.Fd #define BIO_TYPE_BUFFER (9|0x0200) -.Fd #define BIO_TYPE_CIPHER (10|0x0200) -.Fd #define BIO_TYPE_BASE64 (11|0x0200) -.Fd #define BIO_TYPE_CONNECT (12|0x0400|0x0100) -.Fd #define BIO_TYPE_ACCEPT (13|0x0400|0x0100) -.Fd #define BIO_TYPE_PROXY_CLIENT (14|0x0200) -.Fd #define BIO_TYPE_PROXY_SERVER (15|0x0200) -.Fd #define BIO_TYPE_NBIO_TEST (16|0x0200) -.Fd #define BIO_TYPE_NULL_FILTER (17|0x0200) -.Fd #define BIO_TYPE_BER (18|0x0200) -.Fd #define BIO_TYPE_BIO (19|0x0400) -.Fd #define BIO_TYPE_DESCRIPTOR 0x0100 -.Fd #define BIO_TYPE_FILTER 0x0200 -.Fd #define BIO_TYPE_SOURCE_SINK 0x0400 -.Sh DESCRIPTION -The function -.Fn BIO_find_type -searches for a BIO of a given type in a chain, starting at BIO -.Fa b . -If -.Fa bio_type -is a specific type (such as -.Dv BIO_TYPE_MEM ) , -then a search is made for a BIO of that type. -If -.Fa bio_type -is a general type (such as -.Dv BIO_TYPE_SOURCE_SINK ) , -then the next matching BIO of the given general type is searched for. -.Fn BIO_find_type -returns the next matching BIO or -.Dv NULL -if none is found. -.Pp -Note: not all the -.Dv BIO_TYPE_* -types above have corresponding BIO implementations. -.Pp -.Fn BIO_next -returns the next BIO in a chain. -It can be used to traverse all BIOs in a chain or used in conjunction with -.Fn BIO_find_type -to find all BIOs of a certain type. -.Pp -.Fn BIO_method_type -returns the type of a BIO. -.Sh RETURN VALUES -.Fn BIO_find_type -returns a matching BIO or -.Dv NULL -for no match. -.Pp -.Fn BIO_next -returns the next BIO in a chain. -.Pp -.Fn BIO_method_type -returns the type of the BIO -.Fa b . -.Sh EXAMPLES -Traverse a chain looking for digest BIOs: -.Bd -literal -offset 2n -BIO *btmp; -btmp = in_bio; /* in_bio is chain to search through */ - -do { - btmp = BIO_find_type(btmp, BIO_TYPE_MD); - if (btmp == NULL) - break; /* Not found */ - /* btmp is a digest BIO, do something with it ...*/ - ... - - btmp = BIO_next(btmp); -} while(btmp); -.Ed -.Sh SEE ALSO -.Xr BIO_new 3 -.Sh HISTORY -.Fn BIO_method_type -first appeared in SSLeay 0.6.0. -.Fn BIO_find_type -first appeared in SSLeay 0.6.6. -Both functions have been available since -.Ox 2.4 . -.Pp -.Fn BIO_next -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . -.Sh BUGS -.Fn BIO_find_type -in OpenSSL 0.9.5a and earlier could not be safely passed a -.Dv NULL -pointer for the -.Fa b -argument. diff --git a/src/lib/libcrypto/man/BIO_get_data.3 b/src/lib/libcrypto/man/BIO_get_data.3 deleted file mode 100644 index 70944255e4..0000000000 --- a/src/lib/libcrypto/man/BIO_get_data.3 +++ /dev/null @@ -1,176 +0,0 @@ -.\" $OpenBSD: BIO_get_data.3,v 1.3 2018/03/23 23:18:17 schwarze Exp $ -.\" selective merge up to: OpenSSL e90fc053 Jul 15 09:39:45 2017 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Matt Caswell . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt BIO_GET_DATA 3 -.Os -.Sh NAME -.Nm BIO_set_data , -.Nm BIO_get_data , -.Nm BIO_set_init , -.Nm BIO_set_shutdown , -.Nm BIO_get_shutdown -.Nd manage BIO state information -.Sh SYNOPSIS -.In openssl/bio.h -.Ft void -.Fo BIO_set_data -.Fa "BIO *a" -.Fa "void *ptr" -.Fc -.Ft void * -.Fo BIO_get_data -.Fa "BIO *a" -.Fc -.Ft void -.Fo BIO_set_init -.Fa "BIO *a" -.Fa "int init" -.Fc -.Ft void -.Fo BIO_set_shutdown -.Fa "BIO *a" -.Fa "int shutdown" -.Fc -.Ft int -.Fo BIO_get_shutdown -.Fa "BIO *a" -.Fc -.Sh DESCRIPTION -These functions are mainly useful when implementing a custom BIO. -.Pp -The -.Fn BIO_set_data -function associates the custom data pointed to by -.Fa ptr -with the -.Fa "BIO a" . -This data can subsequently be retrieved via a call to -.Fn BIO_get_data . -This can be used by custom BIOs for storing implementation specific -information. -.Pp -The -.Fn BIO_set_init -function sets the -.Fa init -flag in -.Fa a -to the specified value. -A non-zero value indicates that initialisation is complete, -whilst zero indicates that it is not. -Often initialisation will complete -during initial construction of the BIO. -For some BIOs however, initialisation may not be complete until -additional steps have been taken, for example through calling custom -ctrls. -.Pp -The -.Fn BIO_set_shutdown -and -.Fn BIO_get_shutdown -functions are low-level interfaces to forcefully set and get the -.Fa shutdown -flag of -.Fa a , -circumventing type-dependent sanity checks, -exclusively intended for implementing a new BIO type. -The -.Fa shutdown -argument must be either -.Dv BIO_CLOSE -or -.Dv BIO_NOCLOSE . -When merely using a -.Vt BIO -object, call -.Xr BIO_set_close 3 -and -.Xr BIO_get_close 3 -instead. -.Sh RETURN VALUES -.Fn BIO_get_data -returns a pointer to the implementation specific custom data associated -with -.Fa a , -or -.Dv NULL -if none is set. -.Pp -.Fn BIO_get_shutdown -returns the value previously set with -.Fn BIO_set_shutdown -or with -.Xr BIO_set_close 3 . -.Sh SEE ALSO -.Xr BIO_meth_new 3 , -.Xr BIO_new 3 , -.Xr BIO_set_close 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/BIO_get_ex_new_index.3 b/src/lib/libcrypto/man/BIO_get_ex_new_index.3 deleted file mode 100644 index a0bed0ea1d..0000000000 --- a/src/lib/libcrypto/man/BIO_get_ex_new_index.3 +++ /dev/null @@ -1,192 +0,0 @@ -.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.12 2019/08/16 12:16:22 schwarze Exp $ -.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Rich Salz . -.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 16 2019 $ -.Dt BIO_GET_EX_NEW_INDEX 3 -.Os -.Sh NAME -.Nm BIO_get_ex_new_index , -.Nm BIO_set_ex_data , -.Nm BIO_get_ex_data , -.Nm ENGINE_get_ex_new_index , -.Nm ENGINE_set_ex_data , -.Nm ENGINE_get_ex_data , -.Nm UI_get_ex_new_index , -.Nm UI_set_ex_data , -.Nm UI_get_ex_data , -.Nm X509_get_ex_new_index , -.Nm X509_set_ex_data , -.Nm X509_get_ex_data , -.Nm EC_KEY_get_ex_new_index , -.Nm EC_KEY_get_ex_data , -.Nm EC_KEY_set_ex_data , -.Nm ECDH_get_ex_new_index , -.Nm ECDH_set_ex_data , -.Nm ECDH_get_ex_data , -.Nm ECDSA_get_ex_new_index , -.Nm ECDSA_set_ex_data , -.Nm ECDSA_get_ex_data -.Nd application-specific data -.Sh SYNOPSIS -.In openssl/bio.h -.In openssl/engine.h -.In openssl/ui.h -.In openssl/x509.h -.In openssl/ec.h -.In openssl/ecdh.h -.In openssl/ecdsa.h -.Ft int -.Fo TYPE_get_ex_new_index -.Fa "long argl" -.Fa "void *argp" -.Fa "CRYPTO_EX_new *new_func" -.Fa "CRYPTO_EX_dup *dup_func" -.Fa "CRYPTO_EX_free *free_func" -.Fc -.Ft int -.Fo TYPE_set_ex_data -.Fa "TYPE *d" -.Fa "int idx" -.Fa "void *arg" -.Fc -.Ft void * -.Fo TYPE_get_ex_data -.Fa "TYPE *d" -.Fa "int idx" -.Fc -.Sh DESCRIPTION -In the description here, -.Vt TYPE -is used a placeholder for any of the OpenSSL datatypes listed in -.Xr CRYPTO_get_ex_new_index 3 . -.Pp -These functions handle application-specific data in OpenSSL data -structures. -Their usage is identical to that of -.Xr RSA_get_ex_new_index 3 , -.Xr RSA_set_ex_data 3 , -and -.Xr RSA_get_ex_data 3 . -.Pp -.Fn TYPE_get_ex_new_index -is a macro that calls -.Xr CRYPTO_get_ex_new_index 3 -with the correct index value. -.Pp -.Fn TYPE_set_ex_data -is a function that calls -.Xr CRYPTO_set_ex_data 3 -with an offset into the opaque exdata part of the -.Vt TYPE -object. -.Pp -.Fn TYPE_get_ex_data -is a function that calls -.Xr CRYPTO_get_ex_data 3 -with an offset into the opaque exdata part of the -.Vt TYPE -object. -.Sh RETURN VALUES -.Fn TYPE_get_new_ex_index -returns a new index on success or \-1 on error. -.Pp -.Fn TYPE_set_ex_data -returns 1 on success or 0 on error. -.Pp -.Fn TYPE_get_ex_data -returns the application data or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr CRYPTO_get_ex_new_index 3 , -.Xr RSA_get_ex_new_index 3 , -.Xr X509_new 3 -.Sh HISTORY -.Fn BIO_get_ex_new_index , -.Fn BIO_set_ex_data , -and -.Fn BIO_get_ex_data -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_get_ex_new_index , -.Fn X509_set_ex_data , -and -.Fn X509_get_ex_data -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn ENGINE_get_ex_new_index , -.Fn ENGINE_set_ex_data , -.Fn ENGINE_get_ex_data , -.Fn UI_get_ex_new_index , -.Fn UI_set_ex_data , -and -.Fn UI_get_ex_data -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ECDH_get_ex_new_index , -.Fn ECDH_set_ex_data , -.Fn ECDH_get_ex_data , -.Fn ECDSA_get_ex_new_index , -.Fn ECDSA_set_ex_data , -and -.Fn ECDSA_get_ex_data -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn EC_KEY_get_ex_new_index , -.Fn EC_KEY_set_ex_data , -and -.Fn EC_KEY_get_ex_data -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.5 . diff --git a/src/lib/libcrypto/man/BIO_meth_new.3 b/src/lib/libcrypto/man/BIO_meth_new.3 deleted file mode 100644 index 2159560596..0000000000 --- a/src/lib/libcrypto/man/BIO_meth_new.3 +++ /dev/null @@ -1,367 +0,0 @@ -.\" $OpenBSD: BIO_meth_new.3,v 1.5 2018/07/09 09:52:18 tb Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Matt Caswell -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 9 2018 $ -.Dt BIO_METH_NEW 3 -.Os -.Sh NAME -.Nm BIO_get_new_index , -.Nm BIO_meth_new , -.Nm BIO_meth_free , -.Nm BIO_meth_get_write , -.Nm BIO_meth_set_write , -.Nm BIO_meth_get_read , -.Nm BIO_meth_set_read , -.Nm BIO_meth_get_puts , -.Nm BIO_meth_set_puts , -.Nm BIO_meth_get_gets , -.Nm BIO_meth_set_gets , -.Nm BIO_meth_get_ctrl , -.Nm BIO_meth_set_ctrl , -.Nm BIO_meth_get_create , -.Nm BIO_meth_set_create , -.Nm BIO_meth_get_destroy , -.Nm BIO_meth_set_destroy , -.Nm BIO_meth_get_callback_ctrl , -.Nm BIO_meth_set_callback_ctrl -.Nd manipulate BIO_METHOD structures -.Sh SYNOPSIS -.In openssl/bio.h -.Ft int -.Fn BIO_get_new_index void -.Ft BIO_METHOD * -.Fo BIO_meth_new -.Fa "int type" -.Fa "const char *name" -.Fc -.Ft void -.Fo BIO_meth_free -.Fa "BIO_METHOD *biom" -.Fc -.Ft int -.Fn "(*BIO_meth_get_write(const BIO_METHOD *biom))" "BIO *" "const char *" int -.Ft int -.Fo BIO_meth_set_write -.Fa "BIO_METHOD *biom" -.Fa "int (*write)(BIO *, const char *, int)" -.Fc -.Ft int -.Fn "(*BIO_meth_get_read(const BIO_METHOD *biom))" "BIO *" "char *" int -.Ft int -.Fo BIO_meth_set_read -.Fa "BIO_METHOD *biom" -.Fa "int (*read)(BIO *, char *, int)" -.Fc -.Ft int -.Fn "(*BIO_meth_get_puts(const BIO_METHOD *biom))" "BIO *" "const char *" -.Ft int -.Fo BIO_meth_set_puts -.Fa "BIO_METHOD *biom" -.Fa "int (*puts)(BIO *, const char *)" -.Fc -.Ft int -.Fn "(*BIO_meth_get_gets(const BIO_METHOD *biom))" "BIO *" "char *" int -.Ft int -.Fo BIO_meth_set_gets -.Fa "BIO_METHOD *biom" -.Fa "int (*gets)(BIO *, char *, int)" -.Fc -.Ft long -.Fn "(*BIO_meth_get_ctrl(const BIO_METHOD *biom))" "BIO *" int long "void *" -.Ft int -.Fo BIO_meth_set_ctrl -.Fa "BIO_METHOD *biom" -.Fa "long (*ctrl)(BIO *, int, long, void *)" -.Fc -.Ft int -.Fn "(*BIO_meth_get_create(const BIO_METHOD *biom))" "BIO *" -.Ft int -.Fo BIO_meth_set_create -.Fa "BIO_METHOD *biom" -.Fa "int (*create)(BIO *)" -.Fc -.Ft int -.Fn "(*BIO_meth_get_destroy(const BIO_METHOD *biom))" "BIO *" -.Ft int -.Fo BIO_meth_set_destroy -.Fa "BIO_METHOD *biom" -.Fa "int (*destroy)(BIO *)" -.Fc -.Ft long -.Fo "(*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))" -.Fa "BIO *" -.Fa int -.Fa "BIO_info_cb *" -.Fc -.Ft int -.Fo BIO_meth_set_callback_ctrl -.Fa "BIO_METHOD *biom" -.Fa "long (*callback_ctrl)(BIO *, int, BIO_info_cb *)" -.Fc -.Sh DESCRIPTION -The -.Vt BIO_METHOD -structure stores function pointers implementing a -.Vt BIO -type. -See -.Xr BIO_new 3 -for more information about -.Vt BIO -objects. -.Pp -.Fn BIO_meth_new -creates a new -.Vt BIO_METHOD -structure. -It requires a unique integer -.Fa type ; -use -.Fn BIO_get_new_index -to get the value for -.Fa type . -Currently, the user can only create up to 127 different BIO types, and -.Fa type -is limited to the range 129\(en255. -The -.Fa name -pointer is stored in the structure and will not be freed by -.Fn BIO_meth_free . -.Pp -The standard BIO types are listed in -.In openssl/bio.h . -Some examples include -.Dv BIO_TYPE_BUFFER -and -.Dv BIO_TYPE_CIPHER . -The -.Fa type -of filter BIOs should have the -.Dv BIO_TYPE_FILTER -bit set. -Source/sink BIOs should have the -.Dv BIO_TYPE_SOURCE_SINK -bit set. -File descriptor based BIOs (e.g. socket, fd, connect, accept etc.\&) -should additionally have the -.Dv BIO_TYPE_DESCRIPTOR -bit set. -See -.Xr BIO_find_type 3 -for more information. -.Pp -.Fn BIO_meth_free -is an alias for -.Xr free 3 . -.Pp -.Fn BIO_meth_get_write , -.Fn BIO_meth_set_write , -.Fn BIO_meth_get_read , -and -.Fn BIO_meth_set_read -get and set the functions -.Fa write -and -.Fa read -used for writing and reading arbitrary length data to and from the -.Vt BIO . -These functions are called from -.Xr BIO_write 3 -and -.Xr BIO_read 3 , -respectively. -The parameters and return values of -.Fa write -and -.Fa read -have the same meaning as for -.Xr BIO_write 3 -and -.Xr BIO_read 3 . -.Pp -.Fn BIO_meth_get_puts -and -.Fn BIO_meth_set_puts -get and set the function -.Fa puts -used for writing a NUL-terminated string to the -.Vt BIO . -This function is called from -.Xr BIO_puts 3 . -The parameters and the return value of -.Fa puts -have the same meaning as for -.Xr BIO_puts 3 . -.Pp -.Fn BIO_meth_get_gets -and -.Fn BIO_meth_set_gets -get and set the function -.Fa gets -used for reading a line of data from the -.Vt BIO . -This function is called from -.Xr BIO_gets 3 . -The parameters and the return value of -.Fa gets -have the same meaning as for -.Xr BIO_gets 3 . -.Pp -.Fn BIO_meth_get_ctrl -and -.Fn BIO_meth_set_ctrl -get and set the function -.Fa ctrl -used for processing control messages in the -.Vt BIO . -This function is called from -.Xr BIO_ctrl 3 . -The parameters and return value of -.Fa ctrl -have the same meaning as for -.Xr BIO_ctrl 3 . -.Pp -.Fn BIO_meth_get_create -and -.Fn BIO_meth_set_create -get and set a function -.Fa create -used while initializing a new instance of the -.Vt BIO . -This function is called from -.Xr BIO_new 3 . -The -.Xr BIO_new 3 -function allocates the memory for the new -.Vt BIO , -and a pointer to this newly allocated structure is passed -as the parameter to -.Fa create . -.Pp -.Fn BIO_meth_get_destroy -and -.Fn BIO_meth_set_destroy -get and set a function -.Fa destroy -used while destroying an instance of a -.Vt BIO . -This function is called from -.Xr BIO_free 3 . -A pointer to the -.Vt BIO -to be destroyed is passed as the parameter. -The -.Fa destroy -function is intended to perform clean-up specific to the -.Vt BIO -.Fa type . -The memory for the -.Vt BIO -itself must not be freed by this function. -.Pp -.Fn BIO_meth_get_callback_ctrl -and -.Fn BIO_meth_set_callback_ctrl -get and set the function -.Fa callback_ctrl -used for processing callback control messages in the -.Vt BIO . -This function is called from -.Xr BIO_callback_ctrl 3 . -The parameters and return value of -.Fa callback_ctrl -have the same meaning as for -.Xr BIO_callback_ctrl 3 . -.Sh RETURN VALUES -.Fn BIO_get_new_index -returns the new BIO type value or \-1 if an error occurs. -.Pp -.Fn BIO_meth_new -returns the new -.Vt BIO_METHOD -structure or -.Dv NULL -if an error occurs. -.Pp -The -.Fn BIO_meth_set_* -functions return 1 on success or 0 on error. -Currently, they cannot fail. -.Pp -The -.Fn BIO_meth_get_* -functions return function pointers. -.Sh SEE ALSO -.Xr BIO_ctrl 3 , -.Xr BIO_find_type 3 , -.Xr BIO_new 3 , -.Xr BIO_read 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/BIO_new.3 b/src/lib/libcrypto/man/BIO_new.3 deleted file mode 100644 index e7c08c99f1..0000000000 --- a/src/lib/libcrypto/man/BIO_new.3 +++ /dev/null @@ -1,276 +0,0 @@ -.\" $OpenBSD: BIO_new.3,v 1.21 2021/07/10 15:56:18 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL man3/BIO_new.pod fb46be03 Feb 26 11:51:31 2016 +0000 -.\" OpenSSL man7/bio.pod 631c37be Dec 12 16:56:50 2017 +0100 -.\" partial merge up to: -.\" OpenSSL man3/BIO_new.pod e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 10 2021 $ -.Dt BIO_NEW 3 -.Os -.Sh NAME -.Nm BIO_new , -.Nm BIO_up_ref , -.Nm BIO_set , -.Nm BIO_free , -.Nm BIO_vfree , -.Nm BIO_free_all -.Nd construct and destruct I/O abstraction objects -.Sh SYNOPSIS -.In openssl/bio.h -.Ft BIO * -.Fo BIO_new -.Fa "const BIO_METHOD *type" -.Fc -.Ft int -.Fo BIO_up_ref -.Fa "BIO *a" -.Fc -.Ft int -.Fo BIO_set -.Fa "BIO *a" -.Fa "const BIO_METHOD *type" -.Fc -.Ft int -.Fo BIO_free -.Fa "BIO *a" -.Fc -.Ft void -.Fo BIO_vfree -.Fa "BIO *a" -.Fc -.Ft void -.Fo BIO_free_all -.Fa "BIO *a" -.Fc -.Sh DESCRIPTION -A -.Vt BIO -is an I/O abstraction object, hiding many of the underlying I/O -details from an application. -If an application uses BIOs for its I/O, it can transparently handle -SSL connections, unencrypted network connections, and file I/O. -.Pp -The -.Fn BIO_new -function constructs a new -.Vt BIO -using the method -.Fa type -and sets its reference count to 1. -There are two groups of BIO types, source/sink BIOs and filter BIOs. -.Pp -Source/sink BIOs provide input or consume output. -Examples include socket BIOs and file BIOs. -.Pp -Filter BIOs take data from one BIO and pass it through to another, -or to the application, forming a chain of BIOs. -The data may be left unmodified (for example by a message digest BIO) -or translated (for example by an encryption BIO). -The effect of a filter BIO may change according to the I/O operation -it is performing: for example an encryption BIO encrypts data -if it is written to and decrypts data if it is read from. -.Pp -Some BIOs (such as memory BIOs) can be used immediately after calling -.Fn BIO_new . -Others (such as file BIOs) need some additional initialization, and -utility functions exists to construct and initialize such BIOs. -.Pp -Normally the -.Fa type -argument is supplied by a function which returns a pointer to a -.Vt BIO_METHOD . -There is a naming convention for such functions: -the methods for source/sink BIOs are called -.Fn BIO_s_* -and those for filter BIOs -.Fn BIO_f_* . -.Pp -.Fn BIO_up_ref -increments the reference count of -.Fa a -by 1. -.Pp -.Fn BIO_set -is a deprecated function to initialize an unused -.Vt BIO -structure located in static memory or on the stack, -to set its method to -.Fa type , -and to set its reference count to 1. -It must not be called on -.Vt BIO -objects created with -.Fn BIO_new , -nor on objects that were already used. -.Pp -.Fn BIO_free -and -.Fn BIO_vfree -decrement the reference count of -.Fa a -by 1, and if the reference count reaches 0, they destruct the single -.Vt BIO -.Fa a , -which may also have some effect on the -underlying I/O structure, for example it may close the file being -referred to under certain circumstances. -If -.Fa a -is a -.Dv NULL -pointer, no action occurs. -If -.Fn BIO_free -is called on a BIO chain, it destructs at most one BIO, -resulting in a memory leak. -.Pp -.Fn BIO_free_all -calls -.Fn BIO_free -on -.Fa a -and on all following -.Vt BIO -objects in the chain. -As soon as the reference count of a -.Vt BIO -is still non-zero after calling -.Fn BIO_free -on it, the function -.Fn BIO_free_all -returns right away and refrains from freeing the remaining -.Vt BIO -objects in the chain. -It does not halt if an error occurs -destructing an individual BIO in the chain. -If -.Fa a -is a -.Dv NULL -pointer, no action occurs. -Calling -.Fn BIO_free_all -on a single BIO has the same effect as -.Fn BIO_vfree . -.Pp -Common I/O functions are documented in -.Xr BIO_read 3 . -Forming chains is explained in -.Xr BIO_push 3 ; -inspecting them is explained in -.Xr BIO_find_type 3 . -For more details about the different kinds of BIOs, see the individual -.Vt BIO_METHOD -manual pages. -.Sh RETURN VALUES -.Fn BIO_new -returns a newly constructed -.Vt BIO -object or -.Dv NULL -on failure. -.Pp -.Fn BIO_up_ref , -.Fn BIO_set , -and -.Fn BIO_free -return 1 for success or 0 for failure. -.Sh EXAMPLES -Create a memory BIO: -.Pp -.Dl BIO *mem = BIO_new(BIO_s_mem()); -.Sh SEE ALSO -.Xr BIO_ctrl 3 , -.Xr BIO_dump 3 , -.Xr BIO_f_base64 3 , -.Xr BIO_f_buffer 3 , -.Xr BIO_f_cipher 3 , -.Xr BIO_f_md 3 , -.Xr BIO_f_null 3 , -.Xr BIO_f_ssl 3 , -.Xr BIO_find_type 3 , -.Xr BIO_get_ex_new_index 3 , -.Xr BIO_meth_new 3 , -.Xr BIO_new_CMS 3 , -.Xr BIO_printf 3 , -.Xr BIO_push 3 , -.Xr BIO_read 3 , -.Xr BIO_s_accept 3 , -.Xr BIO_s_bio 3 , -.Xr BIO_s_connect 3 , -.Xr BIO_s_fd 3 , -.Xr BIO_s_file 3 , -.Xr BIO_s_mem 3 , -.Xr BIO_s_null 3 , -.Xr BIO_s_socket 3 , -.Xr BIO_set_callback 3 , -.Xr BIO_set_data 3 , -.Xr BIO_should_retry 3 , -.Xr BUF_MEM_new 3 , -.Xr crypto 3 -.Sh HISTORY -.Fn BIO_new , -.Fn BIO_set , -and -.Fn BIO_free -first appeared in SSLeay 0.6.0. -.Fn BIO_free_all -first appeared in SSLeay 0.6.6. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn BIO_vfree -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . -.Pp -.Fn BIO_up_ref -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/BIO_new_CMS.3 b/src/lib/libcrypto/man/BIO_new_CMS.3 deleted file mode 100644 index a7c2c1b2c3..0000000000 --- a/src/lib/libcrypto/man/BIO_new_CMS.3 +++ /dev/null @@ -1,141 +0,0 @@ -.\" $OpenBSD: BIO_new_CMS.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL df75c2bfc Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt BIO_NEW_CMS 3 -.Os -.Sh NAME -.Nm BIO_new_CMS -.Nd CMS streaming filter BIO -.Sh SYNOPSIS -.In openssl/cms.h -.Ft BIO * -.Fo BIO_new_CMS -.Fa "BIO *out" -.Fa "CMS_ContentInfo *cms" -.Fc -.Sh DESCRIPTION -.Fn BIO_new_CMS -returns a streaming filter -.Vt BIO -chain based on -.Fa cms . -The output of the filter is written to -.Fa out . -Any data written to the chain is automatically translated -to a BER format CMS structure of the appropriate type. -.Pp -The chain returned by this function behaves like a standard filter -.Vt BIO . -It supports non blocking I/O. -Content is processed and streamed on the fly and not all held in memory -at once: so it is possible to encode very large structures. -After all content has been written through the chain, -.Xr BIO_flush 3 -must be called to finalise the structure. -.Pp -The -.Dv CMS_STREAM -flag must be included in the corresponding -.Fa flags -parameter of the -.Fa cms -creation function. -.Pp -If an application wishes to write additional data to -.Fa out , -BIOs should be removed from the chain using -.Xr BIO_pop 3 -and freed with -.Xr BIO_free 3 -until -.Fa out -is reached. -If no additional data needs to be written, -.Xr BIO_free_all 3 -can be called to free up the whole chain. -.Pp -Any content written through the filter is used verbatim: -no canonical translation is performed. -.Pp -It is possible to chain multiple BIOs to, for example, -create a triple wrapped signed, enveloped, signed structure. -In this case it is the application's responsibility -to set the inner content type of any outer -.Vt CMS_ContentInfo -structures. -.Pp -Large numbers of small writes through the chain should be avoided as this -will produce an output consisting of lots of OCTET STRING structures. -Prepending a -.Xr BIO_f_buffer 3 -buffering BIO will prevent this. -.Sh RETURN VALUES -.Fn BIO_new_CMS -returns a -.Vt BIO -chain when successful or -.Dv NULL -if an error occurred. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_encrypt 3 , -.Xr CMS_sign 3 -.Sh HISTORY -.Fn BIO_new_CMS -first appeared in OpenSSL 1.0.0 -and has been available since -.Ox 6.7 . -.Sh BUGS -There is currently no corresponding inverse BIO -which can decode a CMS structure on the fly. diff --git a/src/lib/libcrypto/man/BIO_printf.3 b/src/lib/libcrypto/man/BIO_printf.3 deleted file mode 100644 index 838b771be7..0000000000 --- a/src/lib/libcrypto/man/BIO_printf.3 +++ /dev/null @@ -1,97 +0,0 @@ -.\" $OpenBSD: BIO_printf.3,v 1.3 2018/03/22 17:11:04 schwarze Exp $ -.\" OpenSSL 2ca2e917 Mon Mar 20 16:25:22 2017 -0400 -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt BIO_PRINTF 3 -.Os -.Sh NAME -.Nm BIO_printf , -.Nm BIO_vprintf , -.Nm BIO_snprintf , -.Nm BIO_vsnprintf -.Nd formatted output to a BIO -.Sh SYNOPSIS -.In openssl/bio.h -.Ft int -.Fo BIO_printf -.Fa "BIO *bio" -.Fa "const char *format" -.Fa ... -.Fc -.Ft int -.Fo BIO_vprintf -.Fa "BIO *bio" -.Fa "const char *format" -.Fa "va_list args" -.Fc -.Ft int -.Fo BIO_snprintf -.Fa "char *buf" -.Fa "size_t n" -.Fa "const char *format" -.Fa ... -.Fc -.Ft int -.Fo BIO_vsnprintf -.Fa "char *buf" -.Fa "size_t n" -.Fa "const char *format" -.Fa "va_list args" -.Fc -.Sh DESCRIPTION -.Fn BIO_vprintf -is a wrapper around -.Xr vfprintf 3 , -sending the output to the specified -.Fa bio . -.Pp -.Fn BIO_printf -is a wrapper around -.Fn BIO_vprintf . -.Pp -.Fn BIO_snprintf -and -.Fn BIO_vsnprintf -are wrappers around -.Xr vsnprintf 3 . -.Sh RETURN VALUES -These functions return the number of bytes written, -or -1 if an error occurs. -.Pp -In contrast to -.Xr snprintf 3 -and -.Xr vsnprintf 3 , -.Fn BIO_snprintf -and -.Fn BIO_vsnprintf -also return -1 if -.Fa n -is too small to hold the complete output. -.Sh SEE ALSO -.Xr BIO_new 3 -.Sh HISTORY -.Fn BIO_printf -first appeared in SSLeay 0.6.5 and has been available since -.Ox 2.4 . -.Pp -.Fn BIO_vprintf , -.Fn BIO_snprintf , -and -.Fn BIO_vsnprintf -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . diff --git a/src/lib/libcrypto/man/BIO_push.3 b/src/lib/libcrypto/man/BIO_push.3 deleted file mode 100644 index 768f4d8579..0000000000 --- a/src/lib/libcrypto/man/BIO_push.3 +++ /dev/null @@ -1,185 +0,0 @@ -.\" $OpenBSD: BIO_push.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL doc/man3/BIO_push.pod 76ed5a42 Jun 29 13:38:55 2014 +0100 -.\" OpenSSL doc/man7/bio.pod a9c85cea Nov 11 09:33:55 2016 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt BIO_PUSH 3 -.Os -.Sh NAME -.Nm BIO_push , -.Nm BIO_pop -.Nd add and remove BIOs from a chain -.Sh SYNOPSIS -.In openssl/bio.h -.Ft BIO * -.Fo BIO_push -.Fa "BIO *b" -.Fa "BIO *append" -.Fc -.Ft BIO * -.Fo BIO_pop -.Fa "BIO *b" -.Fc -.Sh DESCRIPTION -BIOs can be joined together to form chains. -A chain normally consist of one or more filter BIOs -and one source/sink BIO at the end. -Data read from or written to the first BIO traverses the chain -to the end. -A single BIO can be regarded as a chain with one component. -.Pp -The -.Fn BIO_push -function appends the BIO -.Fa append -to -.Fa b -and returns -.Fa b . -.Pp -.Fn BIO_pop -removes the BIO -.Fa b -from a chain and returns the next BIO in the chain, or -.Dv NULL -if there is no next BIO. -The removed BIO then becomes a single BIO with no association with the -original chain. -it can thus be freed or attached to a different chain. -.Pp -The names of these functions are perhaps a little misleading. -.Fn BIO_push -joins two BIO chains whereas -.Fn BIO_pop -deletes a single BIO from a chain; -the deleted BIO does not need to be at the end of a chain. -.Pp -The process of calling -.Fn BIO_push -and -.Fn BIO_pop -on a BIO may have additional consequences: a -.Xr BIO_ctrl 3 -call is made to the affected BIOs. -Any effects will be noted in the descriptions of individual BIOs. -.Sh RETURN VALUES -.Fn BIO_push -returns the beginning of the chain, -.Fa b . -.Pp -.Fn BIO_pop -returns the next BIO in the chain, or -.Dv NULL -if there is no next BIO. -.Sh EXAMPLES -For these examples suppose -.Sy md1 -and -.Sy md2 -are digest BIOs, -.Sy b64 -is a Base64 BIO and -.Sy f -is a file BIO. -.Pp -If the call -.Pp -.Dl BIO_push(b64, f); -.Pp -is made then the new chain will be -.Sy b64-f . -After making the calls -.Bd -literal -offset indent -BIO_push(md2, b64); -BIO_push(md1, md2); -.Ed -.Pp -the new chain is -.Sy md1-md2-b64-f . -Data written to -.Sy md1 -will be digested -by -.Sy md1 -and -.Sy md2 , -Base64-encoded and written to -.Sy f . -.Pp -It should be noted that reading causes data to pass -in the reverse direction. -That is, data is read from -.Sy f , -Base64-decoded and digested by -.Sy md1 -and -.Sy md2 . -If this call is made: -.Pp -.Dl BIO_pop(md2); -.Pp -The call will return -.Sy b64 -and the new chain will be -.Sy md1-b64-f ; -data can be written to -.Sy md1 -as before. -.Sh SEE ALSO -.Xr BIO_find_type 3 , -.Xr BIO_new 3 , -.Xr BIO_read 3 -.Sh HISTORY -.Fn BIO_push -first appeared in SSLeay 0.6.0. -.Fn BIO_pop -first appeared in SSLeay 0.6.4. -Both functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_read.3 b/src/lib/libcrypto/man/BIO_read.3 deleted file mode 100644 index 97514a610a..0000000000 --- a/src/lib/libcrypto/man/BIO_read.3 +++ /dev/null @@ -1,178 +0,0 @@ -.\" $OpenBSD: BIO_read.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt BIO_READ 3 -.Os -.Sh NAME -.Nm BIO_read , -.Nm BIO_gets , -.Nm BIO_write , -.Nm BIO_puts -.Nd BIO I/O functions -.Sh SYNOPSIS -.In openssl/bio.h -.Ft int -.Fo BIO_read -.Fa "BIO *b" -.Fa "void *buf" -.Fa "int len" -.Fc -.Ft int -.Fo BIO_gets -.Fa "BIO *b" -.Fa "char *buf" -.Fa "int size" -.Fc -.Ft int -.Fo BIO_write -.Fa "BIO *b" -.Fa "const void *buf" -.Fa "int len" -.Fc -.Ft int -.Fo BIO_puts -.Fa "BIO *b" -.Fa "const char *buf" -.Fc -.Sh DESCRIPTION -.Fn BIO_read -attempts to read -.Fa len -bytes from BIO -.Fa b -and places the data in -.Fa buf . -.Pp -.Fn BIO_gets -performs the BIOs "gets" operation and places the data in -.Fa buf . -Usually this operation will attempt to read a line of data -from the BIO of maximum length -.Fa len No - 1 . -There are exceptions to this however, for example -.Fn BIO_gets -on a digest BIO will calculate and return the digest -and other BIOs may not support -.Fn BIO_gets -at all. -The returned string is always NUL-terminated. -.Pp -.Fn BIO_write -attempts to write -.Fa len -bytes from -.Fa buf -to BIO -.Fa b . -.Pp -.Fn BIO_puts -attempts to write a null terminated string -.Fa buf -to BIO -.Fa b . -.Pp -One technique sometimes used with blocking sockets -is to use a system call (such as -.Xr select 2 , -.Xr poll 2 -or equivalent) to determine when data is available and then call -.Xr read 2 -to read the data. -The equivalent with BIOs (that is call -.Xr select 2 -on the underlying I/O structure and then call -.Fn BIO_read -to read the data) should -.Em not -be used because a single call to -.Fn BIO_read -can cause several reads (and writes in the case of SSL BIOs) -on the underlying I/O structure and may block as a result. -Instead -.Xr select 2 -(or equivalent) should be combined with non-blocking I/O -so successive reads will request a retry instead of blocking. -.Pp -See -.Xr BIO_should_retry 3 -for details of how to determine the cause of a retry and other I/O issues. -.Pp -If the -.Fn BIO_gets -function is not supported by a BIO then it is possible to -work around this by adding a buffering BIO -.Xr BIO_f_buffer 3 -to the chain. -.Sh RETURN VALUES -All these functions return either the amount of data successfully -read or written (if the return value is positive) or that no data -was successfully read or written if the result is 0 or -1. -If the return value is -2, then the operation is not implemented -in the specific BIO type. -The trailing NUL is not included in the length returned by -.Fn BIO_gets . -.Pp -A 0 or -1 return is not necessarily an indication of an error. -In particular when the source/sink is non-blocking or of a certain type -it may merely be an indication that no data is currently available and that -the application should retry the operation later. -.Sh SEE ALSO -.Xr BIO_meth_new 3 , -.Xr BIO_new 3 , -.Xr BIO_should_retry 3 -.Sh HISTORY -.Fn BIO_read , -.Fn BIO_gets , -.Fn BIO_write , -and -.Fn BIO_puts -first appeared in SSLeay 0.6.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_s_accept.3 b/src/lib/libcrypto/man/BIO_s_accept.3 deleted file mode 100644 index 4ead28b62f..0000000000 --- a/src/lib/libcrypto/man/BIO_s_accept.3 +++ /dev/null @@ -1,376 +0,0 @@ -.\" $OpenBSD: BIO_s_accept.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $ -.\" OpenSSL c03726ca Thu Aug 27 12:28:08 2015 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2014, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 12 2018 $ -.Dt BIO_S_ACCEPT 3 -.Os -.Sh NAME -.Nm BIO_s_accept , -.Nm BIO_set_accept_port , -.Nm BIO_get_accept_port , -.Nm BIO_new_accept , -.Nm BIO_set_nbio_accept , -.Nm BIO_set_accept_bios , -.Nm BIO_set_bind_mode , -.Nm BIO_get_bind_mode , -.Nm BIO_do_accept -.Nd accept BIO -.Sh SYNOPSIS -.In openssl/bio.h -.Ft const BIO_METHOD * -.Fo BIO_s_accept -.Fa void -.Fc -.Ft long -.Fo BIO_set_accept_port -.Fa "BIO *b" -.Fa "char *name" -.Fc -.Ft char * -.Fo BIO_get_accept_port -.Fa "BIO *b" -.Fc -.Ft BIO * -.Fo BIO_new_accept -.Fa "const char *host_port" -.Fc -.Ft long -.Fo BIO_set_nbio_accept -.Fa "BIO *b" -.Fa "int n" -.Fc -.Ft long -.Fo BIO_set_accept_bios -.Fa "BIO *b" -.Fa "char *bio" -.Fc -.Ft long -.Fo BIO_set_bind_mode -.Fa "BIO *b" -.Fa "long mode" -.Fc -.Ft long -.Fo BIO_get_bind_mode -.Fa "BIO *b" -.Fa "long dummy" -.Fc -.Fd #define BIO_BIND_NORMAL 0 -.Fd #define BIO_BIND_REUSEADDR_IF_UNUSED 1 -.Fd #define BIO_BIND_REUSEADDR 2 -.Ft int -.Fo BIO_do_accept -.Fa "BIO *b" -.Fc -.Sh DESCRIPTION -.Fn BIO_s_accept -returns the accept BIO method. -This is a wrapper round the platform's TCP/IP socket -.Xr accept 2 -routines. -.Pp -Using accept BIOs, TCP/IP connections can be accepted -and data transferred using only BIO routines. -In this way any platform specific operations -are hidden by the BIO abstraction. -.Pp -Read and write operations on an accept BIO -will perform I/O on the underlying connection. -If no connection is established and the port (see below) is set up -properly then the BIO waits for an incoming connection. -.Pp -Accept BIOs support -.Xr BIO_puts 3 -but not -.Xr BIO_gets 3 . -.Pp -If the close flag is set on an accept BIO, then any active -connection on that chain is shut down and the socket closed when -the BIO is freed. -.Pp -Calling -.Xr BIO_reset 3 -on an accept BIO will close any active connection and reset the BIO -into a state where it awaits another incoming connection. -.Pp -.Xr BIO_get_fd 3 -and -.Xr BIO_set_fd 3 -can be called to retrieve or set the accept socket. -See -.Xr BIO_s_fd 3 . -.Pp -.Fn BIO_set_accept_port -uses the string -.Fa name -to set the accept port. -The port is represented as a string of the form -.Ar host : Ns Ar port , -where -.Ar host -is the interface to use and -.Ar port -is the port. -The host can be -.Qq * , -which is interpreted as meaning any interface; -.Ar port -has the same syntax as the port specified in -.Xr BIO_set_conn_port 3 -for connect BIOs. -It can be a numerical port string or a string to look up using -.Xr getservbyname 3 -and a string table. -.Pp -.Fn BIO_new_accept -combines -.Xr BIO_new 3 -and -.Fn BIO_set_accept_port -into a single call. -It creates a new accept BIO with port -.Fa host_port . -.Pp -.Fn BIO_set_nbio_accept -sets the accept socket to blocking mode (the default) if -.Fa n -is 0 or non-blocking mode if -.Fa n -is 1. -.Pp -.Fn BIO_set_accept_bios -can be used to set a chain of BIOs which will be duplicated -and prepended to the chain when an incoming connection is received. -This is useful if, for example, a buffering or SSL BIO -is required for each connection. -The chain of BIOs must not be freed after this call - -they will be automatically freed when the accept BIO is freed. -.Pp -.Fn BIO_set_bind_mode -and -.Fn BIO_get_bind_mode -set and retrieve the current bind mode. -If -.Dv BIO_BIND_NORMAL Pq the default -is set, then another socket cannot be bound to the same port. -If -.Dv BIO_BIND_REUSEADDR -is set, then other sockets can bind to the same port. -If -.Dv BIO_BIND_REUSEADDR_IF_UNUSED -is set, then an attempt is first made to use -.Dv BIO_BIN_NORMAL ; -if this fails and the port is not in use, -then a second attempt is made using -.Dv BIO_BIND_REUSEADDR . -.Pp -.Fn BIO_do_accept -serves two purposes. -When it is first called, after the accept BIO has been set up, -it will attempt to create the accept socket and bind an address to it. -Second and subsequent calls to -.Fn BIO_do_accept -will await an incoming connection, or request a retry in non-blocking mode. -.Sh NOTES -When an accept BIO is at the end of a chain, it will await an -incoming connection before processing I/O calls. -When an accept BIO is not at then end of a chain, -it passes I/O calls to the next BIO in the chain. -.Pp -When a connection is established a new socket BIO is created -for the connection and appended to the chain. -That is the chain is now accept->socket. -This effectively means that attempting I/O on an initial accept -socket will await an incoming connection then perform I/O on it. -.Pp -If any additional BIOs have been set using -.Fn BIO_set_accept_bios , -then they are placed between the socket and the accept BIO; -that is, the chain will be accept->otherbios->socket. -.Pp -If a server wishes to process multiple connections (as is normally -the case), then the accept BIO must be made available for further -incoming connections. -This can be done by waiting for a connection and then calling: -.Pp -.Dl connection = BIO_pop(accept); -.Pp -After this call, -.Sy connection -will contain a BIO for the recently established connection and -.Sy accept -will now be a single BIO again which can be used -to await further incoming connections. -If no further connections will be accepted, the -.Sy accept -can be freed using -.Xr BIO_free 3 . -.Pp -If only a single connection will be processed, -it is possible to perform I/O using the accept BIO itself. -This is often undesirable however because the accept BIO -will still accept additional incoming connections. -This can be resolved by using -.Xr BIO_pop 3 -(see above) and freeing up the accept BIO after the initial connection. -.Pp -If the underlying accept socket is non-blocking and -.Fn BIO_do_accept -is called to await an incoming connection, it is possible for -.Xr BIO_should_io_special 3 -with the reason -.Dv BIO_RR_ACCEPT . -If this happens, then it is an indication that an accept attempt -would block: the application should take appropriate action -to wait until the underlying socket has accepted a connection -and retry the call. -.Pp -.Fn BIO_set_accept_port , -.Fn BIO_get_accept_port , -.Fn BIO_set_nbio_accept , -.Fn BIO_set_accept_bios , -.Fn BIO_set_bind_mode , -.Fn BIO_get_bind_mode , -and -.Fn BIO_do_accept -are macros. -.Sh RETURN VALUES -.Fn BIO_do_accept , -.Fn BIO_set_accept_port , -.Fn BIO_set_nbio_accept , -.Fn BIO_set_accept_bios , -and -.Fn BIO_set_bind_mode -return 1 for success or 0 or -1 for failure. -.Pp -.Fn BIO_get_accept_port -returns the port as a string or -.Dv NULL -on error. -.Pp -.Fn BIO_get_bind_mode -returns the set of BIO_BIND flags or -1 on failure. -.Pp -.Fn BIO_new_accept -returns a -.Vt BIO -or -.Dv NULL -on error. -.Sh EXAMPLES -This example accepts two connections on port 4444, -sends messages down each and finally closes both down. -.Bd -literal -offset 2n -BIO *abio, *cbio, *cbio2; -ERR_load_crypto_strings(); -abio = BIO_new_accept("4444"); - -/* First call to BIO_accept() sets up accept BIO */ -if (BIO_do_accept(abio) <= 0) { - fprintf(stderr, "Error setting up accept\en"); - ERR_print_errors_fp(stderr); - exit(0); -} - -/* Wait for incoming connection */ -if (BIO_do_accept(abio) <= 0) { - fprintf(stderr, "Error accepting connection\en"); - ERR_print_errors_fp(stderr); - exit(0); -} -fprintf(stderr, "Connection 1 established\en"); - -/* Retrieve BIO for connection */ -cbio = BIO_pop(abio); - -BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en"); -fprintf(stderr, "Sent out data on connection 1\en"); - -/* Wait for another connection */ -if (BIO_do_accept(abio) <= 0) { - fprintf(stderr, "Error accepting connection\en"); - ERR_print_errors_fp(stderr); - exit(0); -} -fprintf(stderr, "Connection 2 established\en"); - -/* Close accept BIO to refuse further connections */ -cbio2 = BIO_pop(abio); -BIO_free(abio); - -BIO_puts(cbio2, "Connection 2: Sending out Data on second\en"); -fprintf(stderr, "Sent out data on connection 2\en"); -BIO_puts(cbio, "Connection 1: Second connection established\en"); - -/* Close the two established connections */ -BIO_free(cbio); -BIO_free(cbio2); -.Ed -.Sh SEE ALSO -.Xr BIO_new 3 -.Sh HISTORY -.Fn BIO_s_accept , -.Fn BIO_set_accept_port , -.Fn BIO_new_accept , -.Fn BIO_set_accept_bios , -and -.Fn BIO_do_accept -first appeared in SSLeay 0.8.0. -.Fn BIO_set_nbio_accept -and -.Fn BIO_get_accept_port -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn BIO_set_bind_mode -and -.Fn BIO_get_bind_mode -first appeared in SSLeay 0.9.1 and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BIO_s_bio.3 b/src/lib/libcrypto/man/BIO_s_bio.3 deleted file mode 100644 index 171207dfe1..0000000000 --- a/src/lib/libcrypto/man/BIO_s_bio.3 +++ /dev/null @@ -1,392 +0,0 @@ -.\" $OpenBSD: BIO_s_bio.3,v 1.13 2018/05/01 17:05:05 schwarze Exp $ -.\" OpenSSL c03726ca Aug 27 12:28:08 2015 -0400 -.\" -.\" This file was written by -.\" Lutz Jaenicke , -.\" Dr. Stephen Henson , -.\" Bodo Moeller , -.\" and Richard Levitte . -.\" Copyright (c) 2000, 2002, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 1 2018 $ -.Dt BIO_S_BIO 3 -.Os -.Sh NAME -.Nm BIO_s_bio , -.Nm BIO_make_bio_pair , -.Nm BIO_destroy_bio_pair , -.Nm BIO_shutdown_wr , -.Nm BIO_set_write_buf_size , -.Nm BIO_get_write_buf_size , -.Nm BIO_new_bio_pair , -.Nm BIO_get_write_guarantee , -.Nm BIO_ctrl_get_write_guarantee , -.Nm BIO_get_read_request , -.Nm BIO_ctrl_get_read_request , -.Nm BIO_ctrl_reset_read_request -.Nd BIO pair BIO -.Sh SYNOPSIS -.In openssl/bio.h -.Ft const BIO_METHOD * -.Fo BIO_s_bio -.Fa void -.Fc -.Ft int -.Fo BIO_make_bio_pair -.Fa "BIO *b1" -.Fa "BIO *b2" -.Fc -.Ft int -.Fo BIO_destroy_bio_pair -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_shutdown_wr -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_set_write_buf_size -.Fa "BIO *b" -.Fa "long size" -.Fc -.Ft size_t -.Fo BIO_get_write_buf_size -.Fa "BIO *b" -.Fa "long size" -.Fc -.Ft int -.Fo BIO_new_bio_pair -.Fa "BIO **bio1" -.Fa "size_t writebuf1" -.Fa "BIO **bio2" -.Fa "size_t writebuf2" -.Fc -.Ft size_t -.Fo BIO_get_write_guarantee -.Fa "BIO *b" -.Fc -.Ft size_t -.Fo BIO_ctrl_get_write_guarantee -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_get_read_request -.Fa "BIO *b" -.Fc -.Ft size_t -.Fo BIO_ctrl_get_read_request -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_ctrl_reset_read_request -.Fa "BIO *b" -.Fc -.Sh DESCRIPTION -.Fn BIO_s_bio -returns the method for a BIO pair. -A BIO pair is a pair of source/sink BIOs where data written to either -half of the pair is buffered and can be read from the other half. -Both halves must usually be handled by the same application thread -since no locking is done on the internal data structures. -.Pp -Since BIO chains typically end in a source/sink BIO, -it is possible to make this one half of a BIO pair and -have all the data processed by the chain under application control. -.Pp -One typical use of BIO pairs is -to place TLS/SSL I/O under application control. -This can be used when the application wishes to use a non-standard -transport for TLS/SSL or the normal socket routines are inappropriate. -.Pp -Calls to -.Xr BIO_read 3 -will read data from the buffer or request a retry if no data is available. -.Pp -Calls to -.Xr BIO_write 3 -will place data in the buffer or request a retry if the buffer is full. -.Pp -The standard calls -.Xr BIO_ctrl_pending 3 -and -.Xr BIO_ctrl_wpending 3 -can be used to determine the amount of pending data -in the read or write buffer. -.Pp -.Xr BIO_reset 3 -clears any data in the write buffer. -.Pp -.Fn BIO_make_bio_pair -joins two separate BIOs into a connected pair. -.Pp -.Fn BIO_destroy_pair -destroys the association between two connected BIOs. -Freeing up any half of the pair will automatically destroy the association. -.Pp -.Fn BIO_shutdown_wr -is used to close down a BIO -.Fa b . -After this call no further writes on BIO -.Fa b -are allowed; they will return an error. -Reads on the other half of the pair will return any pending data -or EOF when all pending data has been read. -.Pp -.Fn BIO_set_write_buf_size -sets the write buffer size of BIO -.Fa b -to -.Fa size . -If the size is not initialized a default value is used. -This is currently 17K, sufficient for a maximum size TLS record. -.Pp -.Fn BIO_get_write_buf_size -returns the size of the write buffer. -.Pp -.Fn BIO_new_bio_pair -combines the calls to -.Xr BIO_new 3 , -.Fn BIO_make_bio_pair -and -.Fn BIO_set_write_buf_size -to create a connected pair of BIOs -.Fa bio1 -and -.Fa bio2 -with write buffer sizes -.Fa writebuf1 -and -.Fa writebuf2 . -If either size is zero, then the default size is used. -.Fn BIO_new_bio_pair -does not check whether -.Fa bio1 -or -.Fa bio2 -point to some other BIO; the values are overwritten and -.Xr BIO_free 3 -is not called. -.Pp -.Fn BIO_get_write_guarantee -and -.Fn BIO_ctrl_get_write_guarantee -return the maximum length of data -that can be currently written to the BIO. -Writes larger than this value will return a value from -.Xr BIO_write 3 -less than the amount requested or if the buffer is full request a retry. -.Fn BIO_ctrl_get_write_guarantee -is a function whereas -.Fn BIO_get_write_guarantee -is a macro. -.Pp -.Fn BIO_get_read_request -and -.Fn BIO_ctrl_get_read_request -return the amount of data requested, or the buffer size if it is less, -if the last read attempt at the other half of the BIO pair failed -due to an empty buffer. -This can be used to determine how much data should be -written to the BIO so the next read will succeed: -this is most useful in TLS/SSL applications where the amount of -data read is usually meaningful rather than just a buffer size. -After a successful read this call will return zero. -It also will return zero once new data has been written -satisfying the read request or part of it. -Note that -.Fn BIO_get_read_request -never returns an amount larger than that returned by -.Fn BIO_get_write_guarantee . -.Pp -.Fn BIO_ctrl_reset_read_request -can also be used to reset the value returned by -.Fn BIO_get_read_request -to zero. -.Pp -Both halves of a BIO pair should be freed. -Even if one half is implicitly freed due to a -.Xr BIO_free_all 3 -or -.Xr SSL_free 3 -call, the other half still needs to be freed. -.Pp -When used in bidirectional applications (such as TLS/SSL) -care should be taken to flush any data in the write buffer. -This can be done by calling -.Xr BIO_pending 3 -on the other half of the pair and, if any data is pending, -reading it and sending it to the underlying transport. -This must be done before any normal processing (such as calling -.Xr select 2 ) -due to a request and -.Xr BIO_should_read 3 -being true. -.Pp -To see why this is important, -consider a case where a request is sent using -.Xr BIO_write 3 -and a response read with -.Xr BIO_read 3 , -this can occur during a TLS/SSL handshake for example. -.Xr BIO_write 3 -will succeed and place data in the write buffer. -.Xr BIO_read 3 -will initially fail and -.Xr BIO_should_read 3 -will be true. -If the application then waits for data to become available -on the underlying transport before flushing the write buffer, -it will never succeed because the request was never sent. -.Pp -.Xr BIO_eof 3 -is true if no data is in the peer BIO and the peer BIO has been shutdown. -.Pp -.Fn BIO_make_bio_pair , -.Fn BIO_destroy_bio_pair , -.Fn BIO_shutdown_wr , -.Fn BIO_set_write_buf_size , -.Fn BIO_get_write_buf_size , -.Fn BIO_get_write_guarantee , -and -.Fn BIO_get_read_request -are implemented as macros. -.Sh RETURN VALUES -.Fn BIO_new_bio_pair -returns 1 on success, with the new BIOs available in -.Fa bio1 -and -.Fa bio2 , -or 0 on failure, with NULL pointers stored into the locations for -.Fa bio1 -and -.Fa bio2 . -Check the error stack for more information. -.\" XXX More return values need to be added here. -.Sh EXAMPLES -The BIO pair can be used to have full control -over the network access of an application. -The application can call -.Xr select 2 -on the socket as required without having to go through the SSL interface. -.Bd -literal -offset 2n -BIO *internal_bio, *network_bio; -\&... -BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); -SSL_set_bio(ssl, internal_bio, internal_bio); -SSL_operations(); /* e.g. SSL_read() and SSL_write() */ -\&... - -application | TLS-engine - | | - +----------> SSL_operations() - | /\e || - | || \e/ - | BIO-pair (internal_bio) - | BIO-pair (network_bio) - | || /\e - | \e/ || - +-----------< BIO_operations() - | | - socket | - -\&... -SSL_free(ssl); /* implicitly frees internal_bio */ -BIO_free(network_bio); -\&... -.Ed -.Pp -As the BIO pair will only buffer the data and never directly access -the connection, it behaves non-blocking and will return as soon as -the write buffer is full or the read buffer is drained. -Then the application has to flush the write buffer -and/or fill the read buffer. -.Pp -Use -.Xr BIO_ctrl_pending 3 -to find out whether data is buffered in the BIO -and must be transferred to the network. -Use -.Fn BIO_ctrl_get_read_request -to find out how many bytes must be written into the buffer before the -SSL operations can successfully be continued. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr BIO_read 3 , -.Xr BIO_should_retry 3 , -.Xr ssl 3 , -.Xr SSL_set_bio 3 -.Sh HISTORY -.Fn BIO_s_bio , -.Fn BIO_make_bio_pair , -.Fn BIO_destroy_bio_pair , -.Fn BIO_set_write_buf_size , -.Fn BIO_get_write_buf_size , -.Fn BIO_new_bio_pair , -.Fn BIO_get_write_guarantee , -.Fn BIO_ctrl_get_write_guarantee , -.Fn BIO_get_read_request , -and -.Fn BIO_ctrl_reset_read_request -first appeared in OpenSSL 0.9.4 and have been available since -.Ox 2.6 . -.Pp -.Fn BIO_ctrl_reset_read_request -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn BIO_shutdown_wr -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . -.Sh CAVEATS -As the data is buffered, SSL operations may return with an -.Dv ERROR_SSL_WANT_READ -condition, but there is still data in the write buffer. -An application must not rely on the error value of the SSL operation -but must assure that the write buffer is always flushed first. -Otherwise a deadlock may occur as the peer might be waiting -for the data before being able to continue. diff --git a/src/lib/libcrypto/man/BIO_s_connect.3 b/src/lib/libcrypto/man/BIO_s_connect.3 deleted file mode 100644 index 7ddde85f53..0000000000 --- a/src/lib/libcrypto/man/BIO_s_connect.3 +++ /dev/null @@ -1,390 +0,0 @@ -.\" $OpenBSD: BIO_s_connect.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $ -.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 12 2018 $ -.Dt BIO_S_CONNECT 3 -.Os -.Sh NAME -.Nm BIO_s_connect , -.Nm BIO_new_connect , -.Nm BIO_set_conn_hostname , -.Nm BIO_set_conn_port , -.Nm BIO_set_conn_ip , -.Nm BIO_set_conn_int_port , -.Nm BIO_get_conn_hostname , -.Nm BIO_get_conn_port , -.Nm BIO_get_conn_ip , -.Nm BIO_get_conn_int_port , -.Nm BIO_set_nbio , -.Nm BIO_do_connect -.Nd connect BIO -.Sh SYNOPSIS -.In openssl/bio.h -.Ft const BIO_METHOD * -.Fo BIO_s_connect -.Fa void -.Fc -.Ft BIO * -.Fo BIO_new_connect -.Fa "const char *name" -.Fc -.Ft long -.Fo BIO_set_conn_hostname -.Fa "BIO *b" -.Fa "char *name" -.Fc -.Ft long -.Fo BIO_set_conn_port -.Fa "BIO *b" -.Fa "char *port" -.Fc -.Ft long -.Fo BIO_set_conn_ip -.Fa "BIO *b" -.Fa "char *ip" -.Fc -.Ft long -.Fo BIO_set_conn_int_port -.Fa "BIO *b" -.Fa "char *port" -.Fc -.Ft char * -.Fo BIO_get_conn_hostname -.Fa "BIO *b" -.Fc -.Ft char * -.Fo BIO_get_conn_port -.Fa "BIO *b" -.Fc -.Ft char * -.Fo BIO_get_conn_ip -.Fa "BIO *b" -.Fa "dummy" -.Fc -.Ft long -.Fo BIO_get_conn_int_port -.Fa "BIO *b" -.Fa "int port" -.Fc -.Ft long -.Fo BIO_set_nbio -.Fa "BIO *b" -.Fa "long n" -.Fc -.Ft int -.Fo BIO_do_connect -.Fa "BIO *b" -.Fc -.Sh DESCRIPTION -.Fn BIO_s_connect -returns the connect BIO method. -This is a wrapper around the platform's TCP/IP socket connection routines. -.Pp -Using connect BIOs, TCP/IP connections can be made and data -transferred using only BIO routines. -In this way any platform specific operations -are hidden by the BIO abstraction. -.Pp -Read and write operations on a connect BIO will perform I/O -on the underlying connection. -If no connection is established and the port and hostname (see below) -is set up properly, then a connection is established first. -.Pp -Connect BIOs support -.Xr BIO_puts 3 -but not -.Xr BIO_gets 3 . -.Pp -If the close flag is set on a connect BIO, then any active connection -is shutdown and the socket closed when the BIO is freed. -.Pp -Calling -.Xr BIO_reset 3 -on a connect BIO will close any active connection and reset the BIO -into a state where it can connect to the same host again. -.Pp -.Xr BIO_get_fd 3 -places the underlying socket in -.Fa c -if it is not -.Dv NULL -and also returns the socket. -If -.Fa c -is not -.Dv NULL -it should be of type -.Vt "int *" . -.Pp -.Fn BIO_set_conn_hostname -uses the string -.Fa name -to set the hostname. -The hostname can be an IP address. -The hostname can also include the port in the form -.Ar hostname : Ns Ar port . -It is also acceptable to use the forms -.Ar hostname Ns / Ns Pa any/other/path -or -.Ar hostname : Ns Ar port Ns / Ns Pa any/other/path . -.Pp -.Fn BIO_set_conn_port -sets the port to -.Fa port . -.Fa port -is looked up as a service using -.Xr getaddrinfo 3 -.Pp -.Fn BIO_set_conn_ip -sets the IP address to -.Fa ip -using binary form i.e. four bytes specifying the IP address -in big-endian form. -.Pp -.Fn BIO_set_conn_int_port -sets the port using -.Fa port . -.Fa port -should -be of type -.Vt "int *" . -.Pp -.Fn BIO_get_conn_hostname -returns the hostname of the connect BIO or -.Dv NULL -if the BIO is initialized but no hostname is set. -This return value is an internal pointer which should not be modified. -.Pp -.Fn BIO_get_conn_port -returns the port as a string. -This return value is an internal pointer which should not be modified. -.Pp -.Fn BIO_get_conn_ip -returns the IP address in binary form. -.Pp -.Fn BIO_get_conn_int_port -returns the port as an -.Vt int . -.Pp -.Fn BIO_set_nbio -sets the non-blocking I/O flag to -.Fa n . -If -.Fa n -is zero then blocking I/O is set. -If -.Fa n -is 1 then non-blocking I/O is set. -Blocking I/O is the default. -The call to -.Fn BIO_set_nbio -should be made before the connection is established -because non-blocking I/O is set during the connect process. -.Pp -.Fn BIO_new_connect -combines -.Xr BIO_new 3 -and -.Fn BIO_set_conn_hostname -into a single call. -It creates a new connect BIO with -.Fa name . -.Pp -.Fn BIO_do_connect -attempts to connect the supplied BIO. -It returns 1 if the connection was established successfully. -A zero or negative value is returned if the connection -could not be established. -The call -.Xr BIO_should_retry 3 -should be used for non-blocking connect BIOs -to determine if the call should be retried. -.Pp -If blocking I/O is set then a non-positive return value from any -I/O call is caused by an error condition, although a zero return -will normally mean that the connection was closed. -.Pp -If the port name is supplied as part of the host name then this will -override any value set with -.Fn BIO_set_conn_port . -This may be undesirable if the application does not wish to allow -connection to arbitrary ports. -This can be avoided by checking for the presence of the -.Sq \&: -character in the passed hostname and either indicating an error -or truncating the string at that point. -.Pp -The values returned by -.Fn BIO_get_conn_hostname , -.Fn BIO_get_conn_port , -.Fn BIO_get_conn_ip , -and -.Fn BIO_get_conn_int_port -are updated when a connection attempt is made. -Before any connection attempt the values returned -are those set by the application itself. -.Pp -Applications do not have to call -.Fn BIO_do_connect -but may wish to do so to separate the connection process -from other I/O processing. -.Pp -If non-blocking I/O is set, -then retries will be requested as appropriate. -.Pp -In addition to -.Xr BIO_should_read 3 -and -.Xr BIO_should_write 3 -it is also possible for -.Xr BIO_should_io_special 3 -to be true during the initial connection process with the reason -.Dv BIO_RR_CONNECT . -If this is returned, it is an indication -that a connection attempt would block. -The application should then take appropriate action to wait -until the underlying socket has connected and retry the call. -.Pp -.Fn BIO_set_conn_hostname , -.Fn BIO_set_conn_port , -.Fn BIO_set_conn_ip , -.Fn BIO_set_conn_int_port , -.Fn BIO_get_conn_hostname , -.Fn BIO_get_conn_port , -.Fn BIO_get_conn_ip , -.Fn BIO_get_conn_int_port , -.Fn BIO_set_nbio , -and -.Fn BIO_do_connect -are macros. -.Sh RETURN VALUES -.Fn BIO_s_connect -returns the connect BIO method. -.Pp -.Xr BIO_get_fd 3 -returns the socket or -1 if the BIO has not been initialized. -.Pp -.Fn BIO_set_conn_hostname , -.Fn BIO_set_conn_port , -.Fn BIO_set_conn_ip , -and -.Fn BIO_set_conn_int_port -always return 1. -.Pp -.Fn BIO_get_conn_hostname -returns the connected hostname or -.Dv NULL -if none is set. -.Pp -.Fn BIO_get_conn_port -returns a string representing the connected port or -.Dv NULL -if not set. -.Pp -.Fn BIO_get_conn_ip -returns a pointer to the connected IP address in binary form -or all zeros if not set. -.Pp -.Fn BIO_get_conn_int_port -returns the connected port or 0 if none was set. -.Pp -.Fn BIO_set_nbio -always returns 1. -.Pp -.Fn BIO_do_connect -returns 1 if the connection was successfully -established and 0 or -1 if the connection failed. -.Sh EXAMPLES -This example connects to a webserver on the local host and attempts -to retrieve a page and copy the result to standard output. -.Bd -literal -offset 2n -BIO *cbio, *out; -int len; -char tmpbuf[1024]; - -ERR_load_crypto_strings(); -cbio = BIO_new_connect("localhost:http"); -out = BIO_new_fp(stdout, BIO_NOCLOSE); -if (BIO_do_connect(cbio) <= 0) { - fprintf(stderr, "Error connecting to server\en"); - ERR_print_errors_fp(stderr); - /* whatever ... */ -} -BIO_puts(cbio, "GET / HTTP/1.0\en\en"); -for(;;) { - len = BIO_read(cbio, tmpbuf, 1024); - if (len <= 0) - break; - BIO_write(out, tmpbuf, len); -} -BIO_free(cbio); -BIO_free(out); -.Ed -.Sh SEE ALSO -.Xr BIO_new 3 -.Sh HISTORY -.Fn BIO_s_connect , -.Fn BIO_new_connect , -.Fn BIO_set_nbio , -and -.Fn BIO_do_connect -first appeared in SSLeay 0.8.0. -.Fn BIO_set_conn_hostname , -.Fn BIO_set_conn_port , -.Fn BIO_set_conn_ip , -.Fn BIO_set_conn_int_port , -.Fn BIO_get_conn_hostname , -.Fn BIO_get_conn_port , -.Fn BIO_get_conn_ip , -and -.Fn BIO_get_conn_int_port -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_s_fd.3 b/src/lib/libcrypto/man/BIO_s_fd.3 deleted file mode 100644 index 5ac33e77ee..0000000000 --- a/src/lib/libcrypto/man/BIO_s_fd.3 +++ /dev/null @@ -1,206 +0,0 @@ -.\" $OpenBSD: BIO_s_fd.3,v 1.9 2018/05/01 17:05:05 schwarze Exp $ -.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 1 2018 $ -.Dt BIO_S_FD 3 -.Os -.Sh NAME -.Nm BIO_s_fd , -.Nm BIO_set_fd , -.Nm BIO_get_fd , -.Nm BIO_new_fd -.Nd file descriptor BIO -.Sh SYNOPSIS -.In openssl/bio.h -.Ft const BIO_METHOD * -.Fo BIO_s_fd -.Fa "void" -.Fc -.Ft long -.Fo BIO_set_fd -.Fa "BIO *b" -.Fa "int fd" -.Fa "long close_flag" -.Fc -.Ft long -.Fo BIO_get_fd -.Fa "BIO *b" -.Fa "int *c" -.Fc -.Ft BIO * -.Fo BIO_new_fd -.Fa "int fd" -.Fa "int close_flag" -.Fc -.Sh DESCRIPTION -.Fn BIO_s_fd -returns the file descriptor BIO method. -This is a wrapper around the platform's file descriptor routines such as -.Xr read 2 -and -.Xr write 2 . -.Pp -.Xr BIO_read 3 -and -.Xr BIO_write 3 -read or write the underlying descriptor. -.Xr BIO_puts 3 -is supported but -.Xr BIO_gets 3 -is not. -.Pp -If the close flag is set, -.Xr close 2 -is called on the underlying file descriptor when the -.Vt BIO -is freed. -.Pp -.Xr BIO_reset 3 -attempts to set the file pointer to the start of the file using -.Fn lseek fd 0 0 . -.Pp -.Xr BIO_seek 3 -sets the file pointer to position -.Fa ofs -from start of file using -.Fn lseek fd ofs 0 . -.Pp -.Xr BIO_tell 3 -returns the current file position by calling -.Fn lseek fd 0 1 . -.Pp -.Fn BIO_set_fd -sets the file descriptor of -.Vt BIO -.Fa b -to -.Fa fd -and the close flag to -.Fa close_flag . -It is currently implemented as a macro. -.Pp -.Fn BIO_get_fd -places the file descriptor in -.Fa c -if it is not -.Dv NULL -and also returns the file descriptor. -It is currently implemented as a macro. -.Pp -.Fn BIO_new_fd -returns a file descriptor BIO using -.Fa fd -and -.Fa close_flag . -.Pp -The behaviour of -.Xr BIO_read 3 -and -.Xr BIO_write 3 -depends on the behavior of the platform's -.Xr read 2 -and -.Xr write 2 -calls on the descriptor. -If the underlying file descriptor is in a non-blocking mode, -then the BIO will behave in the manner described in the -.Xr BIO_read 3 -and -.Xr BIO_should_retry 3 -manual pages. -.Pp -File descriptor BIOs should not be used for socket I/O. -Use socket BIOs instead. -.Pp -.Fn BIO_set_fd -and -.Fn BIO_get_fd -are implemented as macros. -.Sh RETURN VALUES -.Fn BIO_s_fd -returns the file descriptor BIO method. -.Pp -.Fn BIO_set_fd -always returns 1. -.Pp -.Fn BIO_get_fd -returns the file descriptor or -1 if the -.Vt BIO -has not been initialized. -.Pp -.Fn BIO_new_fd -returns the newly allocated -.Vt BIO -or -.Dv NULL -if an error occurred. -.Sh EXAMPLES -This is a file descriptor BIO version of "Hello World": -.Bd -literal -offset indent -BIO *out; -out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); -BIO_printf(out, "Hello World\en"); -BIO_free(out); -.Ed -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr BIO_read 3 , -.Xr BIO_s_socket 3 , -.Xr BIO_seek 3 -.Sh HISTORY -.Fn BIO_s_fd , -.Fn BIO_set_fd , -and -.Fn BIO_get_fd -first appeared in SSLeay 0.6.0. -.Fn BIO_new_fd -first appeared in SSLeay 0.8.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_s_file.3 b/src/lib/libcrypto/man/BIO_s_file.3 deleted file mode 100644 index 3b256dbcf7..0000000000 --- a/src/lib/libcrypto/man/BIO_s_file.3 +++ /dev/null @@ -1,319 +0,0 @@ -.\" $OpenBSD: BIO_s_file.3,v 1.11 2018/12/19 20:30:09 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2010 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: December 19 2018 $ -.Dt BIO_S_FILE 3 -.Os -.Sh NAME -.Nm BIO_s_file , -.Nm BIO_new_file , -.Nm BIO_new_fp , -.Nm BIO_set_fp , -.Nm BIO_get_fp , -.Nm BIO_read_filename , -.Nm BIO_write_filename , -.Nm BIO_append_filename , -.Nm BIO_rw_filename -.Nd FILE BIO -.Sh SYNOPSIS -.In openssl/bio.h -.Ft const BIO_METHOD * -.Fo BIO_s_file -.Fa void -.Fc -.Ft BIO * -.Fo BIO_new_file -.Fa "const char *filename" -.Fa "const char *mode" -.Fc -.Ft BIO * -.Fo BIO_new_fp -.Fa "FILE *stream" -.Fa "int flags" -.Fc -.Ft long -.Fo BIO_set_fp -.Fa "BIO *b" -.Fa "FILE *fp" -.Fa "int flags" -.Fc -.Ft long -.Fo BIO_get_fp -.Fa "BIO *b" -.Fa "FILE **fpp" -.Fc -.Ft int -.Fo BIO_read_filename -.Fa "BIO *b" -.Fa "char *name" -.Fc -.Ft int -.Fo BIO_write_filename -.Fa "BIO *b" -.Fa "char *name" -.Fc -.Ft int -.Fo BIO_append_filename -.Fa "BIO *b" -.Fa "char *name" -.Fc -.Ft int -.Fo BIO_rw_filename -.Fa "BIO *b" -.Fa "char *name" -.Fc -.Sh DESCRIPTION -.Fn BIO_s_file -returns the BIO file method. -As its name implies, it is a wrapper around the stdio -.Vt FILE -structure and it is a source/sink BIO. -.Pp -Calls to -.Xr BIO_read 3 -and -.Xr BIO_write 3 -read and write data to the underlying stream. -.Xr BIO_gets 3 -and -.Xr BIO_puts 3 -are supported on file BIOs. -.Pp -.Xr BIO_flush 3 -on a file BIO calls the -.Xr fflush 3 -function on the wrapped stream. -.Pp -.Xr BIO_reset 3 -attempts to change the file pointer to the start of file using -.Fn fseek stream 0 0 . -.Pp -.Xr BIO_seek 3 -sets the file pointer to position -.Fa ofs -from the start of the file using -.Fn fseek stream ofs 0 . -.Pp -.Xr BIO_eof 3 -calls -.Xr feof 3 . -.Pp -Setting the -.Dv BIO_CLOSE -flag calls -.Xr fclose 3 -on the stream when the BIO is freed. -.Pp -.Fn BIO_new_file -creates a new file BIO with mode -.Fa mode . -The meaning of -.Fa mode -is the same as for the stdio function -.Xr fopen 3 . -The -.Dv BIO_CLOSE -flag is set on the returned BIO. -.Pp -.Fn BIO_new_fp -creates a file BIO wrapping -.Fa stream . -Flags can be: -.Dv BIO_CLOSE , BIO_NOCLOSE Pq the close flag , -.Dv BIO_FP_TEXT -(sets the underlying stream to text mode, default is binary: -this only has any effect under Win32). -.Pp -.Fn BIO_set_fp -sets the file pointer of a file BIO to -.Fa fp . -.Fa flags -has the same meaning as in -.Fn BIO_new_fp . -.Fn BIO_set_fp -is a macro. -.Pp -.Fn BIO_get_fp -retrieves the file pointer of a file BIO, it is a macro. -.Pp -.Xr BIO_seek 3 -is a macro that sets the position pointer to -.Fa offset -bytes from the start of file. -.Pp -.Xr BIO_tell 3 -returns the value of the position pointer. -.Pp -.Fn BIO_read_filename , -.Fn BIO_write_filename , -.Fn BIO_append_filename , -and -.Fn BIO_rw_filename -set the file BIO -.Fa b -to use file -.Fa name -for reading, writing, append or read write respectively. -.Pp -When wrapping stdout, stdin, or stderr, the underlying stream -should not normally be closed, so the -.Dv BIO_NOCLOSE -flag should be set. -.Pp -Because the file BIO calls the underlying stdio functions, any quirks -in stdio behaviour will be mirrored by the corresponding BIO. -.Pp -On Windows, -.Fn BIO_new_files -reserves for the filename argument to be UTF-8 encoded. -In other words, if you have to make it work in a multi-lingual -environment, encode file names in UTF-8. -.Sh RETURN VALUES -.Fn BIO_s_file -returns the file BIO method. -.Pp -.Fn BIO_new_file -and -.Fn BIO_new_fp -return a file BIO or -.Dv NULL -if an error occurred. -.Pp -.Fn BIO_set_fp -and -.Fn BIO_get_fp -return 1 for success or 0 for failure (although the current -implementation never returns 0). -.Pp -.Xr BIO_seek 3 -returns the same value as the underlying -.Xr fseek 3 -function: 0 for success or -1 for failure. -.Pp -.Xr BIO_tell 3 -returns the current file position. -.Pp -.Fn BIO_read_filename , -.Fn BIO_write_filename , -.Fn BIO_append_filename , -and -.Fn BIO_rw_filename -return 1 for success or 0 for failure. -.Sh EXAMPLES -File BIO "hello world": -.Bd -literal -offset indent -BIO *bio_out; -bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); -BIO_printf(bio_out, "Hello World\en"); -.Ed -.Pp -Alternative technique: -.Bd -literal -offset indent -BIO *bio_out; -bio_out = BIO_new(BIO_s_file()); -if(bio_out == NULL) /* Error ... */ -if(!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */ -BIO_printf(bio_out, "Hello World\en"); -.Ed -.Pp -Write to a file: -.Bd -literal -offset indent -BIO *out; -out = BIO_new_file("filename.txt", "w"); -if(!out) /* Error occurred */ -BIO_printf(out, "Hello World\en"); -BIO_free(out); -.Ed -.Pp -Alternative technique: -.Bd -literal -offset indent -BIO *out; -out = BIO_new(BIO_s_file()); -if(out == NULL) /* Error ... */ -if(!BIO_write_filename(out, "filename.txt")) /* Error ... */ -BIO_printf(out, "Hello World\en"); -BIO_free(out); -.Ed -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr BIO_read 3 , -.Xr BIO_seek 3 -.Sh HISTORY -.Fn BIO_s_file , -.Fn BIO_set_fp , -.Fn BIO_get_fp , -.Fn BIO_read_filename , -.Fn BIO_write_filename , -and -.Fn BIO_append_filename -first appeared in SSLeay 0.6.0. -.Fn BIO_new_file -and -.Fn BIO_new_fp -first appeared in SSLeay 0.8.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn BIO_rw_filename -first appeared in SSLeay 0.9.1 and has been available since -.Ox 2.6 . -.Sh BUGS -.Xr BIO_reset 3 -and -.Xr BIO_seek 3 -are implemented using -.Xr fseek 3 -on the underlying stream. -The return value for -.Xr fseek 3 -is 0 for success or -1 if an error occurred. -This differs from other types of BIO which will typically return -1 for success and a non-positive value if an error occurred. diff --git a/src/lib/libcrypto/man/BIO_s_mem.3 b/src/lib/libcrypto/man/BIO_s_mem.3 deleted file mode 100644 index 89a9d55df1..0000000000 --- a/src/lib/libcrypto/man/BIO_s_mem.3 +++ /dev/null @@ -1,280 +0,0 @@ -.\" $OpenBSD: BIO_s_mem.3,v 1.14 2019/06/06 01:06:58 schwarze Exp $ -.\" full merge up to: OpenSSL 8711efb4 Mon Apr 20 11:33:12 2009 +0000 -.\" selective merge up to: OpenSSL 36359cec Mar 7 14:37:23 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt BIO_S_MEM 3 -.Os -.Sh NAME -.Nm BIO_s_mem , -.Nm BIO_set_mem_eof_return , -.Nm BIO_get_mem_data , -.Nm BIO_set_mem_buf , -.Nm BIO_get_mem_ptr , -.Nm BIO_new_mem_buf -.Nd memory BIO -.Sh SYNOPSIS -.In openssl/bio.h -.Ft const BIO_METHOD * -.Fo BIO_s_mem -.Fa "void" -.Fc -.Ft long -.Fo BIO_set_mem_eof_return -.Fa "BIO *b" -.Fa "int v" -.Fc -.Ft long -.Fo BIO_get_mem_data -.Fa "BIO *b" -.Fa "char **pp" -.Fc -.Ft long -.Fo BIO_set_mem_buf -.Fa "BIO *b" -.Fa "BUF_MEM *bm" -.Fa "int c" -.Fc -.Ft long -.Fo BIO_get_mem_ptr -.Fa "BIO *b" -.Fa "BUF_MEM **pp" -.Fc -.Ft BIO * -.Fo BIO_new_mem_buf -.Fa "const void *buf" -.Fa "int len" -.Fc -.Sh DESCRIPTION -.Fn BIO_s_mem -returns the memory BIO method function. -.Pp -A memory BIO is a source/sink BIO which uses memory for its I/O. -Data written to a memory BIO is stored in a -.Vt BUF_MEM -structure which is extended as appropriate to accommodate the stored data. -.Pp -Any data written to a memory BIO can be recalled by reading from it. -Unless the memory BIO is read only, -any data read from it is deleted from the BIO. -.Pp -Memory BIOs support -.Xr BIO_gets 3 -and -.Xr BIO_puts 3 . -.Pp -If the -.Dv BIO_CLOSE -flag is set when a memory BIO is freed, the underlying -.Dv BUF_MEM -structure is also freed. -.Pp -Calling -.Xr BIO_reset 3 -on a read/write memory BIO clears any data in it. -On a read only BIO it restores the BIO to its original state -and the read only data can be read again. -.Pp -.Xr BIO_eof 3 -is true if no data is in the BIO. -.Pp -.Xr BIO_ctrl_pending 3 -returns the number of bytes currently stored. -.Pp -.Fn BIO_set_mem_eof_return -sets the behaviour of memory BIO -.Fa b -when it is empty. -If -.Fa v -is zero, then an empty memory BIO will return EOF: -it will return zero and -.Fn BIO_should_retry -will be false. -If -.Fa v -is non-zero then it will return -.Fa v -when it is empty and it will set the read retry flag: -.Fn BIO_read_retry -is true. -To avoid ambiguity with a normal positive return value -.Fa v -should be set to a negative value, typically -1. -.Pp -.Fn BIO_get_mem_data -sets -.Pf * Fa pp -to a pointer to the start of the memory BIO's data -and returns the total amount of data available. -It is implemented as a macro. -.Pp -.Fn BIO_set_mem_buf -sets the internal BUF_MEM structure to -.Fa bm -and sets the close flag to -.Fa c . -That is, -.Fa c -should be either -.Dv BIO_CLOSE -or -.Dv BIO_NOCLOSE . -.Fn BIO_set_mem_buf -is a macro. -.Pp -.Fn BIO_get_mem_ptr -places the underlying -.Vt BUF_MEM -structure in -.Pf * Fa pp . -It is a macro. -.Pp -.Fn BIO_new_mem_buf -creates a memory BIO using -.Fa len -bytes of data at -.Fa buf . -If -.Fa len -is -1, then -.Fa buf -is assumed to be NUL terminated and its length is determined by -.Xr strlen 3 . -The BIO is set to a read only state and as a result cannot be written to. -This is useful when some data needs to be made available -from a static area of memory in the form of a BIO. -The supplied data is read directly from the supplied buffer: -it is -.Em not -copied first, so the supplied area of memory must be unchanged -until the BIO is freed. -.Pp -Writes to memory BIOs will always succeed if memory is available: -their size can grow indefinitely. -.Pp -Every read from a read/write memory BIO will remove the data just read -with an internal copy operation. -If a BIO contains a lot of data and it is read in small chunks, -the operation can be very slow. -The use of a read only memory BIO avoids this problem. -If the BIO must be read/write then adding a buffering BIO -to the chain will speed up the process. -.Sh RETURN VALUES -.Fn BIO_s_mem -returns a pointer to a static object. -.Pp -.Fn BIO_set_mem_eof_return , -.Fn BIO_get_mem_data , -.Fn BIO_set_mem_buf , -and -.Fn BIO_get_mem_ptr -return 1 on success or a value less than or equal to 0 if an error occurred. -.Pp -.Fn BIO_new_mem_buf -returns a newly allocated -.Vt BIO -object on success or -.Dv NULL -on error. -.Sh EXAMPLES -Create a memory BIO and write some data to it: -.Bd -literal -offset indent -BIO *mem = BIO_new(BIO_s_mem()); -BIO_puts(mem, "Hello World\en"); -.Ed -.Pp -Create a read only memory BIO: -.Bd -literal -offset indent -char data[] = "Hello World"; -BIO *mem; -mem = BIO_new_mem_buf(data, -1); -.Ed -.Pp -Extract the -.Vt BUF_MEM -structure from a memory BIO and then free up the BIO: -.Bd -literal -offset indent -BUF_MEM *bptr; -BIO_get_mem_ptr(mem, &bptr); -/* Make sure BIO_free() leaves BUF_MEM alone. */ -BIO_set_close(mem, BIO_NOCLOSE); -BIO_free(mem); -.Ed -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr BUF_MEM_new 3 -.Sh HISTORY -.Fn BIO_s_mem -first appeared in SSLeay 0.6.0. -.Fn BIO_set_mem_buf -and -.Fn BIO_get_mem_ptr -first appeared in SSLeay 0.6.5. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn BIO_set_mem_eof_return -and -.Fn BIO_get_mem_data -first appeared in SSLeay 0.9.1 and have been available since -.Ox 2.6 . -.Pp -.Fn BIO_new_mem_buf -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Sh BUGS -There should be an option to set the maximum size of a memory BIO. -.Pp -There should be a way to "rewind" a read/write BIO without destroying -its contents. -.Pp -The copying operation should not occur after every small read -of a large BIO to improve efficiency. diff --git a/src/lib/libcrypto/man/BIO_s_null.3 b/src/lib/libcrypto/man/BIO_s_null.3 deleted file mode 100644 index c991bd7357..0000000000 --- a/src/lib/libcrypto/man/BIO_s_null.3 +++ /dev/null @@ -1,88 +0,0 @@ -.\" $OpenBSD: BIO_s_null.3,v 1.8 2018/05/01 17:05:05 schwarze Exp $ -.\" OpenSSL e117a890 Sep 14 12:14:41 2000 +0000 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 1 2018 $ -.Dt BIO_S_NULL 3 -.Os -.Sh NAME -.Nm BIO_s_null -.Nd null data sink -.Sh SYNOPSIS -.In openssl/bio.h -.Ft const BIO_METHOD * -.Fo BIO_s_null -.Fa void -.Fc -.Sh DESCRIPTION -.Fn BIO_s_null -returns the null sink BIO method. -Data written to the null sink is discarded, reads return EOF. -.Pp -A null sink BIO behaves in a similar manner to the -.Xr null 4 -device. -.Pp -A null BIO can be placed on the end of a chain to discard any data -passed through it. -.Pp -A null sink is useful if, for example, an application wishes -to digest some data by writing through a digest bio -but not send the digested data anywhere. -Since a BIO chain must normally include a source/sink BIO, -this can be achieved by adding a null sink BIO to the end of the chain. -.Sh RETURN VALUES -.Fn BIO_s_null -returns the null sink BIO method. -.Sh SEE ALSO -.Xr BIO_new 3 -.Sh HISTORY -.Fn BIO_s_null -first appeared in SSLeay 0.6.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_s_socket.3 b/src/lib/libcrypto/man/BIO_s_socket.3 deleted file mode 100644 index 63ab1deb4b..0000000000 --- a/src/lib/libcrypto/man/BIO_s_socket.3 +++ /dev/null @@ -1,116 +0,0 @@ -.\" $OpenBSD: BIO_s_socket.3,v 1.9 2018/05/01 17:05:05 schwarze Exp $ -.\" OpenSSL bbdc9c98 Oct 19 22:02:21 2000 +0000 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 1 2018 $ -.Dt BIO_S_SOCKET 3 -.Os -.Sh NAME -.Nm BIO_s_socket , -.Nm BIO_new_socket -.Nd socket BIO -.Sh SYNOPSIS -.In openssl/bio.h -.Ft const BIO_METHOD * -.Fo BIO_s_socket -.Fa void -.Fc -.Ft BIO * -.Fo BIO_new_socket -.Fa "int sock" -.Fa "int close_flag" -.Fc -.Sh DESCRIPTION -.Fn BIO_s_socket -returns the socket BIO method. -This is a wrapper around the platform's socket routines. -.Pp -.Xr BIO_read 3 -and -.Xr BIO_write 3 -read or write the underlying socket. -.Xr BIO_puts 3 -is supported but -.Xr BIO_gets 3 -is not. -.Pp -If the close flag is set, then the socket is shut down and closed -when the BIO is freed. -.Pp -.Fn BIO_new_socket -returns a socket BIO using -.Fa sock -and -.Fa close_flag . -.Pp -Socket BIOs also support any relevant functionality of file descriptor BIOs. -.Pp -The reason for having separate file descriptor and socket BIOs -is that on some platforms, sockets are not file descriptors -and use distinct I/O routines. -Windows is one such platform. -Any code mixing the two will not work on all platforms. -.Sh RETURN VALUES -.Fn BIO_s_socket -returns the socket BIO method. -.Pp -.Fn BIO_new_socket -returns the newly allocated BIO or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr BIO_get_fd 3 , -.Xr BIO_new 3 -.Sh HISTORY -.Fn BIO_s_socket -first appeared in SSLeay 0.6.0. -.Fn BIO_new_socket -first appeared in SSLeay 0.8.0. -Both functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_set_callback.3 b/src/lib/libcrypto/man/BIO_set_callback.3 deleted file mode 100644 index 34b7c07a9f..0000000000 --- a/src/lib/libcrypto/man/BIO_set_callback.3 +++ /dev/null @@ -1,269 +0,0 @@ -.\" $OpenBSD: BIO_set_callback.3,v 1.9 2018/03/29 20:42:17 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2016, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 29 2018 $ -.Dt BIO_SET_CALLBACK 3 -.Os -.Sh NAME -.Nm BIO_set_callback , -.Nm BIO_get_callback , -.Nm BIO_set_callback_arg , -.Nm BIO_get_callback_arg , -.Nm BIO_debug_callback -.Nd BIO callback functions -.Sh SYNOPSIS -.In openssl/bio.h -.Ft void -.Fo BIO_set_callback -.Fa "BIO *b" -.Fa "BIO_callback_fn cb" -.Fc -.Ft BIO_callback_fn -.Fo BIO_get_callback -.Fa "BIO *b" -.Fc -.Ft void -.Fo BIO_set_callback_arg -.Fa "BIO *b" -.Fa "char *arg" -.Fc -.Ft char * -.Fo BIO_get_callback_arg -.Fa "const BIO *b" -.Fc -.Ft long -.Fo BIO_debug_callback -.Fa "BIO *bio" -.Fa "int oper" -.Fa "const char *argp" -.Fa "int argi" -.Fa "long argl" -.Fa "long ret" -.Fc -.Ft typedef long -.Fo "(*BIO_callback_fn)" -.Fa "BIO *b" -.Fa "int oper" -.Fa "const char *argp" -.Fa "int argi" -.Fa "long argl" -.Fa "long ret" -.Fc -.Sh DESCRIPTION -.Fn BIO_set_callback -and -.Fn BIO_get_callback -set and retrieve the BIO callback. -The callback is called during most high level BIO operations. -It can be used for debugging purposes to trace operations on a BIO -or to modify its operation. -.Pp -.Fn BIO_set_callback_arg -and -.Fn BIO_get_callback_arg -set and retrieve an argument for use in the callback. -.Pp -.Fn BIO_debug_callback -is a standard debugging callback which prints -out information relating to each BIO operation. -If the callback argument is set, it is interpreted as a BIO -to send the information to, otherwise stderr is used. -.Pp -.Fn BIO_callback_fn -is the type of the callback function. -The meaning of each argument is described below. -.Pp -The BIO the callback is attached to is passed in -.Fa b . -.Pp -.Fa oper -is set to the operation being performed. -For some operations the callback is called twice, -once before and once after the actual operation. -The latter case has -.Fa oper -or'ed with -.Dv BIO_CB_RETURN . -.Pp -The meaning of the arguments -.Fa argp , -.Fa argi -and -.Fa argl -depends on the value of -.Fa oper -(i.e. the operation being performed). -.Pp -When -.Fa oper -does not include -.Dv BIO_CB_RETURN , -i.e. when the callback is invoked before an operation, -the value passed into the callback via -.Fa ret -is always 1. -In this case, if the callback returns a negative value, the library -aborts the requested operation and instead returns the negative -return value from the callback to the application. -If the callback returns a non-negative value, that return value is -ignored by the library, and the operation is performed normally. -.Pp -When -.Fa oper -includes -.Dv BIO_CB_RETURN , -i.e. when the callback is invoked after an operation, -the value passed into the callback via -.Fa ret -is the return value that the operation would return to the application -if no callback were present. -When a callback is present, the operation only passes this value -to the callback and instead of it returns the return value of the -callback to the application. -.Pp -The callback should normally simply return -.Fa ret -when it has finished processing, unless it specifically wishes to -abort the operation or to modify the value returned to the application. -.Ss Callback operations -.Bl -tag -width Ds -.It Fn BIO_free b -.Fn callback b BIO_CB_FREE NULL 0L 0L 1L -is called before the free operation. -.It Fn BIO_read b out outl -.Fn callback b BIO_CB_READ out outl 0L 1L -is called before the read and -.Fn callback b BIO_CB_READ|BIO_CB_RETURN out outl 0L ret -after. -.It Fn BIO_write b in inl -.Fn callback b BIO_CB_WRITE in inl 0L 1L -is called before the write and -.Fn callback b BIO_CB_WRITE|BIO_CB_RETURN in inl 0L ret -after. -.It Fn BIO_gets b out outl -.Fn callback b BIO_CB_GETS out outl 0L 1L -is called before the operation and -.Fn callback b BIO_CB_GETS|BIO_CB_RETURN out outl 0L ret -after. -.It Fn BIO_puts b in -.Fn callback b BIO_CB_PUTS in 0 0L 1L -is called before the operation and -.Fn callback b BIO_CB_PUTS|BIO_CB_RETURN in 0 0L ret -after. -.It Fn BIO_ctrl b oper larg parg -.Fn callback b BIO_CB_CTRL parg oper larg 1L -is called before the call and -.Fn callback b BIO_CB_CTRL|BIO_CB_RETURN parg oper larg ret -after. -.El -.Sh RETURN VALUES -.Fn BIO_get_callback -returns a pointer to the function -.Fa cb -previously installed with -.Fn BIO_set_callback , -or -.Dv NULL -if no callback was installed. -.Pp -.Fn BIO_get_callback_arg -returns a pointer to the -.Fa arg -previously set with -.Fn BIO_set_callback_arg , -or -.Dv NULL -if no such argument was set. -.Pp -.Fn BIO_debug_callback -returns -.Fa ret -if the bit -.Dv BIO_CB_RETURN -is set in -.Fa cmd , -or 1 otherwise. -.Sh EXAMPLES -The -.Fn BIO_debug_callback -function is a good example. -Its source is in the file -.Pa crypto/bio/bio_cb.c . -.Sh SEE ALSO -.Xr BIO_new 3 -.Sh HISTORY -.Fn BIO_set_callback , -.Fn BIO_get_callback , -.Fn BIO_set_callback_arg , -and -.Fn BIO_debug_callback -first appeared in SSLeay 0.6.0. -.Fn BIO_get_callback_arg -first appeared in SSLeay 0.8.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_should_retry.3 b/src/lib/libcrypto/man/BIO_should_retry.3 deleted file mode 100644 index 43b19b89e1..0000000000 --- a/src/lib/libcrypto/man/BIO_should_retry.3 +++ /dev/null @@ -1,236 +0,0 @@ -.\" $OpenBSD: BIO_should_retry.3,v 1.9 2018/12/19 21:12:58 schwarze Exp $ -.\" full merge up to: OpenSSL 60e24554 Apr 6 14:45:18 2010 +0000 -.\" selective merge up to: OpenSSL 57fd5170 May 13 11:24:11 2018 +0200 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2010, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: December 19 2018 $ -.Dt BIO_SHOULD_RETRY 3 -.Os -.Sh NAME -.Nm BIO_should_read , -.Nm BIO_should_write , -.Nm BIO_should_io_special , -.Nm BIO_retry_type , -.Nm BIO_should_retry , -.Nm BIO_get_retry_BIO , -.Nm BIO_get_retry_reason -.Nd BIO retry functions -.Sh SYNOPSIS -.In openssl/bio.h -.Ft int -.Fo BIO_should_read -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_should_write -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_should_io_special -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_retry_type -.Fa "BIO *b" -.Fc -.Ft int -.Fo BIO_should_retry -.Fa "BIO *b" -.Fc -.Fd #define BIO_FLAGS_READ 0x01 -.Fd #define BIO_FLAGS_WRITE 0x02 -.Fd #define BIO_FLAGS_IO_SPECIAL 0x04 -.Fd #define BIO_FLAGS_RWS \e -.Fd \& (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) -.Fd #define BIO_FLAGS_SHOULD_RETRY 0x08 -.Ft BIO * -.Fo BIO_get_retry_BIO -.Fa "BIO *bio" -.Fa "int *reason" -.Fc -.Ft int -.Fo BIO_get_retry_reason -.Fa "BIO *bio" -.Fc -.Sh DESCRIPTION -These functions determine why a BIO is not able to read or write data. -They will typically be called after a failed -.Xr BIO_read 3 -or -.Xr BIO_write 3 -call. -.Pp -.Fn BIO_should_retry -returns 1 if the call that produced this condition should be retried -at a later time, or 0 if an error occurred. -.Pp -.Fn BIO_should_read -returns 1 if the cause of the retry condition is that a BIO needs -to read data, or 0 otherwise. -.Pp -.Fn BIO_should_write -returns 1 if the cause of the retry condition is that a BIO needs -to write data, or 0 otherwise. -.Pp -.Fn BIO_should_io_special -returns 1 if some special condition (i.e. a reason other than reading -or writing) is the cause of the retry condition, or 0 otherwise. -.Pp -.Fn BIO_retry_type -returns the bitwise OR of one or more of the flags -.Dv BIO_FLAGS_READ , -.Dv BIO_FLAGS_WRITE , -and -.Dv BIO_FLAGS_IO_SPECIAL -representing the cause of the current retry condition, -or 0 if there is no retry condition. -Current BIO types only set one of the flags at a time. -.Pp -.Fn BIO_get_retry_BIO -determines the precise reason for the special condition. -It returns the BIO that caused this condition and if -.Fa reason -is not -.Dv NULL -it contains the reason code. -The meaning of the reason code and the action that should be taken -depends on the type of BIO that resulted in this condition. -.Pp -.Fn BIO_get_retry_reason -returns the reason for a special condition -if passed the relevant BIO, for example as returned by -.Fn BIO_get_retry_BIO . -.Pp -.Fn BIO_should_retry , -.Fn BIO_should_read , -.Fn BIO_should_write , -.Fn BIO_should_io_special , -and -.Fn BIO_retry_type -are implemented as macros. -.Pp -If -.Fn BIO_should_retry -returns false, then the precise "error condition" depends on -the BIO type that caused it and the return code of the BIO operation. -For example if a call to -.Xr BIO_read 3 -on a socket BIO returns 0 and -.Fn BIO_should_retry -is false, then the cause will be that the connection closed. -A similar condition on a file BIO will mean that it has reached EOF. -Some BIO types may place additional information on the error queue. -For more details see the individual BIO type manual pages. -.Pp -If the underlying I/O structure is in a blocking mode, -almost all current BIO types will not request a retry, -because the underlying I/O calls will not. -If the application knows that the BIO type will never -signal a retry then it need not call -.Fn BIO_should_retry -after a failed BIO I/O call. -This is typically done with file BIOs. -.Pp -SSL BIOs are the only current exception to this rule: -they can request a retry even if the underlying I/O structure -is blocking, if a handshake occurs during a call to -.Xr BIO_read 3 . -An application can retry the failed call immediately -or avoid this situation by setting -.Dv SSL_MODE_AUTO_RETRY -on the underlying SSL structure. -.Pp -While an application may retry a failed non-blocking call immediately, -this is likely to be very inefficient because the call will fail -repeatedly until data can be processed or is available. -An application will normally wait until the necessary condition -is satisfied. -How this is done depends on the underlying I/O structure. -.Pp -For example if the cause is ultimately a socket and -.Fn BIO_should_read -is true then a call to -.Xr select 2 -may be made to wait until data is available -and then retry the BIO operation. -By combining the retry conditions of several non-blocking BIOs in a single -.Xr select 2 -call it is possible to service several BIOs in a single thread, -though the performance may be poor if SSL BIOs are present because -long delays can occur during the initial handshake process. -.Pp -It is possible for a BIO to block indefinitely if the underlying I/O -structure cannot process or return any data. -This depends on the behaviour of the platforms I/O functions. -This is often not desirable: one solution is to use non-blocking I/O -and use a timeout on the -.Xr select 2 -(or equivalent) call. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr BIO_read 3 -.Sh HISTORY -.Fn BIO_should_read , -.Fn BIO_should_write , -.Fn BIO_retry_type , -and -.Fn BIO_should_retry -first appeared in SSLeay 0.6.0. -.Fn BIO_should_io_special , -.Fn BIO_get_retry_BIO , -and -.Fn BIO_get_retry_reason -first appeared in SSLeay 0.8.0. -All these functions have been available since -.Ox 2.4 . -.Sh BUGS -The OpenSSL ASN.1 functions cannot gracefully deal with non-blocking I/O: -they cannot retry after a partial read or write. -This is usually worked around by only passing the relevant data to ASN.1 -functions when the entire structure can be read or written. diff --git a/src/lib/libcrypto/man/BN_BLINDING_new.3 b/src/lib/libcrypto/man/BN_BLINDING_new.3 deleted file mode 100644 index b507e5bca8..0000000000 --- a/src/lib/libcrypto/man/BN_BLINDING_new.3 +++ /dev/null @@ -1,332 +0,0 @@ -.\" $OpenBSD: BN_BLINDING_new.3,v 1.11 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" -.\" This file was written by Nils Larsch . -.\" Copyright (c) 2005, 2008, 2013, 2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt BN_BLINDING_NEW 3 -.Os -.Sh NAME -.Nm BN_BLINDING_new , -.Nm BN_BLINDING_free , -.Nm BN_BLINDING_update , -.Nm BN_BLINDING_convert , -.Nm BN_BLINDING_invert , -.Nm BN_BLINDING_convert_ex , -.Nm BN_BLINDING_invert_ex , -.Nm BN_BLINDING_get_thread_id , -.Nm BN_BLINDING_set_thread_id , -.Nm BN_BLINDING_thread_id , -.Nm BN_BLINDING_get_flags , -.Nm BN_BLINDING_set_flags , -.Nm BN_BLINDING_create_param -.Nd blinding related BIGNUM functions -.Sh SYNOPSIS -.In openssl/bn.h -.Ft BN_BLINDING * -.Fo BN_BLINDING_new -.Fa "const BIGNUM *A" -.Fa "const BIGNUM *Ai" -.Fa "BIGNUM *mod" -.Fc -.Ft void -.Fo BN_BLINDING_free -.Fa "BN_BLINDING *b" -.Fc -.Ft int -.Fo BN_BLINDING_update -.Fa "BN_BLINDING *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_BLINDING_convert -.Fa "BIGNUM *n" -.Fa "BN_BLINDING *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_BLINDING_invert -.Fa "BIGNUM *n" -.Fa "BN_BLINDING *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_BLINDING_convert_ex -.Fa "BIGNUM *n" -.Fa "BIGNUM *r" -.Fa "BN_BLINDING *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_BLINDING_invert_ex -.Fa "BIGNUM *n" -.Fa "const BIGNUM *r" -.Fa "BN_BLINDING *b" -.Fa "BN_CTX *ctx" -.Fc -.Fd #ifndef OPENSSL_NO_DEPRECATED -.Ft unsigned long -.Fo BN_BLINDING_get_thread_id -.Fa "const BN_BLINDING *" -.Fc -.Ft void -.Fo BN_BLINDING_set_thread_id -.Fa "BN_BLINDING *" -.Fa "unsigned long" -.Fc -.Fd #endif -.Ft CRYPTO_THREADID * -.Fo BN_BLINDING_thread_id -.Fa "BN_BLINDING *" -.Fc -.Ft unsigned long -.Fo BN_BLINDING_get_flags -.Fa "const BN_BLINDING *" -.Fc -.Ft void -.Fo BN_BLINDING_set_flags -.Fa "BN_BLINDING *" -.Fa "unsigned long" -.Fc -.Ft BN_BLINDING * -.Fo BN_BLINDING_create_param -.Fa "BN_BLINDING *b" -.Fa "const BIGNUM *e" -.Fa "BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fa "int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,\ - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)" -.Fa "BN_MONT_CTX *m_ctx" -.Fc -.Sh DESCRIPTION -.Fn BN_BLINDING_new -allocates a new -.Vt BN_BLINDING -structure and copies the -.Fa A -and -.Fa \&Ai -values into the newly created -.Vt BN_BLINDING -object. -.Pp -.Fn BN_BLINDING_free -frees the -.Vt BN_BLINDING -structure. -If -.Fa b -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn BN_BLINDING_update -updates the -.Vt BN_BLINDING -parameters by squaring the -.Fa A -and -.Fa \&Ai -or, after a specific number of uses and if the necessary parameters are -set, by re-creating the blinding parameters. -.Pp -.Fn BN_BLINDING_convert_ex -multiplies -.Fa n -with the blinding factor -.Fa A . -If -.Fa r -is not -.Dv NULL , -a copy of the inverse blinding factor -.Fa \&Ai -will be returned in -.Fa r -(this is useful if an -.Vt RSA -object is shared among several threads). -.Fn BN_BLINDING_invert_ex -multiplies -.Fa n -with the inverse blinding factor -.Fa \&Ai . -If -.Fa r -is not -.Dv NULL , -it will be used as the inverse blinding. -.Pp -.Fn BN_BLINDING_convert -and -.Fn BN_BLINDING_invert -are wrapper functions for -.Fn BN_BLINDING_convert_ex -and -.Fn BN_BLINDING_invert_ex -with -.Fa r -set to -.Dv NULL . -.Pp -.Fn BN_BLINDING_thread_id -provides access to the -.Vt CRYPTO_THREADID -object within the -.Vt BN_BLINDING -structure. -This is to help users provide proper locking if needed for -multi-threaded use. -The thread ID object of a newly allocated -.Vt BN_BLINDING -structure is initialised to the thread ID in which -.Fn BN_BLINDING_new -was called. -.Pp -.Fn BN_BLINDING_get_flags -returns the -.Dv BN_BLINDING_* -flags. -Currently there are two supported flags: -.Dv BN_BLINDING_NO_UPDATE -and -.Dv BN_BLINDING_NO_RECREATE . -.Dv BN_BLINDING_NO_UPDATE -inhibits the automatic update of the -.Vt BN_BLINDING -parameters after each use and -.Dv BN_BLINDING_NO_RECREATE -inhibits the automatic re-creation of the -.Vt BN_BLINDING -parameters after a fixed number of uses (currently 32). -In newly allocated -.Vt BN_BLINDING -objects no flags are set. -.Fn BN_BLINDING_set_flags -sets the -.Dv BN_BLINDING_* -parameters flags. -.Pp -.Fn BN_BLINDING_create_param -creates new -.Vt BN_BLINDING -parameters using the exponent -.Fa e -and the modulus -.Fa m . -.Fa bn_mod_exp -and -.Fa m_ctx -can be used to pass special functions for exponentiation (normally -.Xr BN_mod_exp 3 -and -.Vt BN_MONT_CTX ) . -.Sh RETURN VALUES -.Fn BN_BLINDING_new -returns the newly allocated -.Vt BN_BLINDING -structure or -.Dv NULL -in case of an error. -.Pp -.Fn BN_BLINDING_update , -.Fn BN_BLINDING_convert , -.Fn BN_BLINDING_invert , -.Fn BN_BLINDING_convert_ex -and -.Fn BN_BLINDING_invert_ex -return 1 on success and 0 if an error occurred. -.Pp -.Fn BN_BLINDING_thread_id -returns a pointer to the thread ID object within a -.Vt BN_BLINDING -object. -.Pp -.Fn BN_BLINDING_get_flags -returns the currently set -.Dv BN_BLINDING_* -flags (an -.Vt unsigned long -value). -.Pp -.Fn BN_BLINDING_create_param -returns the newly created -.Vt BN_BLINDING -parameters or -.Dv NULL -on error. -.Sh SEE ALSO -.Xr BN_new 3 , -.Xr RSA_blinding_on 3 -.Sh HISTORY -.Fn BN_BLINDING_new , -.Fn BN_BLINDING_free , -.Fn BN_BLINDING_update , -.Fn BN_BLINDING_convert , -and -.Fn BN_BLINDING_invert -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . -.Pp -.Fn BN_BLINDING_convert_ex , -.Fn BN_BLINDIND_invert_ex , -.Fn BN_BLINDING_get_thread_id , -.Fn BN_BLINDING_set_thread_id , -.Fn BN_BLINDING_get_flags , -.Fn BN_BLINDING_set_flags , -and -.Fn BN_BLINDING_create_param -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn BN_BLINDING_thread_id -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . -.Sh AUTHORS -.An Nils Larsch Aq Mt nils@openssl.org diff --git a/src/lib/libcrypto/man/BN_CTX_new.3 b/src/lib/libcrypto/man/BN_CTX_new.3 deleted file mode 100644 index 01b1e447a7..0000000000 --- a/src/lib/libcrypto/man/BN_CTX_new.3 +++ /dev/null @@ -1,143 +0,0 @@ -.\" $OpenBSD: BN_CTX_new.3,v 1.9 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL aafbe1cc Jun 12 23:42:08 2013 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt BN_CTX_NEW 3 -.Os -.Sh NAME -.Nm BN_CTX_new , -.Nm BN_CTX_free , -.Nm BN_CTX_init -.Nd allocate and free BN_CTX structures -.Sh SYNOPSIS -.In openssl/bn.h -.Ft BN_CTX * -.Fo BN_CTX_new -.Fa void -.Fc -.Ft void -.Fo BN_CTX_free -.Fa "BN_CTX *c" -.Fc -.Pp -Deprecated: -.Pp -.Ft void -.Fo BN_CTX_init -.Fa "BN_CTX *c" -.Fc -.Sh DESCRIPTION -A -.Vt BN_CTX -is a structure that holds -.Vt BIGNUM -temporary variables used by library functions. -Since dynamic memory allocation to create -.Vt BIGNUM Ns s -is rather expensive when used in conjunction with repeated subroutine -calls, the -.Vt BN_CTX -structure is used. -.Pp -.Fn BN_CTX_new -allocates and initializes a -.Vt BN_CTX -structure. -.Pp -.Fn BN_CTX_free -frees the components of the -.Vt BN_CTX -and, if it was created by -.Fn BN_CTX_new , -also the structure itself. -If -.Xr BN_CTX_start 3 -has been used on the -.Vt BN_CTX , -.Xr BN_CTX_end 3 -must be called before the -.Vt BN_CTX -may be freed by -.Fn BN_CTX_free . -If -.Fa c -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn BN_CTX_init -(deprecated) initializes an existing uninitialized -.Vt BN_CTX . -This should not be used for new programs. -Use -.Fn BN_CTX_new -instead. -.Sh RETURN VALUES -.Fn BN_CTX_new -returns a pointer to the -.Vt BN_CTX . -If the allocation fails, it returns -.Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_add 3 , -.Xr BN_CTX_start 3 , -.Xr BN_new 3 -.Sh HISTORY -.Fn BN_CTX_new -and -.Fn BN_CTX_free -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn BN_CTX_init -first appeared in SSLeay 0.9.1 and has been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BN_CTX_start.3 b/src/lib/libcrypto/man/BN_CTX_start.3 deleted file mode 100644 index a2b62eff5c..0000000000 --- a/src/lib/libcrypto/man/BN_CTX_start.3 +++ /dev/null @@ -1,137 +0,0 @@ -.\" $OpenBSD: BN_CTX_start.3,v 1.8 2019/08/20 10:59:09 schwarze Exp $ -.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 20 2019 $ -.Dt BN_CTX_START 3 -.Os -.Sh NAME -.Nm BN_CTX_start , -.Nm BN_CTX_get , -.Nm BN_CTX_end -.Nd use temporary BIGNUM variables -.Sh SYNOPSIS -.In openssl/bn.h -.Ft void -.Fo BN_CTX_start -.Fa "BN_CTX *ctx" -.Fc -.Ft BIGNUM * -.Fo BN_CTX_get -.Fa "BN_CTX *ctx" -.Fc -.Ft void -.Fo BN_CTX_end -.Fa "BN_CTX *ctx" -.Fc -.Sh DESCRIPTION -These functions are used to obtain temporary -.Vt BIGNUM -variables from a -.Vt BN_CTX -(which can be created using -.Xr BN_CTX_new 3 ) -in order to save the overhead of repeatedly creating and freeing -.Vt BIGNUM Ns s -in functions that are called from inside a loop. -.Pp -A function must call -.Fn BN_CTX_start -first. -Then, -.Fn BN_CTX_get -may be called repeatedly to obtain temporary -.Vt BIGNUM Ns s . -All -.Fn BN_CTX_get -calls must be made before calling any other functions that use the -.Fa ctx -as an argument. -.Pp -Finally, -.Fn BN_CTX_end -must be called before returning from the function. -When -.Fn BN_CTX_end -is called, the -.Vt BIGNUM -pointers obtained from -.Fn BN_CTX_get -become invalid. -If -.Fa ctx -is -.Dv NULL , -no action occurs. -.Sh RETURN VALUES -.Fn BN_CTX_get -returns a pointer to the -.Vt BIGNUM , -or -.Dv NULL -on error. -Once -.Fn BN_CTX_get -has failed, the subsequent calls will return -.Dv NULL -as well, so it is sufficient to check the return value of the last -.Fn BN_CTX_get -call. -In case of an error, an error code is set which can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_CTX_new 3 , -.Xr BN_new 3 -.Sh HISTORY -.Fn BN_CTX_start , -.Fn BN_CTX_get , -and -.Fn BN_CTX_end -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/BN_add.3 b/src/lib/libcrypto/man/BN_add.3 deleted file mode 100644 index 8a11d7c080..0000000000 --- a/src/lib/libcrypto/man/BN_add.3 +++ /dev/null @@ -1,466 +0,0 @@ -.\" $OpenBSD: BN_add.3,v 1.13 2018/04/29 15:58:21 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller -.\" and Bodo Moeller . -.\" Copyright (c) 2000, 2001, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: April 29 2018 $ -.Dt BN_ADD 3 -.Os -.Sh NAME -.Nm BN_add , -.Nm BN_sub , -.Nm BN_mul , -.Nm BN_sqr , -.Nm BN_div , -.Nm BN_mod , -.Nm BN_nnmod , -.Nm BN_mod_add , -.Nm BN_mod_sub , -.Nm BN_mod_mul , -.Nm BN_mod_sqr , -.Nm BN_exp , -.Nm BN_mod_exp , -.\" The following are public, but intentionally undocumented for now: -.\" .Nm BN_mod_exp_mont_consttime , -.\" .Nm BN_mod_exp_mont , -.\" .Nm BN_mod_exp_mont_word , -.\" .Nm BN_mod_exp_recp , -.\" .Nm BN_mod_exp_simple , -.\" Maybe they should be deleted from . -.Nm BN_gcd -.Nd arithmetic operations on BIGNUMs -.Sh SYNOPSIS -.In openssl/bn.h -.Ft int -.Fo BN_add -.Fa "BIGNUM *r" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *b" -.Fc -.Ft int -.Fo BN_sub -.Fa "BIGNUM *r" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *b" -.Fc -.Ft int -.Fo BN_mul -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_sqr -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_div -.Fa "BIGNUM *dv" -.Fa "BIGNUM *rem" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *d" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_mod -.Fa "BIGNUM *rem" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_nnmod -.Fa "BIGNUM *r" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_mod_add -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_mod_sub -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_mod_mul -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_mod_sqr -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_exp -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *p" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_mod_exp -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "const BIGNUM *p" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_gcd -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fa "BN_CTX *ctx" -.Fc -.Sh DESCRIPTION -.Fn BN_add -adds -.Fa a -and -.Fa b -and places the result in -.Fa r -.Pq Li r=a+b . -.Fa r -may be the same -.Vt BIGNUM -as -.Fa a -or -.Fa b . -.Pp -.Fn BN_sub -subtracts -.Fa b -from -.Fa a -and places the result in -.Fa r -.Pq Li r=a-b . -.Fa r -may be the same -.Vt BIGNUM -as -.Fa a -or -.Fa b . -.Pp -.Fn BN_mul -multiplies -.Fa a -and -.Fa b -and places the result in -.Fa r -.Pq Li r=a*b . -.Fa r -may be the same -.Vt BIGNUM -as -.Fa a -or -.Fa b . -For multiplication by powers of 2, use -.Xr BN_lshift 3 . -.Pp -.Fn BN_sqr -takes the square of -.Fa a -and places the result in -.Fa r -.Pq Li r=a^2 . -.Fa r -and -.Fa a -may be the same -.Vt BIGNUM . -This function is faster than -.Fn BN_mul r a a . -.Pp -.Fn BN_div -divides -.Fa a -by -.Fa d -and places the result in -.Fa dv -and the remainder in -.Fa rem -.Pq Li dv=a/d , rem=a%d . -If the flag -.Dv BN_FLG_CONSTTIME -is set on -.Fa a -or -.Fa d , -it operates in constant time. -Either of -.Fa dv -and -.Fa rem -may be -.Dv NULL , -in which case the respective value is not returned. -The result is rounded towards zero; thus if -.Fa a -is negative, the remainder will be zero or negative. -For division by powers of 2, use -.Fn BN_rshift 3 . -.Pp -.Fn BN_mod -corresponds to -.Fn BN_div -with -.Fa dv -set to -.Dv NULL . -It is implemented as a macro. -.Pp -.Fn BN_nnmod -reduces -.Fa a -modulo -.Fa m -and places the non-negative remainder in -.Fa r . -.Pp -.Fn BN_mod_add -adds -.Fa a -to -.Fa b -modulo -.Fa m -and places the non-negative result in -.Fa r . -.Pp -.Fn BN_mod_sub -subtracts -.Fa b -from -.Fa a -modulo -.Fa m -and places the non-negative result in -.Fa r . -.Pp -.Fn BN_mod_mul -multiplies -.Fa a -by -.Fa b -and finds the non-negative remainder respective to modulus -.Fa m -.Pq Li r=(a*b)%m . -.Fa r -may be the same -.Vt BIGNUM -as -.Fa a -or -.Fa b . -For more efficient algorithms for repeated computations using the same -modulus, see -.Xr BN_mod_mul_montgomery 3 -and -.Xr BN_mod_mul_reciprocal 3 . -.Pp -.Fn BN_mod_sqr -takes the square of -.Fa a -modulo -.Fa m -and places the result in -.Fa r . -.Pp -.Fn BN_exp -raises -.Fa a -to the -.Fa p Ns -th -power and places the result in -.Fa r -.Pq Li r=a^p . -This function is faster than repeated applications of -.Fn BN_mul . -.Pp -.Fn BN_mod_exp -computes -.Fa a -to the -.Fa p Ns -th -power modulo -.Fa m -.Pq Li r=(a^p)%m . -If the flag -.Dv BN_FLG_CONSTTIME -is set on -.Fa p , -it operates in constant time. -This function uses less time and space than -.Fn BN_exp . -.Pp -.Fn BN_gcd -computes the greatest common divisor of -.Fa a -and -.Fa b -and places the result in -.Fa r . -.Fa r -may be the same -.Vt BIGNUM -as -.Fa a -or -.Fa b . -.Pp -For all functions, -.Fa ctx -is a previously allocated -.Vt BN_CTX -used for temporary variables; see -.Xr BN_CTX_new 3 . -.Pp -Unless noted otherwise, the result -.Vt BIGNUM -must be different from the arguments. -.Sh RETURN VALUES -For all functions, 1 is returned for success, 0 on error. -The return value should always be checked, for example: -.Pp -.Dl if (!BN_add(r,a,b)) goto err; -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_add_word 3 , -.Xr BN_CTX_new 3 , -.Xr BN_new 3 , -.Xr BN_set_bit 3 , -.Xr BN_set_flags 3 , -.Xr BN_set_negative 3 -.Sh HISTORY -.Fn BN_add , -.Fn BN_sub , -.Fn BN_mul , -.Fn BN_sqr , -.Fn BN_div , -.Fn BN_mod , -.Fn BN_mod_mul , -.Fn BN_mod_exp , -and -.Fn BN_gcd -first appeared in SSLeay 0.5.1. -.Fn BN_exp -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -The -.Fa ctx -argument to -.Fn BN_mul -was added in SSLeay 0.9.1 and -.Ox 2.6 . -.Pp -.Fn BN_nnmod , -.Fn BN_mod_add , -.Fn BN_mod_sub , -and -.Fn BN_mod_sqr -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Sh BUGS -Even if the -.Dv BN_FLG_CONSTTIME -flag is set on -.Fa a -or -.Fa b , -.Fn BN_gcd -neither fails nor operates in constant time, potentially allowing -timing side-channel attacks. -.Pp -Even if the -.Dv BN_FLG_CONSTTIME -flag is set on -.Fa p , -if the modulus -.Fa m -is even, -.Fn BN_mod_exp -does not operate in constant time, potentially allowing -timing side-channel attacks. -.Pp -If -.Dv BN_FLG_CONSTTIME -is set on -.Fa p , -.Fn BN_exp -fails instead of operating in constant time. diff --git a/src/lib/libcrypto/man/BN_add_word.3 b/src/lib/libcrypto/man/BN_add_word.3 deleted file mode 100644 index 1156fe37a5..0000000000 --- a/src/lib/libcrypto/man/BN_add_word.3 +++ /dev/null @@ -1,173 +0,0 @@ -.\" $OpenBSD: BN_add_word.3,v 1.9 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2005 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt BN_ADD_WORD 3 -.Os -.Sh NAME -.Nm BN_add_word , -.Nm BN_sub_word , -.Nm BN_mul_word , -.Nm BN_div_word , -.Nm BN_mod_word -.Nd arithmetic functions on BIGNUMs with integers -.Sh SYNOPSIS -.In openssl/bn.h -.Ft int -.Fo BN_add_word -.Fa "BIGNUM *a" -.Fa "BN_ULONG w" -.Fc -.Ft int -.Fo BN_sub_word -.Fa "BIGNUM *a" -.Fa "BN_ULONG w" -.Fc -.Ft int -.Fo BN_mul_word -.Fa "BIGNUM *a" -.Fa "BN_ULONG w" -.Fc -.Ft BN_ULONG -.Fo BN_div_word -.Fa "BIGNUM *a" -.Fa "BN_ULONG w" -.Fc -.Ft BN_ULONG -.Fo BN_mod_word -.Fa "const BIGNUM *a" -.Fa "BN_ULONG w" -.Fc -.Sh DESCRIPTION -These functions perform arithmetic operations on BIGNUMs with unsigned -integers. -They are much more efficient than the normal BIGNUM arithmetic -operations. -.Pp -.Fn BN_add_word -adds -.Fa w -to -.Fa a -.Pq Li a+=w . -.Pp -.Fn BN_sub_word -subtracts -.Fa w -from -.Fa a -.Pq Li a-=w . -.Pp -.Fn BN_mul_word -multiplies -.Fa a -and -.Fa w -.Pq Li a*=w . -.Pp -.Fn BN_div_word -divides -.Fa a -by -.Fa w -.Pq Li a/=w -and returns the remainder. -.Pp -.Fn BN_mod_word -returns the remainder of -.Fa a -divided by -.Fa w -.Pq Li a%w . -.Pp -For -.Fn BN_div_word -and -.Fn BN_mod_word , -.Fa w -must not be 0. -.Sh RETURN VALUES -.Fn BN_add_word , -.Fn BN_sub_word , -and -.Fn BN_mul_word -return 1 for success or 0 on error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Pp -.Fn BN_mod_word -and -.Fn BN_div_word -return -.Fa a Ns % Ns Fa w -on success and -.Po Vt BN_ULONG Pc Ns -1 -if an error occurred. -.Sh SEE ALSO -.Xr BN_add 3 , -.Xr BN_new 3 -.Sh HISTORY -.Fn BN_add_word , -.Fn BN_div_word , -and -.Fn BN_mod_word -first appeared in SSLeay 0.5.1. -.Fn BN_sub_word -and -.Fn BN_mul_word -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -Before 0.9.8a, the return value for -.Fn BN_div_word -and -.Fn BN_mod_word -in case of an error was 0. diff --git a/src/lib/libcrypto/man/BN_bn2bin.3 b/src/lib/libcrypto/man/BN_bn2bin.3 deleted file mode 100644 index 9569d111b5..0000000000 --- a/src/lib/libcrypto/man/BN_bn2bin.3 +++ /dev/null @@ -1,324 +0,0 @@ -.\" $OpenBSD: BN_bn2bin.3,v 1.13 2019/06/10 14:58:48 schwarze Exp $ -.\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt BN_BN2BIN 3 -.Os -.Sh NAME -.Nm BN_bn2bin , -.Nm BN_bin2bn , -.Nm BN_bn2hex , -.Nm BN_bn2dec , -.Nm BN_hex2bn , -.Nm BN_dec2bn , -.Nm BN_asc2bn , -.Nm BN_print , -.Nm BN_print_fp , -.Nm BN_bn2mpi , -.Nm BN_mpi2bn -.Nd format conversions -.Sh SYNOPSIS -.In openssl/bn.h -.Ft int -.Fo BN_bn2bin -.Fa "const BIGNUM *a" -.Fa "unsigned char *to" -.Fc -.Ft BIGNUM * -.Fo BN_bin2bn -.Fa "const unsigned char *s" -.Fa "int len" -.Fa "BIGNUM *ret" -.Fc -.Ft char * -.Fo BN_bn2hex -.Fa "const BIGNUM *a" -.Fc -.Ft char * -.Fo BN_bn2dec -.Fa "const BIGNUM *a" -.Fc -.Ft int -.Fo BN_hex2bn -.Fa "BIGNUM **a" -.Fa "const char *str" -.Fc -.Ft int -.Fo BN_dec2bn -.Fa "BIGNUM **a" -.Fa "const char *str" -.Fc -.Ft int -.Fo BN_asc2bn -.Fa "BIGNUM **a" -.Fa "const char *str" -.Fc -.Ft int -.Fo BN_print -.Fa "BIO *fp" -.Fa "const BIGNUM *a" -.Fc -.Ft int -.Fo BN_print_fp -.Fa "FILE *fp" -.Fa "const BIGNUM *a" -.Fc -.Ft int -.Fo BN_bn2mpi -.Fa "const BIGNUM *a" -.Fa "unsigned char *to" -.Fc -.Ft BIGNUM * -.Fo BN_mpi2bn -.Fa "unsigned char *s" -.Fa "int len" -.Fa "BIGNUM *ret" -.Fc -.Sh DESCRIPTION -.Fn BN_bn2bin -converts the absolute value of -.Fa a -into big-endian form and stores it at -.Fa to . -.Fa to -must point to -.Fn BN_num_bytes a -bytes of memory. -.Pp -.Fn BN_bin2bn -converts the positive integer in big-endian form of length -.Fa len -at -.Fa s -into a -.Vt BIGNUM -and places it in -.Fa ret . -If -.Fa ret -is -.Dv NULL , -a new -.Vt BIGNUM -is created. -.Pp -.Fn BN_bn2hex -and -.Fn BN_bn2dec -return printable strings containing the hexadecimal and decimal encoding of -.Fa a -respectively. -For negative numbers, the string is prefaced with a leading minus sign. -The string must be freed later using -.Xr free 3 . -.Pp -.Fn BN_hex2bn -interprets -.Fa str -as a hexadecimal number. -The string may start with a minus sign -.Pq Sq - . -Conversion stops at the first byte that is not a hexadecimal digit. -The number is converted to a -.Vt BIGNUM -and stored in -.Pf * Fa a . -If -.Pf * Fa a -is -.Dv NULL , -a new -.Vt BIGNUM -is created. -If -.Fa a -is -.Dv NULL , -it only computes the number's length in hexadecimal digits, -also counting the leading minus sign if there is one. -A "negative zero" is converted to zero. -.Fn BN_dec2bn -is the same using the decimal system. -.Fn BN_asc2bn -infers the number base from an optional prefix. -If -.Fa str -starts with -.Qq 0x -or -.Qq 0X , -it calls -.Fn BN_hex2bn , -otherwise -.Fn BN_dec2bn . -If the number is negative, the minus sign can be given before or -after the prefix. -.Pp -.Fn BN_print -and -.Fn BN_print_fp -write the hexadecimal encoding of -.Fa a , -with a leading minus sign for negative numbers, to the -.Vt BIO -or -.Vt FILE -.Fa fp . -.Pp -.Fn BN_bn2mpi -and -.Fn BN_mpi2bn -convert -.Vt BIGNUM Ns s -from and to a format that consists of the number's length in bytes -represented as a 4-byte big-endian number, and the number itself in -big-endian format, where the most significant bit signals a negative -number (the representation of numbers with the MSB set is prefixed with -a NUL byte). -.Pp -.Fn BN_bn2mpi -stores the representation of -.Fa a -at -.Fa to , -where -.Fa to -must be large enough to hold the result. -The size can be determined by calling -.Fn BN_bn2mpi a NULL . -.Pp -.Fn BN_mpi2bn -converts the -.Fa len -bytes long representation at -.Fa s -to a -.Vt BIGNUM -and stores it at -.Fa ret , -or in a newly allocated -.Vt BIGNUM -if -.Fa ret -is -.Dv NULL . -.Sh RETURN VALUES -.Fn BN_bn2bin -returns the length of the big-endian number placed at -.Fa to . -.Fn BN_bin2bn -returns the -.Vt BIGNUM , -or -.Dv NULL -on error. -.Pp -.Fn BN_bn2hex -and -.Fn BN_bn2dec -return a NUL-terminated string, or -.Dv NULL -on error. -.Fn BN_hex2bn -and -.Fn BN_dec2bn -return the number's length in hexadecimal or decimal digits, -also counting the leading minus sign if there is one, -or 0 on error, in which case no new -.Vt BIGNUM -is created. -.Fn BN_asc2bn -returns 1 on success or 0 on error, in which case no new -.Vt BIGNUM -is created. -.Pp -.Fn BN_print_fp -and -.Fn BN_print -return 1 on success, 0 on write errors. -.Pp -.Fn BN_bn2mpi -returns the length of the representation. -.Fn BN_mpi2bn -returns the -.Vt BIGNUM , -or -.Dv NULL -on error. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_new 3 , -.Xr BN_num_bytes 3 , -.Xr BN_zero 3 -.Sh HISTORY -.Fn BN_bn2bin , -.Fn BN_bin2bn , -and -.Fn BN_print -first appeared in SSLeay 0.5.1. -.Fn BN_print_fp -first appeared in SSLeay 0.6.0. -.Fn BN_bn2hex , -.Fn BN_bn2dec , -.Fn BN_hex2bn , -.Fn BN_dec2bn , -.Fn BN_bn2mpi , -and -.Fn BN_mpi2bn -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn BN_asc2bin -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/BN_cmp.3 b/src/lib/libcrypto/man/BN_cmp.3 deleted file mode 100644 index 9e2baa2427..0000000000 --- a/src/lib/libcrypto/man/BN_cmp.3 +++ /dev/null @@ -1,151 +0,0 @@ -.\" $OpenBSD: BN_cmp.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt BN_CMP 3 -.Os -.Sh NAME -.Nm BN_cmp , -.Nm BN_ucmp , -.Nm BN_is_zero , -.Nm BN_is_one , -.Nm BN_is_word , -.Nm BN_is_odd -.Nd BIGNUM comparison and test functions -.Sh SYNOPSIS -.In openssl/bn.h -.Ft int -.Fo BN_cmp -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fc -.Ft int -.Fo BN_ucmp -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fc -.Ft int -.Fo BN_is_zero -.Fa "BIGNUM *a" -.Fc -.Ft int -.Fo BN_is_one -.Fa "BIGNUM *a" -.Fc -.Ft int -.Fo BN_is_word -.Fa "BIGNUM *a" -.Fa "BN_ULONG w" -.Fc -.Ft int -.Fo BN_is_odd -.Fa "BIGNUM *a" -.Fc -.Sh DESCRIPTION -.Fn BN_cmp -compares the numbers -.Fa a -and -.Fa b . -.Fn BN_ucmp -compares their absolute values. -.Pp -.Fn BN_is_zero , -.Fn BN_is_one -and -.Fn BN_is_word -test if -.Fa a -equals 0, 1, or -.Fa w -respectively. -.Fn BN_is_odd -tests if a is odd. -.Pp -.Fn BN_is_zero , -.Fn BN_is_one , -.Fn BN_is_word , -and -.Fn BN_is_odd -are macros. -.Sh RETURN VALUES -.Fn BN_cmp -returns -1 if -.Fa a Ns < Ns Fa b , -0 if -.Fa a Ns == Ns Fa b , -and 1 if -.Fa a Ns > Ns Fa b . -.Fn BN_ucmp -is the same using the absolute values of -.Fa a -and -.Fa b . -.Pp -.Fn BN_is_zero , -.Fn BN_is_one , -.Fn BN_is_word , -and -.Fn BN_is_odd -return 1 if the condition is true, 0 otherwise. -.Sh SEE ALSO -.Xr BN_new 3 -.Sh HISTORY -.Fn BN_cmp , -.Fn BN_ucmp , -.Fn BN_is_zero , -.Fn BN_is_one , -and -.Fn BN_is_word -first appeared in SSLeay 0.5.1. -.Fn BN_is_odd -first appeared in SSLeay 0.8.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BN_copy.3 b/src/lib/libcrypto/man/BN_copy.3 deleted file mode 100644 index 956b368dec..0000000000 --- a/src/lib/libcrypto/man/BN_copy.3 +++ /dev/null @@ -1,165 +0,0 @@ -.\" $OpenBSD: BN_copy.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller -.\" and Matt Caswell . -.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt BN_COPY 3 -.Os -.Sh NAME -.Nm BN_copy , -.Nm BN_dup , -.Nm BN_with_flags -.Nd copy BIGNUMs -.Sh SYNOPSIS -.In openssl/bn.h -.Ft BIGNUM * -.Fo BN_copy -.Fa "BIGNUM *to" -.Fa "const BIGNUM *from" -.Fc -.Ft BIGNUM * -.Fo BN_dup -.Fa "const BIGNUM *from" -.Fc -.Ft void -.Fo BN_with_flags -.Fa "BIGNUM *dest" -.Fa "const BIGNUM *b" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn BN_copy -copies -.Fa from -to -.Fa to . -.Pp -.Fn BN_dup -creates a new -.Vt BIGNUM -containing the value -.Fa from . -.Pp -.Fn BN_with_flags -creates a -.Em temporary -shallow copy of -.Fa b -in -.Fa dest . -It places significant restrictions on the copied data. -Applications that do not adhere to these restrictions -may encounter unexpected side effects or crashes. -For that reason, use of this macro is discouraged. -.Pp -Any flags provided in -.Fa flags -will be set in -.Fa dest -in addition to any flags already set in -.Fa b . -For example, this can be used to create a temporary copy of a -.Vt BIGNUM -with the -.Dv BN_FLG_CONSTTIME -flag set for constant time operations. -.Pp -The temporary copy in -.Fa dest -will share some internal state with -.Fa b . -For this reason, the following restrictions apply to the use of -.Fa dest : -.Bl -bullet -.It -.Fa dest -should be a newly allocated -.Vt BIGNUM -obtained via a call to -.Xr BN_new 3 . -It should not have been used for other purposes or initialised in any way. -.It -.Fa dest -must only be used in "read-only" operations, i.e. typically those -functions where the relevant parameter is declared "const". -.It -.Fa dest -must be used and freed before any further subsequent use of -.Fa b . -.El -.Sh RETURN VALUES -.Fn BN_copy -returns -.Fa to -on success or -.Dv NULL -on error. -.Fn BN_dup -returns the new -.Vt BIGNUM -or -.Dv NULL -on error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_new 3 , -.Xr BN_set_flags 3 -.Sh HISTORY -.Fn BN_copy -and -.Fn BN_dup -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn BN_with_flags -first appeared in OpenSSL 0.9.7h and 0.9.8a -and has been available since -.Ox 4.0 . diff --git a/src/lib/libcrypto/man/BN_generate_prime.3 b/src/lib/libcrypto/man/BN_generate_prime.3 deleted file mode 100644 index 764ea6f873..0000000000 --- a/src/lib/libcrypto/man/BN_generate_prime.3 +++ /dev/null @@ -1,435 +0,0 @@ -.\" $OpenBSD: BN_generate_prime.3,v 1.19 2020/06/24 18:15:00 jmc Exp $ -.\" full merge up to: OpenSSL f987a4dd Jun 27 10:12:08 2019 +0200 -.\" -.\" This file was written by Ulf Moeller -.\" Bodo Moeller , and Matt Caswell . -.\" Copyright (c) 2000, 2003, 2013, 2014, 2018 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt BN_GENERATE_PRIME 3 -.Os -.Sh NAME -.Nm BN_generate_prime_ex , -.Nm BN_is_prime_ex , -.Nm BN_is_prime_fasttest_ex , -.Nm BN_GENCB_call , -.Nm BN_GENCB_new , -.Nm BN_GENCB_free , -.Nm BN_GENCB_set_old , -.Nm BN_GENCB_set , -.Nm BN_GENCB_get_arg , -.Nm BN_generate_prime , -.Nm BN_is_prime , -.Nm BN_is_prime_fasttest -.Nd generate primes and test for primality -.Sh SYNOPSIS -.In openssl/bn.h -.Ft int -.Fo BN_generate_prime_ex -.Fa "BIGNUM *ret" -.Fa "int bits" -.Fa "int safe" -.Fa "const BIGNUM *add" -.Fa "const BIGNUM *rem" -.Fa "BN_GENCB *cb" -.Fc -.Ft int -.Fo BN_is_prime_ex -.Fa "const BIGNUM *p" -.Fa "int nchecks" -.Fa "BN_CTX *ctx" -.Fa "BN_GENCB *cb" -.Fc -.Ft int -.Fo BN_is_prime_fasttest_ex -.Fa "const BIGNUM *p" -.Fa "int nchecks" -.Fa "BN_CTX *ctx" -.Fa "int do_trial_division" -.Fa "BN_GENCB *cb" -.Fc -.Ft int -.Fo BN_GENCB_call -.Fa "BN_GENCB *cb" -.Fa "int a" -.Fa "int b" -.Fc -.Ft BN_GENCB * -.Fn BN_GENCB_new void -.Ft void -.Fo BN_GENCB_free -.Fa "BN_GENCB *cb" -.Fc -.Ft void -.Fo BN_GENCB_set_old -.Fa "BN_GENCB *gencb" -.Fa "void (*callback)(int, int, void *)" -.Fa "void *cb_arg" -.Fc -.Ft void -.Fo BN_GENCB_set -.Fa "BN_GENCB *gencb" -.Fa "int (*callback)(int, int, BN_GENCB *)" -.Fa "void *cb_arg" -.Fc -.Ft void * -.Fo BN_GENCB_get_arg -.Fa "BN_GENCB *cb" -.Fc -.Pp -Deprecated: -.Pp -.Ft BIGNUM * -.Fo BN_generate_prime -.Fa "BIGNUM *ret" -.Fa "int num" -.Fa "int safe" -.Fa "BIGNUM *add" -.Fa "BIGNUM *rem" -.Fa "void (*callback)(int, int, void *)" -.Fa "void *cb_arg" -.Fc -.Ft int -.Fo BN_is_prime -.Fa "const BIGNUM *a" -.Fa "int checks" -.Fa "void (*callback)(int, int, void *)" -.Fa "BN_CTX *ctx" -.Fa "void *cb_arg" -.Fc -.Ft int -.Fo BN_is_prime_fasttest -.Fa "const BIGNUM *a" -.Fa "int checks" -.Fa "void (*callback)(int, int, void *)" -.Fa "BN_CTX *ctx" -.Fa "void *cb_arg" -.Fa "int do_trial_division" -.Fc -.Sh DESCRIPTION -.Fn BN_generate_prime_ex -generates a pseudo-random prime number of at least bit length -.Fa bits . -The returned number is probably prime, but there is a very small -probability of returning a non-prime number. -If -.Fa ret -is not -.Dv NULL , -it will be used to store the number. -.Pp -If -.Fa cb -is not -.Dv NULL , -it is used as follows: -.Bl -bullet -.It -.Fn BN_GENCB_call cb 0 i -is called after generating the i-th potential prime number. -.It -While the number is being tested for primality, -.Fn BN_GENCB_call cb 1 j -is called as described below. -.It -When a prime has been found, -.Fn BN_GENCB_call cb 2 i -is called. -.It -The callers of -.Fn BN_generate_prime_ex -may call -.Fn BN_GENCB_call -with other values as described in their respective manual pages; see -.Sx SEE ALSO . -.El -.Pp -The prime may have to fulfill additional requirements for use in -Diffie-Hellman key exchange: -.Pp -If -.Fa add -is not -.Dv NULL , -the prime will fulfill the condition p % -.Fa add -== -.Fa rem -(p % -.Fa add -== 1 if -.Fa rem -== -.Dv NULL ) -in order to suit a given generator. -.Pp -If -.Fa safe -is true, it will be a safe prime (i.e. a prime p so that (p-1)/2 -is also prime). -.Pp -.Fn BN_is_prime_ex -and -.Fn BN_is_prime_fasttest_ex -test if the number -.Fa p -is prime. -The following tests are performed until one of them shows that -.Fa p -is composite; if -.Fa p -passes all these tests, it is considered prime. -.Pp -.Fn BN_is_prime_fasttest_ex , -when called with -.Fa do_trial_division -== 1, first attempts trial division by a number of small primes; -if no divisors are found by this test and -.Fa cb -is not -.Dv NULL , -.Sy BN_GENCB_call(cb, 1, -1) -is called. -If -.Fa do_trial_division -== 0, this test is skipped. -.Pp -Both -.Fn BN_is_prime_ex -and -.Fn BN_is_prime_fasttest_ex -perform a Miller-Rabin probabilistic primality test with -.Fa nchecks -iterations. -If -.Fa nchecks -== -.Dv BN_prime_checks , -a number of iterations is used that yields a false positive rate -of at most 2\(ha-64 for random input. -The error rate depends on the size of the prime -and goes down for bigger primes. -The rate is 2\(ha-80 starting at 308 bits, 2\(ha-112 at 852 bits, -2\(ha-128 at 1080 bits, 2\(ha-192 at 3747 bits -and 2\(ha-256 at 6394 bits. -.Pp -When the source of the prime is not random or not trusted, the -number of checks needs to be much higher to reach the same level -of assurance: It should equal half of the targeted security level -in bits (rounded up to the next integer if necessary). -For instance, to reach the 128-bit security level, -.Fa nchecks -should be set to 64. -.Pp -If -.Fa cb -is not -.Dv NULL , -.Fa BN_GENCB_call cb 1 j -is called after the j-th iteration (j = 0, 1, ...). -.Fa ctx -is a pre-allocated -.Vt BN_CTX -(to save the overhead of allocating and freeing the structure in a -loop), or -.Dv NULL . -.Pp -.Fn BN_GENCB_call -calls the callback function held in the -.Vt BN_GENCB -structure and passes the ints -.Fa a -and -.Fa b -as arguments. -There are two types of -.Vt BN_GENCB -structures that are supported: "new" style and "old" style. -New programs should prefer the "new" style, whilst the "old" style is -provided for backwards compatibility purposes. -.Pp -A -.Vt BN_GENCB -structure should be created through a call to -.Fn BN_GENCB_new -and freed through a call to -.Fn BN_GENCB_free . -.Pp -For "new" style callbacks a -.Vt BN_GENCB -structure should be initialised with a call to -.Fn BN_GENCB_set , -where -.Fa gencb -is a -.Vt BN_GENCB * , -.Fa callback -is of type -.Vt int (*callback)(int, int, BN_GENCB *) -and -.Fa cb_arg -is a -.Vt void * . -"Old" style callbacks are the same except they are initialised with a -call to -.Fn BN_GENCB_set_old -and -.Fa callback -is of type -.Vt void (*callback)(int, int, void *) . -.Pp -A callback is invoked through a call to -.Fn BN_GENCB_call . -This will check the type of the callback and will invoke -.Fn callback a b gencb -for new style callbacks or -.Fn callback a b cb_arg -for old style. -.Pp -It is possible to obtain the argument associated with a -.Vt BN_GENCB -structure (set via a call to -.Fn BN_GENCB_set -or -.Fn BN_GENCB_set_old ) -using -.Fn BN_GENCB_get_arg . -.Pp -.Fn BN_generate_prime -(deprecated) works in the same way as -.Fn BN_generate_prime_ex -but expects an old style callback function directly in the -.Fa callback -parameter, and an argument to pass to it in the -.Fa cb_arg . -Similarly -.Fn BN_is_prime -and -.Fn BN_is_prime_fasttest -are deprecated and can be compared to -.Fn BN_is_prime_ex -and -.Fn BN_is_prime_fasttest_ex -respectively. -.Sh RETURN VALUES -.Fn BN_generate_prime_ex -returns 1 on success or 0 on error. -.Pp -.Fn BN_is_prime_ex , -.Fn BN_is_prime_fasttest_ex , -.Fn BN_is_prime , -and -.Fn BN_is_prime_fasttest -return 0 if the number is composite, 1 if it is prime with an error -probability of less than -.Pf 0.25^ Fa nchecks , -and -1 on error. -.Pp -.Fn BN_generate_prime -returns the prime number on success, -.Dv NULL -otherwise. -.Pp -.Fn BN_GENCB_new -returns a pointer to a -.Vt BN_GENCB -structure on success, or -.Dv NULL -otherwise. -.Pp -.Fn BN_GENCB_get_arg -returns the argument previously associated with a -.Vt BN_GENCB -structure. -.Pp -Callback functions should return 1 on success or 0 on error. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_new 3 , -.Xr DH_generate_parameters 3 , -.Xr DSA_generate_parameters 3 , -.Xr RSA_generate_key 3 -.Sh HISTORY -.Fn BN_generate_prime -and -.Fn BN_is_prime -first appeared in SSLeay 0.5.1 and had their -.Fa cb_arg -argument added in SSLeay 0.9.0. -These two functions have been available since -.Ox 2.4 . -.Pp -The -.Fa ret -argument to -.Fn BN_generate_prime -was added in SSLeay 0.9.1 and -.Ox 2.6 . -.Pp -.Fn BN_is_prime_fasttest -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn BN_generate_prime_ex , -.Fn BN_is_prime_ex , -.Fn BN_is_prime_fasttest_ex , -.Fn BN_GENCB_call , -.Fn BN_GENCB_set_old , -and -.Fn BN_GENCB_set -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn BN_GENCB_new , -.Fn BN_GENCB_free , -and -.Fn BN_GENCB_get_arg -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/BN_get0_nist_prime_521.3 b/src/lib/libcrypto/man/BN_get0_nist_prime_521.3 deleted file mode 100644 index eb95c42210..0000000000 --- a/src/lib/libcrypto/man/BN_get0_nist_prime_521.3 +++ /dev/null @@ -1,89 +0,0 @@ -.\" $OpenBSD: BN_get0_nist_prime_521.3,v 1.5 2018/03/23 00:09:11 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Rich Salz . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt BN_GET0_NIST_PRIME_521 3 -.Os -.Sh NAME -.Nm BN_get0_nist_prime_192 , -.Nm BN_get0_nist_prime_224 , -.Nm BN_get0_nist_prime_256 , -.Nm BN_get0_nist_prime_384 , -.Nm BN_get0_nist_prime_521 -.Nd create standardized public primes or DH pairs -.Sh SYNOPSIS -.In openssl/bn.h -.Ft const BIGNUM * -.Fn BN_get0_nist_prime_192 void -.Ft const BIGNUM * -.Fn BN_get0_nist_prime_224 void -.Ft const BIGNUM * -.Fn BN_get0_nist_prime_256 void -.Ft const BIGNUM * -.Fn BN_get0_nist_prime_384 void -.Ft const BIGNUM * -.Fn BN_get0_nist_prime_521 void -.Sh DESCRIPTION -The -.Fn BN_get0_nist_prime_192 , -.Fn BN_get0_nist_prime_224 , -.Fn BN_get0_nist_prime_256 , -.Fn BN_get0_nist_prime_384 , -and -.Fn BN_get0_nist_prime_521 -functions return a -.Vt BIGNUM -for the specific NIST prime curve (e.g. P-256). -.Sh SEE ALSO -.Xr BN_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.8 -and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/BN_mod_inverse.3 b/src/lib/libcrypto/man/BN_mod_inverse.3 deleted file mode 100644 index aa509b1ab6..0000000000 --- a/src/lib/libcrypto/man/BN_mod_inverse.3 +++ /dev/null @@ -1,123 +0,0 @@ -.\" $OpenBSD: BN_mod_inverse.3,v 1.10 2018/04/29 15:58:21 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: April 29 2018 $ -.Dt BN_MOD_INVERSE 3 -.Os -.Sh NAME -.Nm BN_mod_inverse -.Nd compute inverse modulo n -.Sh SYNOPSIS -.In openssl/bn.h -.Ft BIGNUM * -.Fo BN_mod_inverse -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "const BIGNUM *n" -.Fa "BN_CTX *ctx" -.Fc -.Sh DESCRIPTION -.Fn BN_mod_inverse -computes the inverse of -.Fa a -modulo -.Fa n -and places the result in -.Fa r -.Pq Li (a*r)%n==1 . -If -.Fa r -is -.Dv NULL , -a new -.Vt BIGNUM -is created. -.Pp -If the flag -.Dv BN_FLG_CONSTTIME -is set on -.Fa a -or -.Fa n , -it operates in constant time. -.Pp -.Fa ctx -is a previously allocated -.Vt BN_CTX -used for temporary variables. -.Fa r -may be the same -.Vt BIGNUM -as -.Fa a -or -.Fa n . -.Sh RETURN VALUES -.Fn BN_mod_inverse -returns the -.Vt BIGNUM -containing the inverse, or -.Dv NULL -on error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_add 3 , -.Xr BN_new 3 , -.Xr BN_set_flags 3 -.Sh HISTORY -.Fn BN_mod_inverse -first appeared in SSLeay 0.5.1 and has been available since -.Ox 2.4 . -.Pp -The -.Fa r -argument was added in SSLeay 0.9.1 and -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/src/lib/libcrypto/man/BN_mod_mul_montgomery.3 deleted file mode 100644 index 8feed711cd..0000000000 --- a/src/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ /dev/null @@ -1,252 +0,0 @@ -.\" $OpenBSD: BN_mod_mul_montgomery.3,v 1.11 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt BN_MOD_MUL_MONTGOMERY 3 -.Os -.Sh NAME -.Nm BN_MONT_CTX_new , -.Nm BN_MONT_CTX_init , -.Nm BN_MONT_CTX_free , -.Nm BN_MONT_CTX_set , -.Nm BN_MONT_CTX_copy , -.Nm BN_mod_mul_montgomery , -.Nm BN_from_montgomery , -.Nm BN_to_montgomery -.Nd Montgomery multiplication -.Sh SYNOPSIS -.In openssl/bn.h -.Ft BN_MONT_CTX * -.Fo BN_MONT_CTX_new -.Fa void -.Fc -.Ft void -.Fo BN_MONT_CTX_init -.Fa "BN_MONT_CTX *ctx" -.Fc -.Ft void -.Fo BN_MONT_CTX_free -.Fa "BN_MONT_CTX *mont" -.Fc -.Ft int -.Fo BN_MONT_CTX_set -.Fa "BN_MONT_CTX *mont" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fc -.Ft BN_MONT_CTX * -.Fo BN_MONT_CTX_copy -.Fa "BN_MONT_CTX *to" -.Fa "BN_MONT_CTX *from" -.Fc -.Ft int -.Fo BN_mod_mul_montgomery -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fa "BN_MONT_CTX *mont" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_from_montgomery -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BN_MONT_CTX *mont" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_to_montgomery -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BN_MONT_CTX *mont" -.Fa "BN_CTX *ctx" -.Fc -.Sh DESCRIPTION -These functions implement Montgomery multiplication. -They are used automatically when -.Xr BN_mod_exp 3 -is called with suitable input, but they may be useful when several -operations are to be performed using the same modulus. -.Pp -.Fn BN_MONT_CTX_new -allocates and initializes a -.Vt BN_MONT_CTX -structure. -.Pp -.Fn BN_MONT_CTX_init -initializes an existing uninitialized -.Vt BN_MONT_CTX . -It is deprecated and dangerous: see -.Sx CAVEATS . -.Pp -.Fn BN_MONT_CTX_set -sets up the -.Fa mont -structure from the modulus -.Fa m -by precomputing its inverse and a value R. -.Pp -.Fn BN_MONT_CTX_copy -copies the -.Vt BN_MONT_CTX -.Fa from -to -.Fa to . -.Pp -.Fn BN_MONT_CTX_free -frees the components of the -.Vt BN_MONT_CTX , -and, if it was created by -.Fn BN_MONT_CTX_new , -also the structure itself. -If -.Fa mont -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn BN_mod_mul_montgomery -computes -.Pp -.D1 Mont Ns Po Fa a , Fa b Pc := Fa a No * Fa b No * R^-1 -.Pp -and places the result in -.Fa r . -.Pp -.Fn BN_from_montgomery -performs the Montgomery reduction -.Pp -.D1 Fa r No = Fa a No * R^-1 -.Pp -.Fn BN_to_montgomery -computes -.Pp -.D1 Mont Ns Po Fa a , No R^2 Pc = Fa a No * R -.Pp -Note that -.Fa a -must be non-negative and smaller than the modulus. -.Pp -For all functions, -.Fa ctx -is a previously allocated -.Vt BN_CTX -used for temporary variables. -.Pp -The -.Vt BN_MONT_CTX -structure is defined as follows: -.Bd -literal -typedef struct bn_mont_ctx_st { - int ri; /* number of bits in R */ - BIGNUM RR; /* R^2 (used to convert to Montgomery form) */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 - * (Ni is only stored for bignum algorithm) */ - BN_ULONG n0; /* least significant word of Ni */ - int flags; -} BN_MONT_CTX; -.Ed -.Pp -.Fn BN_to_montgomery -is a macro. -.Pp -.Sy Warning : -The inputs must be reduced modulo -.Fa m , -otherwise the result will be outside the expected range. -.Sh RETURN VALUES -.Fn BN_MONT_CTX_new -returns the newly allocated -.Vt BN_MONT_CTX -or -.Dv NULL -on error. -.Pp -For the other functions, 1 is returned for success or 0 on error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_add 3 , -.Xr BN_CTX_new 3 , -.Xr BN_new 3 -.Sh HISTORY -.Fn BN_MONT_CTX_new , -.Fn BN_MONT_CTX_free , -.Fn BN_MONT_CTX_set , -.Fn BN_mod_mul_montgomery , -.Fn BN_from_montgomery , -and -.Fn BN_to_montgomery -first appeared in SSLeay 0.6.1 and have been available since -.Ox 2.4 . -.Pp -.Fn BN_MONT_CTX_init -and -.Fn BN_MONT_CTX_copy -first appeared in SSLeay 0.9.1 and have been available since -.Ox 2.6 . -.Sh CAVEATS -.Fn BN_MONT_CTX_init -must not be called on a context that was used previously, or -memory used by the embedded -.Vt BIGNUM -structures is leaked immediately. -Besides, it must not be called on a context created with -.Fn BN_MONT_CTX_new , -or the context itself will likely be leaked later. -It can only be used on a static -.Vt BN_MONT_CTX -structure, on one located on the stack, or on one -.Xr malloc 3 Ap ed -manually, but all these options are discouraged because they -will no longer work once -.Vt BN_MONT_CTX -is made opaque. diff --git a/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3 deleted file mode 100644 index 9ace357652..0000000000 --- a/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ /dev/null @@ -1,229 +0,0 @@ -.\" $OpenBSD: BN_mod_mul_reciprocal.3,v 1.10 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt BN_MOD_MUL_RECIPROCAL 3 -.Os -.Sh NAME -.Nm BN_mod_mul_reciprocal , -.Nm BN_RECP_CTX_new , -.Nm BN_RECP_CTX_init , -.Nm BN_RECP_CTX_free , -.Nm BN_RECP_CTX_set , -.Nm BN_div_recp -.Nd modular multiplication using reciprocal -.Sh SYNOPSIS -.In openssl/bn.h -.Ft int -.Fo BN_mod_mul_reciprocal -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fa "BN_RECP_CTX *recp" -.Fa "BN_CTX *ctx" -.Fc -.Ft BN_RECP_CTX * -.Fo BN_RECP_CTX_new -.Fa void -.Fc -.Ft void -.Fo BN_RECP_CTX_init -.Fa "BN_RECP_CTX *recp" -.Fc -.Ft void -.Fo BN_RECP_CTX_free -.Fa "BN_RECP_CTX *recp" -.Fc -.Ft int -.Fo BN_RECP_CTX_set -.Fa "BN_RECP_CTX *recp" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo BN_div_recp -.Fa "BIGNUM *dv" -.Fa "BIGNUM *rem" -.Fa "BIGNUM *a" -.Fa "BN_RECP_CTX *recp" -.Fa "BN_CTX *ctx" -.Fc -.Sh DESCRIPTION -.Fn BN_mod_mul_reciprocal -can be used to perform an efficient -.Xr BN_mod_mul 3 -operation when the operation will be performed repeatedly with the same -modulus. -It computes -.Fa r Ns =( Ns Fa a Ns * Ns Fa b Ns )% Ns Fa m -using -.Fa recp Ns =1/ Ns Fa m , -which is set as described below. -.Fa ctx -is a previously allocated -.Vt BN_CTX -used for temporary variables. -.Pp -.Fn BN_RECP_CTX_new -allocates and initializes a -.Vt BN_RECP_CTX -structure. -.Pp -.Fn BN_RECP_CTX_init -initializes an existing uninitialized -.Vt BN_RECP_CTX . -It is deprecated and dangerous: see -.Sx CAVEATS . -.Pp -.Fn BN_RECP_CTX_free -frees the components of the -.Vt BN_RECP_CTX , -and, if it was created by -.Fn BN_RECP_CTX_new , -also the structure itself. -If -.Fa recp -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn BN_RECP_CTX_set -stores -.Fa m -in -.Fa recp -and sets it up for computing -.Pf 1/ Fa m -and shifting it left by -.Fn BN_num_bits m Ns +1 -to make it an integer. -The result and the number of bits it was shifted left will later be -stored in -.Fa recp . -.Pp -.Fn BN_div_recp -divides -.Fa a -by -.Fa m -using -.Fa recp . -It places the quotient in -.Fa dv -and the remainder in -.Fa rem . -.Pp -The -.Vt BN_RECP_CTX -structure is defined as follows: -.Bd -literal -typedef struct bn_recp_ctx_st { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ - int num_bits; - int shift; - int flags; -} BN_RECP_CTX; -.Ed -.Pp -It cannot be shared between threads. -.Sh RETURN VALUES -.Fn BN_RECP_CTX_new -returns the newly allocated -.Vt BN_RECP_CTX -or -.Dv NULL -on error. -.Pp -For the other functions, 1 is returned for success or 0 on error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_add 3 , -.Xr BN_CTX_new 3 , -.Xr BN_new 3 -.Sh HISTORY -.Fn BN_mod_mul_reciprocal -first appeared in SSLeay 0.5.1 and has been available since -.Ox 2.4 . -.Pp -.Vt BN_RECP_CTX -was added in SSLeay 0.9.0. -Before that, a function -.Fn BN_reciprocal -was used instead, and the -.Fn BN_mod_mul_reciprocal -arguments were different. -.Pp -.Fn BN_RECP_CTX_new , -.Fn BN_RECP_CTX_init , -.Fn BN_RECP_CTX_free , -.Fn BN_RECP_CTX_set , -and -.Fn BN_div_recp -first appeared in SSLeay 0.9.1 and have been available since -.Ox 2.6 . -.Sh CAVEATS -.Fn BN_RECP_CTX_init -must not be called on a context that was used previously, or -memory used by the embedded -.Vt BIGNUM -structures is leaked immediately. -Besides, it must not be called on a context created with -.Fn BN_RECP_CTX_new , -or the context itself will likely be leaked later. -It can only be used on a static -.Vt BN_RECP_CTX -structure, on one located on the stack, or on one -.Xr malloc 3 Ap ed -manually, but all these options are discouraged because they -will no longer work once -.Vt BN_RECP_CTX -is made opaque. diff --git a/src/lib/libcrypto/man/BN_new.3 b/src/lib/libcrypto/man/BN_new.3 deleted file mode 100644 index bb637a974f..0000000000 --- a/src/lib/libcrypto/man/BN_new.3 +++ /dev/null @@ -1,203 +0,0 @@ -.\" $OpenBSD: BN_new.3,v 1.16 2019/06/10 09:49:48 schwarze Exp $ -.\" full merge up to: OpenSSL man3/BN_new 2457c19d Mar 6 08:43:36 2004 +0000 -.\" selective merge up to: man3/BN_new 681acb31 Sep 29 13:10:34 2017 +0200 -.\" full merge up to: OpenSSL man7/bn 05ea606a May 20 20:52:46 2016 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2004 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt BN_NEW 3 -.Os -.Sh NAME -.Nm BN_new , -.Nm BN_init , -.Nm BN_clear , -.Nm BN_free , -.Nm BN_clear_free -.Nd allocate and free BIGNUMs -.Sh SYNOPSIS -.In openssl/bn.h -.Ft BIGNUM * -.Fo BN_new -.Fa void -.Fc -.Ft void -.Fo BN_init -.Fa "BIGNUM *" -.Fc -.Ft void -.Fo BN_clear -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo BN_free -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo BN_clear_free -.Fa "BIGNUM *a" -.Fc -.Sh DESCRIPTION -The BN library performs arithmetic operations on integers of arbitrary -size. -It was written for use in public key cryptography, such as RSA and -Diffie-Hellman. -.Pp -It uses dynamic memory allocation for storing its data structures. -That means that there is no limit on the size of the numbers manipulated -by these functions, but return values must always be checked in case a -memory allocation error has occurred. -.Pp -The basic object in this library is a -.Vt BIGNUM . -It is used to hold a single large integer. -This type should be considered opaque and fields should not be modified -or accessed directly. -.Pp -.Fn BN_new -allocates and initializes a -.Vt BIGNUM -structure, in particular setting the value to zero and the flags to -.Dv BN_FLG_MALLOCED . -The security-relevant flag -.Dv BN_FLG_CONSTTIME -is not set by default. -.Pp -.Fn BN_init -initializes an existing uninitialized -.Vt BIGNUM . -It is deprecated and dangerous: see -.Sx CAVEATS . -.Pp -.Fn BN_clear -is used to destroy sensitive data such as keys when they are no longer -needed. -It erases the memory used by -.Fa a -and sets it to the value 0. -.Pp -.Fn BN_free -frees the components of the -.Vt BIGNUM -and, if it was created by -.Fn BN_new , -also the structure itself. -.Fn BN_clear_free -additionally overwrites the data before the memory is returned to the -system. -If -.Fa a -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -.Fn BN_new -returns a pointer to the -.Vt BIGNUM . -If the allocation fails, it returns -.Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_add 3 , -.Xr BN_add_word 3 , -.Xr BN_BLINDING_new 3 , -.Xr BN_bn2bin 3 , -.Xr BN_cmp 3 , -.Xr BN_copy 3 , -.Xr BN_CTX_new 3 , -.Xr BN_CTX_start 3 , -.Xr BN_generate_prime 3 , -.Xr BN_get0_nist_prime_521 3 , -.Xr BN_mod_inverse 3 , -.Xr BN_mod_mul_montgomery 3 , -.Xr BN_mod_mul_reciprocal 3 , -.Xr BN_num_bytes 3 , -.Xr BN_rand 3 , -.Xr BN_set_bit 3 , -.Xr BN_set_flags 3 , -.Xr BN_set_negative 3 , -.Xr BN_swap 3 , -.Xr BN_zero 3 , -.Xr crypto 3 , -.Xr get_rfc3526_prime_8192 3 -.Sh HISTORY -.Fn BN_new , -.Fn BN_clear , -.Fn BN_free , -and -.Fn BN_clear_free -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn BN_init -first appeared in SSLeay 0.9.1 and has been available since -.Ox 2.6 . -.Sh CAVEATS -.Fn BN_init -must not be called on a -.Vt BIGNUM -that was used and contains an actual number, or the memory -used for storing the number is leaked immediately. -Besides, it must not be called on a number allocated with -.Fn BN_new , -or the -.Vt BIGNUM -structure itself will likely be leaked later on. -It can only be used on static -.Vt BIGNUM -structures, on -.Vt BIGNUM -structures on the stack, or on -.Vt BIGNUM -structures -.Xr malloc 3 Ap ed -manually, but all of these options are discouraged because they -will no longer work once the -.Vt BIGNUM -data type is made opaque. diff --git a/src/lib/libcrypto/man/BN_num_bytes.3 b/src/lib/libcrypto/man/BN_num_bytes.3 deleted file mode 100644 index ae32a8d8fa..0000000000 --- a/src/lib/libcrypto/man/BN_num_bytes.3 +++ /dev/null @@ -1,130 +0,0 @@ -.\" $OpenBSD: BN_num_bytes.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller -.\" and Richard Levitte . -.\" Copyright (c) 2000, 2004 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt BN_NUM_BYTES 3 -.Os -.Sh NAME -.Nm BN_num_bytes , -.Nm BN_num_bits , -.Nm BN_num_bits_word -.Nd get BIGNUM size -.Sh SYNOPSIS -.In openssl/bn.h -.Ft int -.Fo BN_num_bytes -.Fa "const BIGNUM *a" -.Fc -.Ft int -.Fo BN_num_bits -.Fa "const BIGNUM *a" -.Fc -.Ft int -.Fo BN_num_bits_word -.Fa "BN_ULONG w" -.Fc -.Sh DESCRIPTION -.Fn BN_num_bytes -returns the size of a -.Vt BIGNUM -in bytes. -.Pp -.Fn BN_num_bits_word -returns the number of significant bits in a word. -As an example, 0x00000432 returns 11, not 16 or 32. -Basically, except for a zero, it returns -.Pp -.D1 floor(log2( Ns Fa w ) ) No + 1 . -.Pp -.Fn BN_num_bits -returns the number of significant bits in a -.Sy BIGNUM , -following the same principle as -.Fn BN_num_bits_word . -.Pp -.Fn BN_num_bytes -is a macro. -.Pp -Some have tried using -.Fn BN_num_bits -on individual numbers in RSA keys, DH keys and DSA keys, and found that -they don't always come up with the number of bits they expected -(something like 512, 1024, 2048, ...). This is because generating a -number with some specific number of bits doesn't always set the highest -bits, thereby making the number of -.Em significant -bits a little lower. -If you want to know the "key size" of such a key, either use functions -like -.Xr RSA_size 3 , -.Xr DH_size 3 , -and -.Xr DSA_size 3 , -or use -.Fn BN_num_bytes -and multiply with 8 (although there's no real guarantee that will match -the "key size", just a lot more probability). -.Sh RETURN VALUES -The size. -.Sh SEE ALSO -.Xr BN_new 3 , -.Xr DH_size 3 , -.Xr DSA_size 3 , -.Xr RSA_size 3 -.Sh HISTORY -.Fn BN_num_bytes -and -.Fn BN_num_bits -first appeared in SSLeay 0.5.1. -.Fn BN_num_bits_word -first appeared in SSLeay 0.5.2. -These functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BN_rand.3 b/src/lib/libcrypto/man/BN_rand.3 deleted file mode 100644 index 467971206b..0000000000 --- a/src/lib/libcrypto/man/BN_rand.3 +++ /dev/null @@ -1,134 +0,0 @@ -.\" $OpenBSD: BN_rand.3,v 1.16 2019/06/10 14:58:48 schwarze Exp $ -.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2001, 2002, 2013, 2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt BN_RAND 3 -.Os -.Sh NAME -.Nm BN_rand , -.Nm BN_rand_range , -.Nm BN_pseudo_rand , -.Nm BN_pseudo_rand_range -.Nd generate pseudo-random number -.Sh SYNOPSIS -.In openssl/bn.h -.Ft int -.Fo BN_rand -.Fa "BIGNUM *rnd" -.Fa "int bits" -.Fa "int top" -.Fa "int bottom" -.Fc -.Ft int -.Fo BN_rand_range -.Fa "BIGNUM *rnd" -.Fa "BIGNUM *range" -.Fc -.Sh DESCRIPTION -.Fn BN_rand -generates a cryptographically strong pseudo-random number of -.Fa bits -in length and stores it in -.Fa rnd . -If -.Fa top -is -1, the most significant bit of the random number can be zero. -If -.Fa top -is 0, it is set to 1, and if -.Fa top -is 1, the two most significant bits of the number will be set to 1, so -that the product of two such random numbers will always have -.Pf 2* Fa bits -length. -If -.Fa bottom -is true, the number will be odd. -The value of -.Fa bits -must be zero or greater. -If -.Fa bits -is +1 then -.Fa top -cannot also be 1. -.Pp -.Fn BN_rand_range -generates a cryptographically strong pseudo-random number -.Fa rnd -in the range 0 <= -.Fa rnd No < Fa range . -.Pp -.Fn BN_pseudo_rand -is a deprecated alias for -.Fn BN_rand , -and -.Fn BN_pseudo_rand_range -for -.Fn BN_rand_range . -.Sh RETURN VALUES -The functions return 1 on success, 0 on error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_new 3 -.Sh HISTORY -.Fn BN_rand -first appeared in SSLeay 0.5.1 and has been available since -.Ox 2.4 . -.Pp -The -.Fa top -== -1 case and the function -.Fn BN_rand_range -first appeared in OpenSSL 0.9.6a and have been available since -.Ox 3.0 . diff --git a/src/lib/libcrypto/man/BN_set_bit.3 b/src/lib/libcrypto/man/BN_set_bit.3 deleted file mode 100644 index 93bfda6747..0000000000 --- a/src/lib/libcrypto/man/BN_set_bit.3 +++ /dev/null @@ -1,216 +0,0 @@ -.\" $OpenBSD: BN_set_bit.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt BN_SET_BIT 3 -.Os -.Sh NAME -.Nm BN_set_bit , -.Nm BN_clear_bit , -.Nm BN_is_bit_set , -.Nm BN_mask_bits , -.Nm BN_lshift , -.Nm BN_lshift1 , -.Nm BN_rshift , -.Nm BN_rshift1 -.Nd bit operations on BIGNUMs -.Sh SYNOPSIS -.In openssl/bn.h -.Ft int -.Fo BN_set_bit -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft int -.Fo BN_clear_bit -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft int -.Fo BN_is_bit_set -.Fa "const BIGNUM *a" -.Fa "int n" -.Fc -.Ft int -.Fo BN_mask_bits -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft int -.Fo BN_lshift -.Fa "BIGNUM *r" -.Fa "const BIGNUM *a" -.Fa "int n" -.Fc -.Ft int -.Fo BN_lshift1 -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fc -.Ft int -.Fo BN_rshift -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft int -.Fo BN_rshift1 -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fc -.Sh DESCRIPTION -.Fn BN_set_bit -sets bit -.Fa n -in -.Fa a -to 1 -.Pq Li a|=(1<>n) . -An error occurs if -.Fa a -already is shorter than -.Fa n -bits. -.Pp -.Fn BN_lshift -shifts -.Fa a -left by -.Fa n -bits and places the result in -.Fa r -.Pq Li r=a*2^n . -Note that -.Fa n -must be non-negative. -.Fn BN_lshift1 -shifts -.Fa a -left by one and places the result in -.Fa r -.Pq Li r=2*a . -.Pp -.Fn BN_rshift -shifts -.Fa a -right by -.Fa n -bits and places the result in -.Fa r -.Pq Li r=a/2^n . -Note that -.Fa n -must be non-negative. -.Fn BN_rshift1 -shifts -.Fa a -right by one and places the result in -.Fa r -.Pq Li r=a/2 . -.Pp -For the shift functions, -.Fa r -and -.Fa a -may be the same variable. -.Sh RETURN VALUES -.Fn BN_is_bit_set -returns 1 if the bit is set, 0 otherwise. -.Pp -All other functions return 1 for success, 0 on error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_add 3 , -.Xr BN_new 3 , -.Xr BN_num_bytes 3 , -.Xr BN_set_negative 3 , -.Xr BN_zero 3 -.Sh HISTORY -.Fn BN_set_bit , -.Fn BN_clear_bit , -.Fn BN_is_bit_set , -.Fn BN_mask_bits , -.Fn BN_lshift , -.Fn BN_lshift1 , -.Fn BN_rshift , -and -.Fn BN_rshift1 -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BN_set_flags.3 b/src/lib/libcrypto/man/BN_set_flags.3 deleted file mode 100644 index 8b2c404452..0000000000 --- a/src/lib/libcrypto/man/BN_set_flags.3 +++ /dev/null @@ -1,167 +0,0 @@ -.\" $OpenBSD: BN_set_flags.3,v 1.4 2021/03/12 05:18:00 jsg Exp $ -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 12 2021 $ -.Dt BN_SET_FLAGS 3 -.Os -.Sh NAME -.Nm BN_set_flags , -.Nm BN_get_flags -.Nd enable and inspect flags on BIGNUM objects -.Sh SYNOPSIS -.In openssl/bn.h -.Ft void -.Fo BN_set_flags -.Fa "BIGNUM *b" -.Fa "int flags" -.Fc -.Ft int -.Fo BN_get_flags -.Fa "const BIGNUM *b" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn BN_set_flags -enables the given -.Fa flags -on -.Fa b . -The -.Fa flags -argument can contain zero or more of the following constants OR'ed -together: -.Bl -tag -width Ds -.It Dv BN_FLG_CONSTTIME -If this flag is set on the divident -.Fa a -or the divisor -.Fa d -in -.Xr BN_div 3 , -on the exponent -.Fa p -in -.Xr BN_mod_exp 3 , -or on the divisor -.Fa a -or the modulus -.Fa n -in -.Xr BN_mod_inverse 3 , -these functions select algorithms with an execution time independent -of the respective numbers, to avoid exposing sensitive information -to timing side-channel attacks. -.Pp -This flag is off by default for -.Vt BIGNUM -objects created with -.Xr BN_new 3 . -.It Dv BN_FLG_MALLOCED -If this flag is set, -.Xr BN_free 3 -and -.Xr BN_clear_free 3 -will not only clear and free the components of -.Fa b , -but also -.Fa b -itself. -This flag is set internally by -.Xr BN_new 3 . -Setting it manually on an existing -.Vt BIGNUM -object is usually a bad idea and can cause calls to -.Xr free 3 -with bogus arguments. -.It Dv BN_FLG_STATIC_DATA -If this flag is set, -.Xr BN_clear_free 3 -will neither clear nor free the memory used for storing the number. -Consequently, setting it manually on an existing -.Vt BIGNUM -object is usually a terrible idea that can cause both disclosure -of secret data and memory leaks. -This flag is automatically set on the constant -.Vt BIGNUM -objects returned by -.Xr BN_value_one 3 -and by the functions documented in -.Xr BN_get0_nist_prime_521 3 . -.El -.Pp -.Fn BN_get_flags -interprets -.Fa flags -as a bitmask and returns those of the given flags that are set in -.Fa b , -OR'ed together, or 0 if none of the given -.Fa flags -is set. -The -.Fa flags -argument has the same syntax as for -.Fn BN_set_flags . -.Pp -These functions are currently implemented as macros, but they are -likely to become real functions in the future when the -.Vt BIGNUM -data type will be made opaque. -.Sh RETURN VALUES -.Fn BN_get_flags -returns zero or more of the above constants, OR'ed together. -.Sh SEE ALSO -.Xr BN_mod_exp 3 , -.Xr BN_mod_inverse 3 , -.Xr BN_new 3 , -.Xr BN_with_flags 3 -.Sh HISTORY -.Fn BN_set_flags -and -.Fn BN_get_flags -first appeared in SSLeay 0.9.1 and have been available since -.Ox 2.6 . -.Sh CAVEATS -No public interface exists to clear a flag once it is set. -So think twice before using -.Fn BN_set_flags . -.Sh BUGS -Even if the -.Dv BN_FLG_CONSTTIME -flag is set on -.Fa a -or -.Fa b , -.Fn BN_gcd -neither fails nor operates in constant time, potentially allowing -timing side-channel attacks. -.Pp -Even if the -.Dv BN_FLG_CONSTTIME -flag is set on -.Fa p , -if the modulus -.Fa m -is even, -.Xr BN_mod_exp 3 -does not operate in constant time, potentially allowing -timing side-channel attacks. -.Pp -If -.Dv BN_FLG_CONSTTIME -is set on -.Fa p , -.Fn BN_exp -fails instead of operating in constant time. diff --git a/src/lib/libcrypto/man/BN_set_negative.3 b/src/lib/libcrypto/man/BN_set_negative.3 deleted file mode 100644 index b47fa22670..0000000000 --- a/src/lib/libcrypto/man/BN_set_negative.3 +++ /dev/null @@ -1,64 +0,0 @@ -.\" $OpenBSD: BN_set_negative.3,v 1.5 2019/06/03 14:43:15 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 3 2019 $ -.Dt BN_SET_NEGATIVE 3 -.Os -.Sh NAME -.Nm BN_set_negative , -.Nm BN_is_negative -.Nd change and inspect the sign of a BIGNUM -.Sh SYNOPSIS -.In openssl/bn.h -.Ft void -.Fo BN_set_negative -.Fa "BIGNUM *b" -.Fa "int n" -.Fc -.Ft int -.Fo BN_is_negative -.Fa "const BIGNUM *b" -.Fc -.Sh DESCRIPTION -.Fn BN_set_negative -sets -.Fa b -to negative if both -.Fa b -and -.Fa n -are non-zero, otherwise it sets it to positive. -.Pp -.Fn BN_is_negative -tests the sign of -.Fa b . -It is currently implemented as a macro. -.Sh RETURN VALUES -.Fn BN_is_negative -returns 1 if -.Fa b -is negative or 0 otherwise. -.Sh SEE ALSO -.Xr BN_add 3 , -.Xr BN_new 3 , -.Xr BN_set_bit 3 , -.Xr BN_zero 3 -.Sh HISTORY -.Fn BN_set_negative -and -.Fn BN_is_negative -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/BN_swap.3 b/src/lib/libcrypto/man/BN_swap.3 deleted file mode 100644 index db9082d7ef..0000000000 --- a/src/lib/libcrypto/man/BN_swap.3 +++ /dev/null @@ -1,75 +0,0 @@ -.\" $OpenBSD: BN_swap.3,v 1.5 2018/03/22 21:08:22 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Bodo Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt BN_SWAP 3 -.Os -.Sh NAME -.Nm BN_swap -.Nd exchange BIGNUMs -.Sh SYNOPSIS -.In openssl/bn.h -.Ft void -.Fo BN_swap -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fc -.Sh DESCRIPTION -.Fn BN_swap -exchanges the values of -.Fa a -and -.Fa b . -.Sh SEE ALSO -.Xr BN_new 3 -.Sh HISTORY -.Fn BN_swap -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/BN_zero.3 b/src/lib/libcrypto/man/BN_zero.3 deleted file mode 100644 index f3ca4cdfb1..0000000000 --- a/src/lib/libcrypto/man/BN_zero.3 +++ /dev/null @@ -1,154 +0,0 @@ -.\" $OpenBSD: BN_zero.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" selective merge up to: OpenSSL b713c4ff Jan 22 14:41:09 2018 -0500 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2001, 2002, 2018 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt BN_ZERO 3 -.Os -.Sh NAME -.Nm BN_zero , -.Nm BN_one , -.Nm BN_value_one , -.Nm BN_set_word , -.Nm BN_get_word -.Nd BIGNUM assignment operations -.Sh SYNOPSIS -.In openssl/bn.h -.Ft int -.Fo BN_zero -.Fa "BIGNUM *a" -.Fc -.Ft int -.Fo BN_one -.Fa "BIGNUM *a" -.Fc -.Ft const BIGNUM * -.Fo BN_value_one -.Fa void -.Fc -.Ft int -.Fo BN_set_word -.Fa "BIGNUM *a" -.Fa "BN_ULONG w" -.Fc -.Ft BN_ULONG -.Fo BN_get_word -.Fa "BIGNUM *a" -.Fc -.Sh DESCRIPTION -.Vt BN_ULONG -is a macro that expands to an unsigned integral type optimized -for the most efficient implementation on the local platform. -.Pp -.Fn BN_zero , -.Fn BN_one , -and -.Fn BN_set_word -set -.Fa a -to the values 0, 1 and -.Fa w -respectively. -.Fn BN_zero -and -.Fn BN_one -are macros. -.Pp -.Fn BN_value_one -returns a -.Vt BIGNUM -constant of value 1. -This constant is useful for comparisons and assignments. -.Sh RETURN VALUES -.Fn BN_get_word -returns the value -.Fa a , -or a number with all bits set if -.Fa a -cannot be represented as a -.Vt BN_ULONG . -.Pp -.Fn BN_zero , -.Fn BN_one , -and -.Fn BN_set_word -return 1 on success, 0 otherwise. -.Fn BN_value_one -returns the constant. -.Sh SEE ALSO -.Xr BN_bn2bin 3 , -.Xr BN_new 3 , -.Xr BN_set_bit 3 , -.Xr BN_set_negative 3 -.Sh HISTORY -.Fn BN_zero , -.Fn BN_one , -.Fn BN_value_one , -and -.Fn BN_set_word -first appeared in SSLeay 0.5.1. -.Fn BN_get_word -first appeared in SSLeay 0.6.0. -All these functions have been available since -.Ox 2.4 . -.Sh BUGS -Someone might change the constant. -.Pp -If the value of a -.Vt BIGNUM -is equal to a -.Vt BN_ULONG -with all bits set, the return value of -.Fn BN_get_word -collides with return value used to indicate errors. -.Pp -.Vt BN_ULONG -should probably be a typedef rather than a macro. diff --git a/src/lib/libcrypto/man/BUF_MEM_new.3 b/src/lib/libcrypto/man/BUF_MEM_new.3 deleted file mode 100644 index 904e6f2a84..0000000000 --- a/src/lib/libcrypto/man/BUF_MEM_new.3 +++ /dev/null @@ -1,206 +0,0 @@ -.\" $OpenBSD: BUF_MEM_new.3,v 1.16 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL doc/crypto/buffer.pod 18edda0f Sep 20 03:28:54 2000 +0000 -.\" not merged: 74924dcb, 58e3457a, 21b0fa91, 7644a9ae -.\" OpenSSL doc/crypto/BUF_MEM_new.pod 53934822 Jun 9 16:39:19 2016 -0400 -.\" not merged: c952780c, 91da5e77 -.\" OpenSSL doc/man3/BUF_MEM_new.pod 498180de Dec 12 15:35:09 2016 +0300 -.\" -.\" This file was written by Ralf S. Engelschall . -.\" Copyright (c) 1999, 2000, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt BUF_MEM_NEW 3 -.Os -.Sh NAME -.Nm BUF_MEM_new , -.Nm BUF_MEM_free , -.Nm BUF_MEM_grow , -.Nm BUF_MEM_grow_clean , -.Nm BUF_reverse , -.Nm BUF_strdup -.Nd simple character arrays structure -.Sh SYNOPSIS -.In openssl/buffer.h -.Ft BUF_MEM * -.Fo BUF_MEM_new -.Fa void -.Fc -.Ft void -.Fo BUF_MEM_free -.Fa "BUF_MEM *a" -.Fc -.Ft int -.Fo BUF_MEM_grow -.Fa "BUF_MEM *str" -.Fa "size_t len" -.Fc -.Ft int -.Fo BUF_MEM_grow_clean -.Fa "BUF_MEM *str" -.Fa "size_t len" -.Fc -.Ft void -.Fo BUF_reverse -.Fa "unsigned char *out" -.Fa "const unsigned char *in" -.Fa "size_t len" -.Fc -.Ft char * -.Fo BUF_strdup -.Fa "const char *str" -.Fc -.Sh DESCRIPTION -The buffer library handles simple character arrays. -Buffers are used for various purposes in the library, most notably -memory BIOs. -.Pp -The library uses the -.Vt BUF_MEM -structure defined in buffer.h: -.Bd -literal -typedef struct buf_mem_st -{ - size_t length; /* current number of bytes */ - char *data; - size_t max; /* size of buffer */ -} BUF_MEM; -.Ed -.Pp -.Fa length -is the current size of the buffer in bytes; -.Fa max -is the amount of memory allocated to the buffer. -There are three functions which handle these and one miscellaneous function. -.Pp -.Fn BUF_MEM_new -allocates a new buffer of zero size. -.Pp -.Fn BUF_MEM_free -frees up an already existing buffer. -The data is zeroed before freeing up in case the buffer contains -sensitive data. -If -.Fa a -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn BUF_MEM_grow -changes the size of an already existing buffer to -.Fa len . -Any data already in the buffer is preserved if it increases in size. -.Pp -.Fn BUF_MEM_grow_clean -is similar to -.Fn BUF_MEM_grow , -but it sets any freed or additionally allocated memory to zero. -.Pp -.Fn BUF_reverse -reverses -.Fa len -bytes at -.Fa in -into -.Fa out . -If -.Fa in -is -.Dv NULL , -.Fa out -is reversed in place. -.Pp -.Fn BUF_strdup -copies a NUL terminated string into a block of allocated memory and -returns a pointer to the allocated block. -Unlike the system -.Xr strdup 3 -function, -.Fn BUF_strdup -will accept a -.Dv NULL -argument and will return -.Dv NULL -in that case. -Its use in new programs is discouraged. -.Pp -The memory allocated from -.Fn BUF_strdup -should be freed up using the -.Xr free 3 -function. -.Sh RETURN VALUES -.Fn BUF_MEM_new -returns the buffer or -.Dv NULL -on error. -.Pp -.Fn BUF_MEM_grow -and -.Fn BUF_MEM_grow_clean -return zero on error or the new size (i.e.\& -.Fa len ) . -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr BIO_s_mem 3 -.Sh HISTORY -.Fn BUF_MEM_new , -.Fn BUF_MEM_free , -and -.Fn BUF_MEM_grow -first appeared in SSLeay 0.6.0. -.Fn BUF_strdup -first appeared in SSLeay 0.8.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn BUF_MEM_grow_clean -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . -.Pp -.Fn BUF_reverse -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/CMAC_Init.3 b/src/lib/libcrypto/man/CMAC_Init.3 deleted file mode 100644 index a938c0db64..0000000000 --- a/src/lib/libcrypto/man/CMAC_Init.3 +++ /dev/null @@ -1,293 +0,0 @@ -.\" $OpenBSD: CMAC_Init.3,v 1.4 2020/08/06 22:17:49 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 6 2020 $ -.Dt CMAC_INIT 3 -.Os -.Sh NAME -.Nm CMAC_CTX_new , -.Nm CMAC_Init , -.Nm CMAC_Update , -.Nm CMAC_Final , -.Nm CMAC_resume , -.Nm CMAC_CTX_copy , -.Nm CMAC_CTX_get0_cipher_ctx , -.Nm CMAC_CTX_cleanup , -.Nm CMAC_CTX_free -.Nd Cipher-based message authentication code -.Sh SYNOPSIS -.In openssl/cmac.h -.Ft CMAC_CTX * -.Fn CMAC_CTX_new void -.Ft int -.Fo CMAC_Init -.Fa "CMAC_CTX *ctx" -.Fa "const void *key" -.Fa "size_t key_len" -.Fa "const EVP_CIPHER *cipher" -.Fa "ENGINE *impl" -.Fc -.Ft int -.Fo CMAC_Update -.Fa "CMAC_CTX *ctx" -.Fa "const void *in_data" -.Fa "size_t in_len" -.Fc -.Ft int -.Fo CMAC_Final -.Fa "CMAC_CTX *ctx" -.Fa "unsigned char *out_mac" -.Fa "size_t *out_len" -.Fc -.Ft int -.Fn CMAC_resume "CMAC_CTX *ctx" -.Ft int -.Fo CMAC_CTX_copy -.Fa "CMAC_CTX *out_ctx" -.Fa "CMAC_CTX *in_ctx" -.Fc -.Ft EVP_CIPHER_CTX * -.Fn CMAC_CTX_get0_cipher_ctx "CMAC_CTX *ctx" -.Ft void -.Fn CMAC_CTX_cleanup "CMAC_CTX *ctx" -.Ft void -.Fn CMAC_CTX_free "CMAC_CTX *ctx" -.Sh DESCRIPTION -CMAC is a message authentication code algorithm that can employ an -arbitrary block cipher using a symmetric key. -.Pp -The present manual page describes low-level functions implementing CMAC. -Instead of using these functions directly, -application programs normally call -.Xr EVP_PKEY_CTX_new_id 3 -with an argument of -.Dv EVP_PKEY_CMAC -and then pass the resulting -.Vt EVP_MD_CTX -object to -.Xr EVP_DigestInit_ex 3 . -.Pp -The CMAC API is object-oriented. -Calculating a message authentication code requires a -.Vt CMAC_CTX -object. -Usually, the functions -.Fn CMAC_CTX_new , -.Fn CMAC_Init , -.Fn CMAC_Update , -.Fn CMAC_Final , -and -.Fn CMAC_CTX_free -need to be called in this order. -.Pp -.Fn CMAC_CTX_new -allocates a new -.Vt CMAC_CTX -object, initializes the embedded -.Vt EVP_CIPHER_CTX -object, and marks the object itself as uninitialized. -.Pp -.Fn CMAC_Init -selects the given block -.Fa cipher -for use by -.Fa ctx . -Functions to obtain suitable -.Vt EVP_CIPHER -objects are listed in the CIPHER LISTING section of the -.Xr EVP_Cipher 3 -manual page. -Unless -.Fa key -is -.Dv NULL , -.Fn CMAC_Init -also initializes -.Fa ctx -for use with the given symmetric -.Fa key -that is -.Fa key_len -bytes long. -In particular, it calculates and internally stores the two subkeys -and initializes -.Fa ctx -for subsequently feeding in data with -.Fn CMAC_Update . -To use the default cipher implementations provided by the library, pass -.Dv NULL -as the -.Fa impl -argument. -.Pp -If -.Fa ctx -is already initialized, -.Fn CMAC_Init -can be called again with -.Fa key , -.Fa cipher , -and -.Fa impl -all set to -.Dv NULL -and -.Fa key_len -set to 0. -In that case, any data already processed is discarded and -.Fa ctx -is re-initialized to start reading data anew. -.Pp -.Fn CMAC_Update -processes -.Fa in_len -bytes of input data pointed to by -.Fa in_data . -Depending on the number of input bytes already cached in -.Fa ctx , -on -.Fa in_len , -and on the block size, this may encrypt zero or more blocks. -Unless -.Fa in_len -is zero, this function leaves at least one byte and at most one -block of input cached but unprocessed inside the -.Fa ctx -object. -.Fn CMAC_Update -can be called multiple times -to concatenate several chunks of input data of varying sizes. -.Pp -.Fn CMAC_Final -stores the length of the message authentication code in bytes, -which equals the cipher block size, into -.Pf * Fa out_len . -Unless -.Fa out_mac -is -.Dv NULL , -it encrypts the last block, padding it if required, and copies the -resulting message authentication code to -.Fa out_mac . -The caller is responsible for providing a buffer of sufficient size. -.Pp -Calling -.Fn CMAC_resume -after -.Fn CMAC_Final -allows the user to subsequently append additional data with -.Fn CMAC_Update . -Otherwise, unless -.Fn CMAC_Init -is called to start from scratch, -.Fn CMAC_Update -can no longer be used after -.Fn CMAC_Final . -.Pp -.Fn CMAC_CTX_copy -performs a deep copy of the already initialized -.Fa in_ctx -into -.Fa out_ctx . -.Pp -.Fn CMAC_CTX_cleanup -zeros out both subkeys and all temporary data in -.Fa ctx -and in the embedded -.Vt EVP_CIPHER_CTX -object, frees all allocated memory associated with it, -except for -.Fa ctx -itself, and marks it as uninitialized, -such that it can be reused for subsequent -.Fn CMAC_Init . -.Pp -.Fn CMAC_CTX_free -calls -.Fn CMAC_CTX_cleanup , -then frees -.Fa ctx -itself. -If -.Fa ctx -is -.Dv NULL , -no action occurs. -.Sh RETURN VALUES -.Fn CMAC_CTX_new -returns the new context object or -.Dv NULL -in case of failure. -It succeeds unless memory is exhausted. -.Pp -.Fn CMAC_Init , -.Fn CMAC_Update , -.Fn CMAC_Final , -.Fn CMAC_resume , -and -.Fn CMAC_CTX_copy -return 1 on success or 0 on failure. -.Fn CMAC_Init -fails if initializing the embedded -.Vt EVP_CIPHER_CTX -object fails. -The others fail if -.Fa in_ctx -is uninitialized. -.Fn CMAC_Update -and -.Fn CMAC_Final -also fail if encrypting a block fails, and -.Fn CMAC_CTX_copy -if copying the embedded -.Vt EVP_CIPHER_CTX -object fails, which can for example happen when memory is exhausted. -.Pp -.Fn CMAC_CTX_get0_cipher_ctx -returns an internal pointer to the -.Vt EVP_CIPHER_CTX -object that is embedded in -.Fa ctx . -.Sh ERRORS -The CMAC code itself does not use the -.In openssl/err.h -framework, so in general, the reasons for failure cannot be found out with -.Xr ERR_get_error 3 . -However, since the -.Xr EVP_Cipher 3 -functions are used internally, entries may still get pushed onto -the error stack in some cases of failure. -.Sh SEE ALSO -.Xr EVP_aes_128_cbc 3 , -.Xr EVP_Cipher 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_PKEY_CTX_new_id 3 , -.Xr HMAC 3 -.Sh STANDARDS -.Rs -.%A Morris Dworkin -.%T "Recommendation for Block Cipher Modes of Operation:\ - The CMAC Mode for Authentication" -.%I National Institute of Standards and Technology -.%R NIST Special Publication 800-38B -.%U https://doi.org/10.6028/NIST.SP.800-38B -.%C Gaithersburg, Maryland -.%D May 2005, updated October 6, 2016 -.Re -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.1 -and have been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/CMS_ContentInfo_new.3 b/src/lib/libcrypto/man/CMS_ContentInfo_new.3 deleted file mode 100644 index ff6417949a..0000000000 --- a/src/lib/libcrypto/man/CMS_ContentInfo_new.3 +++ /dev/null @@ -1,134 +0,0 @@ -.\" $OpenBSD: CMS_ContentInfo_new.3,v 1.3 2019/11/02 15:39:46 schwarze Exp $ -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_CONTENTINFO_NEW 3 -.Os -.Sh NAME -.Nm CMS_ContentInfo_new , -.Nm CMS_ContentInfo_free , -.Nm CMS_ContentInfo_print_ctx , -.Nm CMS_ReceiptRequest_new , -.Nm CMS_ReceiptRequest_free -.Nd Cryptographic Message Syntax data structures -.Sh SYNOPSIS -.In openssl/cms.h -.Ft CMS_ContentInfo * -.Fn CMS_ContentInfo_new void -.Ft void -.Fn CMS_ContentInfo_free "CMS_ContentInfo *cms" -.Ft int -.Fo CMS_ContentInfo_print_ctx -.Fa "BIO *out" -.Fa "CMS_ContentInfo *cms" -.Fa "int indent" -.Fa "const ASN1_PCTX *pctx" -.Fc -.Ft CMS_ReceiptRequest * -.Fn CMS_ReceiptRequest_new void -.Ft void -.Fn CMS_ReceiptRequest_free "CMS_ReceiptRequest *rr" -.Sh DESCRIPTION -.Fn CMS_ContentInfo_new -allocates and initializes an empty -.Vt CMS_ContentInfo -object, representing an ASN.1 -.Vt ContentInfo -structure defined in RFC 5652 section 3. -It can hold a pointer to an ASN.1 OBJECT IDENTIFIER -and a pointer to either a -.Vt SignedData , -.Vt EnvelopedData , -.Vt DigestedData , -.Vt EncryptedData , -.Vt AuthenticatedData , -or -.Vt CompressedData -object or to an arbitrary ASN.1 object. -.Fn CMS_ContentInfo_free -frees -.Fa cms . -.Pp -.Fn CMS_ContentInfo_print_ctx -prints a human readable representation of -.Fa cms -to -.Fa out . -.Pp -.Fn CMS_ReceiptRequest_new -allocates and initializes an empty -.Vt CMS_ReceiptRequest -object, representing an ASN.1 -.Vt ReceiptRequest -structure defined in RFC 2634 section 2.7. -It can contain a content identifier, a list of recipients requested -to return a signed receipt, and a list of users to send the receipt to. -.Fn CMS_ReceiptRequest_free -frees -.Fa rr . -.Sh RETURN VALUES -.Fn CMS_ContentInfo_new -and -.Fn CMS_ReceiptRequest_new -return the new -.Vt CMS_ContentInfo -or -.Vt CMS_ReceiptRequest -object, respectively, or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr BIO_new_CMS 3 , -.Xr CMS_add0_cert 3 , -.Xr CMS_add1_recipient_cert 3 , -.Xr CMS_add1_signer 3 , -.Xr CMS_compress 3 , -.Xr CMS_decrypt 3 , -.Xr CMS_encrypt 3 , -.Xr CMS_final 3 , -.Xr CMS_get0_RecipientInfos 3 , -.Xr CMS_get0_SignerInfos 3 , -.Xr CMS_get0_type 3 , -.Xr CMS_get1_ReceiptRequest 3 , -.Xr CMS_sign 3 , -.Xr CMS_sign_receipt 3 , -.Xr CMS_uncompress 3 , -.Xr CMS_verify 3 , -.Xr CMS_verify_receipt 3 , -.Xr crypto 3 , -.Xr d2i_CMS_ContentInfo 3 , -.Xr i2d_CMS_bio_stream 3 , -.Xr PEM_read_bio_PrivateKey 3 , -.Xr PEM_write_bio_CMS_stream 3 , -.Xr SMIME_read_CMS 3 , -.Xr SMIME_write_CMS 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax, section 3: General Syntax -.Pp -RFC 3274: Compressed Data Content Type for Cryptographic Message Syntax (CMS) -.Pp -RFC 2634: Enhanced Security Services for S/MIME, -section 2.7: Receipt Request Syntax -.Sh HISTORY -.Fn CMS_ContentInfo_new , -.Fn CMS_ContentInfo_free , -.Fn CMS_ReceiptRequest_new , -and -.Fn CMS_ReceiptRequest_free -first appeared in OpenSSL 0.9.8h and -.Fn CMS_ContentInfo_print_ctx -in OpenSSL 1.0.0. -This functions have been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CMS_add0_cert.3 b/src/lib/libcrypto/man/CMS_add0_cert.3 deleted file mode 100644 index c5a7367d21..0000000000 --- a/src/lib/libcrypto/man/CMS_add0_cert.3 +++ /dev/null @@ -1,214 +0,0 @@ -.\" $OpenBSD: CMS_add0_cert.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_ADD0_CERT 3 -.Os -.Sh NAME -.Nm CMS_add0_cert , -.Nm CMS_add1_cert , -.Nm CMS_get1_certs , -.Nm CMS_add0_crl , -.Nm CMS_add1_crl , -.Nm CMS_get1_crls -.Nd CMS certificate and CRL utility functions -.Sh SYNOPSIS -.In openssl/cms.h -.Ft int -.Fo CMS_add0_cert -.Fa "CMS_ContentInfo *cms" -.Fa "X509 *certificate" -.Fc -.Ft int -.Fo CMS_add1_cert -.Fa "CMS_ContentInfo *cms" -.Fa "X509 *certificate" -.Fc -.Ft STACK_OF(X509) * -.Fo CMS_get1_certs -.Fa "CMS_ContentInfo *cms" -.Fc -.Ft int -.Fo CMS_add0_crl -.Fa "CMS_ContentInfo *cms" -.Fa "X509_CRL *crl" -.Fc -.Ft int -.Fo CMS_add1_crl -.Fa "CMS_ContentInfo *cms" -.Fa "X509_CRL *crl" -.Fc -.Ft STACK_OF(X509_CRL) * -.Fo CMS_get1_crls -.Fa "CMS_ContentInfo *cms" -.Fc -.Sh DESCRIPTION -.Fn CMS_add0_cert -adds the -.Fa certificate -to the -.Fa certificates -field of -.Fa cms -if it is of the type -.Vt SignedData -or to the -.Fa originatorInfo.certs -field if it is of the type -.Vt EnvelopedData . -.Fn CMS_add1_cert -does the same and also increments the reference count of the -.Fa certificate -with -.Xr X509_up_ref 3 -in case of success. -.Pp -.Fn CMS_get1_certs -returns all certificates in -.Fa cms . -.Pp -.Fn CMS_add0_crl -adds the -.Fa crl -to the -.Fa crls -field of -.Fa cms -if it is of the type -.Vt SignedData -or to the -.Fa originatorInfo.crls -field if it is of the type -.Vt EnvelopedData . -.Fn CMS_add1_crl -does the same and also increments the reference count of the -.Fa crl -with -.Xr X509_CRL_up_ref 3 -in case of success. -.Pp -.Fn CMS_get1_crls -returns any CRLs in -.Fa cms . -.Pp -An error occurs if -.Fa cms -is of any type other than -.Vt SignedData -or -.Vt EnvelopedData . -.Pp -The same -.Fa certificate -or -.Fa crl -must not be added to the same -.Fa cms -structure more than once. -.Sh RETURN VALUES -.Fn CMS_add0_cert , -.Fn CMS_add1_cert , -.Fn CMS_add0_crl , -and -.Fn CMS_add1_crl -return 1 for success or 0 for failure. -.Pp -.Fn CMS_get1_certs -and -.Fn CMS_get1_crls -return the STACK of certificates or CRLs or -.Dv NULL -if there are none or an error occurs. -The only error which will occur in practice is if the -.Fa cms -type is invalid. -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_encrypt 3 , -.Xr CMS_final 3 , -.Xr CMS_sign 3 , -.Xr ERR_get_error 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax -.Bl -dash -compact -offset indent -.It -section 5.1: SignedData Type -.It -section 6.1: EnvelopedData Type -.El -.Sh HISTORY -.Fn CMS_add0_cert , -.Fn CMS_add1_cert , -.Fn CMS_get1_certs , -.Fn CMS_add0_crl , -and -.Fn CMS_get1_crls -first appeared in OpenSSL 0.9.8h and -.Fn CMS_add1_crl -in OpenSSL 1.0.0. -These functions have been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/src/lib/libcrypto/man/CMS_add1_recipient_cert.3 deleted file mode 100644 index 465119397d..0000000000 --- a/src/lib/libcrypto/man/CMS_add1_recipient_cert.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" $OpenBSD: CMS_add1_recipient_cert.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_ADD1_RECIPIENT_CERT 3 -.Os -.Sh NAME -.Nm CMS_add1_recipient_cert , -.Nm CMS_add0_recipient_key -.Nd add recipients to a CMS EnvelopedData structure -.Sh SYNOPSIS -.In openssl/cms.h -.Ft CMS_RecipientInfo * -.Fo CMS_add1_recipient_cert -.Fa "CMS_ContentInfo *cms" -.Fa "X509 *certificate" -.Fa "unsigned int flags" -.Fc -.Ft CMS_RecipientInfo * -.Fo CMS_add0_recipient_key -.Fa "CMS_ContentInfo *cms" -.Fa "int nid" -.Fa "unsigned char *key" -.Fa "size_t keylen" -.Fa "unsigned char *id" -.Fa "size_t idlen" -.Fa "ASN1_GENERALIZEDTIME *date" -.Fa "ASN1_OBJECT *otherTypeId" -.Fa "ASN1_TYPE *otherType" -.Fc -.Sh DESCRIPTION -These functions add a new -.Vt RecipientInfo -structure to the -.Fa recipientInfos -field of the -.Vt EnvelopedData -structure -.Fa cms , -which should have been obtained from an initial call to -.Xr CMS_encrypt 3 -with the flag -.Dv CMS_PARTIAL -set. -.Pp -.Fn CMS_add1_recipient_cert -adds the recipient -.Fa certificate -as a -.Vt KeyTransRecipientInfo -structure. -.Pp -.Fn CMS_add0_recipient_key -adds the symmetric -.Fa key -of length -.Fa keylen -using the wrapping algorithm -.Fa nid , -the identifier -.Fa id -of length -.Fa idlen , -and the optional values -.Fa date , -.Fa otherTypeId -and -.Fa otherType -as a -.Vt KEKRecipientInfo -structure. -.Pp -The main purpose of these functions is to provide finer control over a CMS -.Vt EnvelopedData -structure where the simpler -.Xr CMS_encrypt 3 -function defaults are not appropriate, -for example if one or more -.Vt KEKRecipientInfo -structures need to be added. -New attributes can also be added using the returned -.Vt CMS_RecipientInfo -structure and the CMS attribute utility functions. -.Pp -By default, recipient certificates are identified using issuer -name and serial number. -If the flag -.Dv CMS_USE_KEYID -is set, the subject key identifier value is used instead. -An error occurs if all recipient certificates do not have a subject key -identifier extension. -.Pp -Currently only AES based key wrapping algorithms are supported for -.Fa nid , -specifically -.Dv NID_id_aes128_wrap , -.Dv NID_id_aes192_wrap , -and -.Dv NID_id_aes256_wrap . -If -.Fa nid -is set to -.Dv NID_undef , -then an AES wrap algorithm will be used consistent with -.Fa keylen . -.Sh RETURN VALUES -.Fn CMS_add1_recipient_cert -and -.Fn CMS_add0_recipient_key -return an internal pointer to the -.Vt CMS_RecipientInfo -structure just added or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_encrypt 3 , -.Xr CMS_final 3 , -.Xr ERR_get_error 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax -.Bl -dash -compact -offset indent -.It -section 6.1: EnvelopedData Type -.It -section 6.2.1: KeyTransRecipientInfo Type -.It -section 6.2.3: KEKRecipientInfo Type -.El -.Sh HISTORY -.Fn CMS_add1_recipient_cert -and -.Fn CMS_add0_recipient_key -first appeared in OpenSSL 0.9.8h -and have been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CMS_add1_signer.3 b/src/lib/libcrypto/man/CMS_add1_signer.3 deleted file mode 100644 index 9ee97dfaf4..0000000000 --- a/src/lib/libcrypto/man/CMS_add1_signer.3 +++ /dev/null @@ -1,246 +0,0 @@ -.\" $OpenBSD: CMS_add1_signer.3,v 1.8 2020/06/24 18:15:00 jmc Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt CMS_ADD1_SIGNER 3 -.Os -.Sh NAME -.Nm CMS_add1_signer , -.Nm CMS_SignerInfo_sign -.Nd add a signer to a CMS SignedData structure -.Sh SYNOPSIS -.In openssl/cms.h -.Ft CMS_SignerInfo * -.Fo CMS_add1_signer -.Fa "CMS_ContentInfo *cms" -.Fa "X509 *signcert" -.Fa "EVP_PKEY *pkey" -.Fa "const EVP_MD *md" -.Fa "unsigned int flags" -.Fc -.Ft int -.Fo CMS_SignerInfo_sign -.Fa "CMS_SignerInfo *si" -.Fc -.Sh DESCRIPTION -.Fn CMS_add1_signer -adds a signer with certificate -.Fa signcert -and private key -.Fa pkey -using message digest -.Fa md -to the -.Fa signerInfos -field of the -.Vt SignedData -structure -.Fa cms , -which should have been obtained from an initial call to -.Xr CMS_sign 3 -with the flag -.Dv CMS_PARTIAL -set, or which can be a valid -.Vt SignedData -structure in the case of re-signing. -.Pp -If -.Fa md -is -.Dv NULL , -the default digest for the public key algorithm of -.Fa pkey -is used. -.Pp -Unless the -.Dv CMS_REUSE_DIGEST -flag is set, the -.Fa cms -structure remains incomplete and must be finalized either by streaming -(if applicable) or by a call to -.Xr CMS_final 3 . -.Pp -The main purpose of -.Fn CMS_add1_signer -is to provide finer control over a CMS -.Vt SignedData -structure where the simpler -.Xr CMS_sign 3 -function defaults are not appropriate, for example if multiple signers -or non default digest algorithms are needed. -New attributes can also be added using the returned -.Vt CMS_SignerInfo -structure and the CMS attribute utility functions or the CMS signed -receipt request functions. -.Pp -Any of the following flags (OR'ed together) can be passed in the -.Fa flags -parameter: -.Bl -tag -width Ds -.It Dv CMS_REUSE_DIGEST -Attempt to copy the content digest value from one of the existing -.Vt CMS_SignerInfo -structures in -.Fa cms -while adding another signer. -An error occurs if a matching digest value cannot be found to copy. -The -.Fa cms -structure will be valid and finalized when this flag is set. -.It Dv CMS_PARTIAL -If this flag is set in addition to -.Dv CMS_REUSE_DIGEST , -the returned -.Vt CMS_SignerInfo -structure will not be finalized so additional attributes can be added. -In this case an explicit call to -.Fn CMS_SignerInfo_sign -is needed to finalize it. -.It Dv CMS_NOCERTS -Do not add the signer's certificate to the -.Fa certificates -field of -.Fa cms . -The signer's certificate must still be supplied in the -.Fa signcert -parameter though. -This flag can reduce the size of the signature if the signer's certificate can -be obtained by other means, for example from a previously signed message. -.It Dv CMS_NOATTR -Leave the -.Fa signedAttrs -field of the returned -.Vt CMS_SignedData -structure empty. -By default, several CMS -.Vt SignedAttributes -are added, including the signing time, the CMS content type, -and the supported list of ciphers in an -.Vt SMIMECapabilities -attribute. -.It Dv CMS_NOSMIMECAP -Omit just the -.Vt SMIMECapabilities -attribute. -.It Dv CMS_USE_KEYID -Use the subject key identifier value to identify signing certificates. -An error occurs if the signing certificate does not have a subject key -identifier extension. -By default, issuer name and serial number are used instead. -.El -.Pp -If present, the -.Vt SMIMECapabilities -attribute indicates support for the -following algorithms in preference order: 256-bit AES, Gost R3411-94, -Gost 28147-89, 192-bit AES, 128-bit AES, triple DES, 128-bit RC2, 64-bit -RC2, DES and 40-bit RC2. -If any of these algorithms is not available then it will not be -included. -.Pp -The -.Fn CMS_SignerInfo_sign -function explicitly signs -.Fa si . -Its main use is when the -.Dv CMS_REUSE_DIGEST -and -.Dv CMS_PARTIAL -flags were both set in the call to -.Fn CMS_add1_signer -that created -.Fa si . -.Sh RETURN VALUES -.Fn CMS_add1_signer -returns an internal pointer to the new -.Vt CMS_SignerInfo -structure just added or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_final 3 , -.Xr CMS_sign 3 , -.Xr ERR_get_error 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax, section 5.1: SignedData Type -.Pp -RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME) -Version\ 4.0 Message Specification -.Bl -dash -compact -offset indent -.It -section 2.5: Attributes and the SignerInfo Type -.It -section 2.5.2: SMIMECapabilities Attribute -.El -.Sh HISTORY -.Fn CMS_add1_signer -and -.Fn CMS_SignerInfo_sign -first appeared in OpenSSL 0.9.8h -and have been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CMS_compress.3 b/src/lib/libcrypto/man/CMS_compress.3 deleted file mode 100644 index 242e4e96cb..0000000000 --- a/src/lib/libcrypto/man/CMS_compress.3 +++ /dev/null @@ -1,170 +0,0 @@ -.\" $OpenBSD: CMS_compress.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_COMPRESS 3 -.Os -.Sh NAME -.Nm CMS_compress -.Nd create a CMS CompressedData structure -.Sh SYNOPSIS -.In openssl/cms.h -.Ft CMS_ContentInfo * -.Fo CMS_compress -.Fa "BIO *in" -.Fa "int comp_nid" -.Fa "unsigned int flags" -.Fc -.Sh DESCRIPTION -.Fn CMS_compress -creates and returns a CMS -.Vt CompressedData -structure. -.Pp -.Fa comp_nid -is the compression algorithm to use or -.Dv NID_undef -to use the default algorithm. -Currently, the default algorithm -.Dv NID_zlib_compression -is the only supported algorithm. -If zlib support is not compiled in, -.Fn CMS_compress -always returns an error. -.Pp -.Fa in -provides the content to be compressed. -.Pp -Any of the following flags (OR'ed together) can be passed in the -.Fa flags -parameter: -.Bl -tag -width Ds -.It Dv CMS_TEXT -Prepend MIME headers for type text/plain to the data. -.It Dv CMS_BINARY -Do not translate the supplied content into MIME canonical format, -even though that is required by the S/MIME specifications. -This option should be used if the supplied data is in binary format. -Otherwise, the translation will corrupt it. -If -.Dv CMS_BINARY -is set, -.Dv CMS_TEXT -is ignored. -.It Dv CMS_STREAM -Return a partial -.Vt CMS_ContentInfo -structure suitable for streaming I/O: no data is read from -.Fa in . -Several functions including -.Xr SMIME_write_CMS 3 , -.Xr i2d_CMS_bio_stream 3 , -or -.Xr PEM_write_bio_CMS_stream 3 -can be used to finalize the structure. -Alternatively, finalization can be performed by obtaining the streaming -ASN1 -.Vt BIO -directly using -.Xr BIO_new_CMS 3 . -Outputting the contents of the -.Vt CMS_ContentInfo -structure via a function that does not -properly finalize it will give unpredictable results. -.It Dv CMS_DETACHED -Do not include the compressed data in the -.Vt CMS_ContentInfo -structure. -This is rarely used in practice and is not supported by -.Xr SMIME_write_CMS 3 . -.El -.Pp -Additional compression parameters such as the zlib compression level -cannot currently be set. -.Sh RETURN VALUES -.Fn CMS_compress -returns either a -.Vt CMS_ContentInfo -structure or -.Dv NULL -if an error occurred. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_uncompress 3 -.Sh STANDARDS -RFC 3274: Compressed Data Content Type for Cryptographic Message Syntax (CMS) -.Sh HISTORY -.Fn CMS_compress -first appeared in OpenSSL 0.9.8h -and has been available since -.Ox 6.7 . -.Pp -The -.Dv CMS_STREAM -flag first appeared in OpenSSL 1.0.0. diff --git a/src/lib/libcrypto/man/CMS_decrypt.3 b/src/lib/libcrypto/man/CMS_decrypt.3 deleted file mode 100644 index 243ab2f30e..0000000000 --- a/src/lib/libcrypto/man/CMS_decrypt.3 +++ /dev/null @@ -1,226 +0,0 @@ -.\" $OpenBSD: CMS_decrypt.3,v 1.8 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_DECRYPT 3 -.Os -.Sh NAME -.Nm CMS_decrypt , -.Nm CMS_decrypt_set1_pkey , -.Nm CMS_decrypt_set1_key -.Nd decrypt content from a CMS EnvelopedData structure -.Sh SYNOPSIS -.In openssl/cms.h -.Ft int -.Fo CMS_decrypt -.Fa "CMS_ContentInfo *cms" -.Fa "EVP_PKEY *private_key" -.Fa "X509 *certificate" -.Fa "BIO *dcont" -.Fa "BIO *out" -.Fa "unsigned int flags" -.Fc -.Ft int -.Fo CMS_decrypt_set1_pkey -.Fa "CMS_ContentInfo *cms" -.Fa "EVP_PKEY *private_key" -.Fa "X509 *certificate" -.Fc -.Ft int -.Fo CMS_decrypt_set1_key -.Fa "CMS_ContentInfo *cms" -.Fa "unsigned char *symmetric_key" -.Fa "size_t keylen" -.Fa "const unsigned char *id" -.Fa "size_t idlen" -.Fc -.Sh DESCRIPTION -.Fn CMS_decrypt -extracts and decrypts the content from the CMS -.Vt EnvelopedData -structure -.Fa cms -using the -.Fa private_key -and the -.Fa certificate -of the recipient. -It writes the decrypted content to -.Fa out . -.Pp -In the rare case where the compressed content is detached, pass it in via -.Fa dcont . -For normal use, set -.Fa dcont -to -.Dv NULL . -.Pp -Although the recipient's -.Fa certificate -is not needed to decrypt the data, it is needed to locate the -appropriate (of possibly several) recipients in the CMS structure. -.Pp -If the -.Fa certificate -is set to -.Dv NULL , -all possible recipients are tried. -This case however is problematic. -To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA -padding), all recipients are tried whether they succeed or not. -If no recipient succeeds, a random symmetric key is used to decrypt -the content: this will typically output garbage and may (but is not -guaranteed to) ultimately return a padding error only. -If -.Fn CMS_decrypt -just returned an error when all recipient encrypted keys failed to -decrypt, an attacker could use this in a timing attack. -If the special flag -.Dv CMS_DEBUG_DECRYPT -is set, the above behaviour is modified and an error -.Em is -returned if no recipient encrypted key can be decrypted -.Em without -generating a random content encryption key. -Applications should use this flag with extreme caution -especially in automated gateways as it can leave them open to attack. -.Pp -It is possible to determine the correct recipient key by other means -(for example by looking them up in a database) and setting them in the -.Fa cms -structure in advance using the CMS utility functions such as -.Fn CMS_decrypt_set1_pkey . -In this case both -.Fa certificate -and -.Fa private_key -should be set to -.Dv NULL -when calling -.Fn CMS_decrypt -later on. -.Pp -To process -.Vt KEKRecipientInfo -types, -.Fn CMS_decrypt_set1_key -or -.Xr CMS_RecipientInfo_set0_key 3 -and -.Xr CMS_RecipientInfo_decrypt 3 -should be called before -.Fn CMS_decrypt -and -.Fa certificate -and -.Fa private_key -set to -.Dv NULL -when calling -.Fn CMS_decrypt -later on. -.Pp -If the -.Dv CMS_TEXT -bit is set in -.Fa flags , -MIME headers for type text/plain are deleted from the content. -If the content is not of type text/plain, an error occurs. -.Sh RETURN VALUES -.Fn CMS_decrypt , -.Fn CMS_decrypt_set1_pkey , -and -.Fn CMS_decrypt_set1_key -return 1 for success or 0 for failure. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_encrypt 3 , -.Xr CMS_get0_RecipientInfos 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax (CMS) -.Bl -dash -compact -offset indent -.It -section 6.1: EnvelopedData Type -.It -section 6.2.3: KEKRecipientInfo Type -.El -.Sh HISTORY -.Fn CMS_decrypt , -.Fn CMS_decrypt_set1_pkey , -and -.Fn CMS_decrypt_set1_key -first appeared in OpenSSL 0.9.8h -and have been available since -.Ox 6.7 . -.Sh BUGS -The lack of single pass processing and the need to hold all data in -memory as mentioned in -.Xr CMS_verify 3 -also applies to -.Fn CMS_decrypt . diff --git a/src/lib/libcrypto/man/CMS_encrypt.3 b/src/lib/libcrypto/man/CMS_encrypt.3 deleted file mode 100644 index 03d8b4edbb..0000000000 --- a/src/lib/libcrypto/man/CMS_encrypt.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" $OpenBSD: CMS_encrypt.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_ENCRYPT 3 -.Os -.Sh NAME -.Nm CMS_encrypt -.Nd create a CMS EnvelopedData structure -.Sh SYNOPSIS -.In openssl/cms.h -.Ft CMS_ContentInfo * -.Fo CMS_encrypt -.Fa "STACK_OF(X509) *certificates" -.Fa "BIO *in" -.Fa "const EVP_CIPHER *cipher" -.Fa "unsigned int flags" -.Fc -.Sh DESCRIPTION -.Fn CMS_encrypt -creates a CMS -.Vt EnvelopedData -structure, encrypting the content provided by -.Fa in . -.Pp -The recipient -.Fa certificates -are added as -.Vt KeyTransRecipientInfo -structures by calling the function -.Xr CMS_add1_recipient_cert 3 -internally. -Only certificates carrying RSA, Diffie-Hellman or EC keys are supported -by this function. -The -.Fa certificates -argument can be set to -.Dv NULL -if the -.Dv CMS_PARTIAL -flag is set and recipients are added later using -.Xr CMS_add1_recipient_cert 3 -or -.Xr CMS_add0_recipient_key 3 . -.Pp -.Fa cipher -is the symmetric cipher to use. -It must support ASN.1 encoding of its parameters. -.Xr EVP_des_ede3_cbc 3 -(triple DES) is the algorithm of choice for S/MIME use because most -clients support it. -.Pp -Many browsers implement a "sign and encrypt" option which is simply an -S/MIME -.Vt EnvelopedData -containing an S/MIME signed message. -This can be readily produced by storing the S/MIME signed message in a -memory BIO and passing it to -.Fn CMS_encrypt . -.Pp -The following flags can be passed in the -.Fa flags -parameter: -.Bl -tag -width Ds -.It Dv CMS_TEXT -MIME headers for type text/plain are prepended to the data. -.It Dv CMS_BINARY -Do not translate the supplied content into MIME canonical format -even though that is required by the S/MIME specifications. -This option should be used if the supplied data is in binary format. -Otherwise, the translation will corrupt it. -If -.Dv CMS_BINARY -is set, then -.Dv CMS_TEXT -is ignored. -.It Dv CMS_USE_KEYID -Use the subject key identifier value to identify recipient certificates. -An error occurs if all recipient certificates do not have a subject key -identifier extension. -By default, issuer name and serial number are used instead. -.It Dv CMS_STREAM -Return a partial -.Vt CMS_ContentInfo -structure suitable for streaming I/O: no data is read from the BIO -.Fa in . -Several functions including -.Xr SMIME_write_CMS 3 , -.Xr i2d_CMS_bio_stream 3 , -or -.Xr PEM_write_bio_CMS_stream 3 -can be used to finalize the structure. -Alternatively, finalization can be performed by obtaining the streaming -ASN1 -.Vt BIO -directly using -.Xr BIO_new_CMS 3 . -Outputting the content of the returned -.Vt CMS_ContentInfo -structure via a function that does not properly finalize it -will give unpredictable results. -.It Dv CMS_PARTIAL -Return a partial -.Vt CMS_ContentInfo -structure to which additional recipients and attributes can -be added before finalization. -.It Dv CMS_DETACHED -Omit the data being encrypted from the -.Vt CMS_ContentInfo -structure. -This is rarely used in practice and is not supported by -.Xr SMIME_write_CMS 3 . -.El -.Sh RETURN VALUES -.Fn CMS_encrypt -returns either a -.Vt CMS_ContentInfo -structure or -.Dv NULL -if an error occurred. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_add0_cert 3 , -.Xr CMS_add1_recipient_cert 3 , -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_decrypt 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax (CMS) -.Bl -dash -compact -offset indent -.It -section 6.1: EnvelopedData Type -.It -section 6.2.1: KeyTransRecipientInfo Type -.El -.Sh HISTORY -.Fn CMS_encrypt -first appeared in OpenSSL 0.9.8h -and has been available since -.Ox 6.7 . -.Pp -The -.Dv CMS_STREAM -flag first appeared in OpenSSL 1.0.0. diff --git a/src/lib/libcrypto/man/CMS_final.3 b/src/lib/libcrypto/man/CMS_final.3 deleted file mode 100644 index 4ca8945923..0000000000 --- a/src/lib/libcrypto/man/CMS_final.3 +++ /dev/null @@ -1,101 +0,0 @@ -.\" $OpenBSD: CMS_final.3,v 1.6 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL 25ccb589 Jul 1 02:02:06 2019 +0800 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_FINAL 3 -.Os -.Sh NAME -.Nm CMS_final -.Nd finalise a CMS_ContentInfo structure -.Sh SYNOPSIS -.In openssl/cms.h -.Ft int -.Fo CMS_final -.Fa "CMS_ContentInfo *cms" -.Fa "BIO *data" -.Fa "BIO *dcont" -.Fa "unsigned int flags" -.Fc -.Sh DESCRIPTION -.Fn CMS_final -finalises the structure -.Fa cms . -Its purpose is to perform any operations necessary on -.Fa cms -(digest computation for example) and set the appropriate fields. -The parameter -.Fa data -contains the content to be processed. -The -.Fa dcont -parameter contains a -.Vt BIO -to write content to after processing: this is -only used with detached data and will usually be set to -.Dv NULL . -.Pp -This function will normally be called when the -.Dv CMS_PARTIAL -flag is used. -It should only be used when streaming is not performed because the -streaming I/O functions perform finalisation operations internally. -.Sh RETURN VALUES -.Fn CMS_final -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_encrypt 3 , -.Xr CMS_sign 3 , -.Xr ERR_get_error 3 -.Sh HISTORY -.Fn CMS_final -first appeared in OpenSSL 0.9.8h -and has been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 deleted file mode 100644 index e431b2cb36..0000000000 --- a/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 +++ /dev/null @@ -1,328 +0,0 @@ -.\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_GET0_RECIPIENTINFOS 3 -.Os -.Sh NAME -.Nm CMS_get0_RecipientInfos , -.Nm CMS_RecipientInfo_type , -.Nm CMS_RecipientInfo_ktri_get0_signer_id , -.Nm CMS_RecipientInfo_ktri_cert_cmp , -.Nm CMS_RecipientInfo_set0_pkey , -.Nm CMS_RecipientInfo_kekri_get0_id , -.Nm CMS_RecipientInfo_kekri_id_cmp , -.Nm CMS_RecipientInfo_set0_key , -.Nm CMS_RecipientInfo_decrypt , -.Nm CMS_RecipientInfo_encrypt -.Nd CMS EnvelopedData RecipientInfo routines -.Sh SYNOPSIS -.In openssl/cms.h -.Ft STACK_OF(CMS_RecipientInfo) * -.Fo CMS_get0_RecipientInfos -.Fa "CMS_ContentInfo *cms" -.Fc -.Ft int -.Fo CMS_RecipientInfo_type -.Fa "CMS_RecipientInfo *ri" -.Fc -.Ft int -.Fo CMS_RecipientInfo_ktri_get0_signer_id -.Fa "CMS_RecipientInfo *ri" -.Fa "ASN1_OCTET_STRING **keyid" -.Fa "X509_NAME **issuer" -.Fa "ASN1_INTEGER **sno" -.Fc -.Ft int -.Fo CMS_RecipientInfo_ktri_cert_cmp -.Fa "CMS_RecipientInfo *ri" -.Fa "X509 *certificate" -.Fc -.Ft int -.Fo CMS_RecipientInfo_set0_pkey -.Fa "CMS_RecipientInfo *ri" -.Fa "EVP_PKEY *pkey" -.Fc -.Ft int -.Fo CMS_RecipientInfo_kekri_get0_id -.Fa "CMS_RecipientInfo *ri" -.Fa "X509_ALGOR **palg" -.Fa "ASN1_OCTET_STRING **pid" -.Fa "ASN1_GENERALIZEDTIME **pdate" -.Fa "ASN1_OBJECT **potherid" -.Fa "ASN1_TYPE **pothertype" -.Fc -.Ft int -.Fo CMS_RecipientInfo_kekri_id_cmp -.Fa "CMS_RecipientInfo *ri" -.Fa "const unsigned char *id" -.Fa "size_t idlen" -.Fc -.Ft int -.Fo CMS_RecipientInfo_set0_key -.Fa "CMS_RecipientInfo *ri" -.Fa "unsigned char *key" -.Fa "size_t keylen" -.Fc -.Ft int -.Fo CMS_RecipientInfo_decrypt -.Fa "CMS_ContentInfo *cms" -.Fa "CMS_RecipientInfo *ri" -.Fc -.Ft int -.Fo CMS_RecipientInfo_encrypt -.Fa "CMS_ContentInfo *cms" -.Fa "CMS_RecipientInfo *ri" -.Fc -.Sh DESCRIPTION -.Fn CMS_get0_RecipientInfos -returns all the -.Vt RecipientInfo -structures associated with the -.Vt EnvelopedData -structure -.Fa cms . -.Pp -.Fn CMS_RecipientInfo_type -returns the type of -.Fa ri : -.Bl -column CMS_RECIPINFO_TRANS for -compact -.It Dv CMS_RECIPINFO_TRANS Ta for Ta Vt KeyTransRecipientInfo , -.It Dv CMS_RECIPINFO_AGREE Ta for Ta Vt KeyAgreeRecipientInfo , -.It Dv CMS_RECIPINFO_KEK Ta for Ta Vt KEKRecipientInfo , -.It Dv CMS_RECIPINFO_PASS Ta for Ta Vt PasswordRecipientinfo , No or -.It Dv CMS_RECIPINFO_OTHER Ta for Ta Vt OtherRecipientInfo . -.El -.Pp -.Fn CMS_RecipientInfo_ktri_get0_signer_id -retrieves the certificate -.Vt RecipientIdentifier -associated with the -.Vt KeyTransRecipientInfo -structure -.Fa ri . -Either the -.Vt SubjectKeyIdentifier -will be set in -.Fa keyid -or both issuer name and serial number in -.Fa issuer -and -.Fa sno . -.Pp -.Fn CMS_RecipientInfo_ktri_cert_cmp -compares the -.Fa certificate -against the -.Vt KeyTransRecipientInfo -structure -.Fa ri . -.Pp -.Fn CMS_RecipientInfo_set0_pkey -associates the private key -.Fa pkey -with the -.Vt KeyTransRecipientInfo -structure -.Fa ri . -.Pp -.Fn CMS_RecipientInfo_kekri_get0_id -retrieves the key information from the -.Vt KEKRecipientInfo -structure -.Fa ri . -Fields are copied out as follows: -.Bl -column keyEncryptionAlgorithm to -compact -.It Fa keyEncryptionAlgorithm Ta to Ta Pf * Fa palg , -.It Fa keyIdentifier Ta to Ta Pf * Fa pid , -.It Fa date Ta to Ta Pf * Fa pdate Pq optional , -.It Fa other.keyAttrId Ta to Ta Pf * Fa potherid Pq optional , -.It Fa other.keyAttr Ta to Ta Pf * Fa pothertype Pq optional . -.El -Where a field is optional and absent, -.Dv NULL -is written to the corresponding parameter. -Parameters the application is not interested in can be set to -.Dv NULL . -.Pp -.Fn CMS_RecipientInfo_kekri_id_cmp -compares the identifier in the -.Fa id -and -.Fa idlen -parameters against the -.Fa keyIdentifier -field of the -.Vt KEKRecipientInfo -structure -.Fa ri . -.Pp -.Fn CMS_RecipientInfo_set0_key -associates the symmetric -.Fa key -of length -.Fa keylen -with the -.Vt KEKRecipientInfo -structure -.Fa ri . -.Pp -.Fn CMS_RecipientInfo_decrypt -attempts to decrypt the -.Vt RecipientInfo -structure -.Fa ri -in -.Fa cms . -A key must have been associated with -.Fa ri -first. -.Pp -.Fn CMS_RecipientInfo_encrypt -attempts to encrypt the -.Vt RecipientInfo -structure -.Fa ri -in -.Fa cms . -A key must have been associated with -.Fa ri -first and the content encryption key must be available, -for example by a previous call to -.Fn CMS_RecipientInfo_decrypt . -.Pp -The main purpose of these functions is to enable an application to -lookup recipient keys using any appropriate technique when the simpler -method of -.Xr CMS_decrypt 3 -is not appropriate. -.Pp -In typical usage, an application retrieves all -.Vt CMS_RecipientInfo -structures using -.Fn CMS_get0_RecipientInfos -and checks the type of each using -.Fn CMS_RecipientInfo_type . -Depending on the type, the -.Vt CMS_RecipientInfo -structure can be ignored or its key identifier data retrieved using -an appropriate function. -If the corresponding secret or private key can be obtained by any -appropriate means it can then be associated with the structure and -.Fn CMS_RecipientInfo_decrypt -called. -If successful, -.Xr CMS_decrypt 3 -can be called with a -.Dv NULL -key to decrypt the enveloped content. -.Pp -The function -.Fn CMS_RecipientInfo_encrypt -can be used to add a new recipient to an existing enveloped data -structure. -Typically an application will first decrypt an appropriate -.Vt CMS_RecipientInfo -structure to make the content encrypt key available. -It will then add a new recipient using a function such as -.Xr CMS_add1_recipient_cert 3 -and finally encrypt the content encryption key using -.Fn CMS_RecipientInfo_encrypt . -.Sh RETURN VALUES -.Fn CMS_get0_RecipientInfos -returns an internal pointer to all the -.Vt CMS_RecipientInfo -structures, or -.Dv NULL -if an error occurs. -.Pp -.Fn CMS_RecipientInfo_type -returns an integer constant. -.Pp -.Fn CMS_RecipientInfo_ktri_get0_signer_id , -.Fn CMS_RecipientInfo_set0_pkey , -.Fn CMS_RecipientInfo_kekri_get0_id , -.Fn CMS_RecipientInfo_set0_key , -.Fn CMS_RecipientInfo_decrypt , -and -.Fn CMS_RecipientInfo_encrypt -return 1 for success or 0 if an error occurs. -.Pp -.Fn CMS_RecipientInfo_ktri_cert_cmp -and -.Fn CMS_RecipientInfo_kekri_id_cmp -return 0 when -.Fa ri -matches or non-zero otherwise. -.Pp -Any error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_decrypt 3 -.Sh STANDARDS -RFC 5652 Cryptographic Message Syntax (CMS): -.Bl -dash -compact -offset indent -.It -section 6.1: EnvelopedData Type -.It -section 6.2: RecipientInfo Type -.It -section 6.2.1: KeyTransRecipientInfo Type -.It -section 6.2.3: KEKRecipientInfo Type -.El -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.8h, -except that -.Fn CMS_RecipientInfo_encrypt -first appeared in OpenSSL 1.0.2. -They have been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/src/lib/libcrypto/man/CMS_get0_SignerInfos.3 deleted file mode 100644 index faf20c49d2..0000000000 --- a/src/lib/libcrypto/man/CMS_get0_SignerInfos.3 +++ /dev/null @@ -1,192 +0,0 @@ -.\" $OpenBSD: CMS_get0_SignerInfos.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_GET0_SIGNERINFOS 3 -.Os -.Sh NAME -.Nm CMS_get0_SignerInfos , -.Nm CMS_SignerInfo_get0_signer_id , -.Nm CMS_SignerInfo_get0_signature , -.Nm CMS_SignerInfo_cert_cmp , -.Nm CMS_SignerInfo_set1_signer_cert -.Nd CMS SignedData signer functions -.Sh SYNOPSIS -.In openssl/cms.h -.Ft STACK_OF(CMS_SignerInfo) * -.Fo CMS_get0_SignerInfos -.Fa "CMS_ContentInfo *cms" -.Fc -.Ft int -.Fo CMS_SignerInfo_get0_signer_id -.Fa "CMS_SignerInfo *si" -.Fa "ASN1_OCTET_STRING **keyid" -.Fa "X509_NAME **issuer" -.Fa "ASN1_INTEGER **sno" -.Fc -.Ft ASN1_OCTET_STRING * -.Fo CMS_SignerInfo_get0_signature -.Fa "CMS_SignerInfo *si" -.Fc -.Ft int -.Fo CMS_SignerInfo_cert_cmp -.Fa "CMS_SignerInfo *si" -.Fa "X509 *certificate" -.Fc -.Ft void -.Fo CMS_SignerInfo_set1_signer_cert -.Fa "CMS_SignerInfo *si" -.Fa "X509 *signer" -.Fc -.Sh DESCRIPTION -.Fn CMS_get0_SignerInfos -returns all the -.Vt SignerInfo -structures associated with the -.Vt SignedData -structure -.Fa cms . -.Pp -.Fn CMS_SignerInfo_get0_signer_id -retrieves the certificate -.Vt SignerIdentifier -associated with the -.Vt SignerInfo -structure -.Fa si . -Either the -.Vt SubjectKeyIdentifier -will be set in -.Fa keyid -or both issuer name and serial number in -.Fa issuer -and -.Fa sno . -.Pp -.Fn CMS_SignerInfo_get0_signature -retrieves the -.Fa signature -field of -.Fa si . -The application program is allowed to modify the data pointed to. -.Pp -.Fn CMS_SignerInfo_cert_cmp -compares the -.Fa certificate -against the signer identifier of -.Fa si . -.Pp -.Fn CMS_SignerInfo_set1_signer_cert -sets the signer certificate of -.Fa si -to -.Fa signer . -.Pp -The main purpose of these functions is to enable an application to -look up signer certificates using any appropriate technique when the -simpler method of -.Xr CMS_verify 3 -is not appropriate. -.Pp -In typical usage, an application retrieves all -.Vt CMS_SignerInfo -structures using -.Fn CMS_get0_SignerInfos -and retrieves the identifier information using CMS. -It will then obtain the signer certificate by some unspecified means -(or return and error if it cannot be found) and set it using -.Fn CMS_SignerInfo_set1_signer_cert . -Once all signer certificates have been set, -.Xr CMS_verify 3 -can be used. -.Sh RETURN VALUES -.Fn CMS_get0_SignerInfos -returns an internal pointer to all the -.Vt CMS_SignerInfo -structures, or -.Dv NULL -if there are no signers or if -.Fa cms -is not of the type -.Vt SignedData . -.Pp -.Fn CMS_SignerInfo_get0_signer_id -returns 1 for success or 0 for failure. -.Pp -.Fn CMS_SignerInfo_get0_signature -returns an internal pointer to the signature. -.Pp -.Fn CMS_SignerInfo_cert_cmp -returns 0 for a match or non-zero otherwise. -.Pp -Any error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_verify 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax (CMS) -.Bl -dash -compact -offset indent -.It -section 5.1: SignedData Type -.It -section 5.3: SignerInfo Type -.El -.Sh HISTORY -.Fn CMS_get0_SignerInfos , -.Fn CMS_SignerInfo_get0_signer_id , -.Fn CMS_SignerInfo_cert_cmp , -and -.Fn CMS_SignerInfo_set1_signer_cert -first appeared in OpenSSL 0.9.8h and -.Fn CMS_SignerInfo_get0_signature -in OpenSSL 1.0.2. -These functions have been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CMS_get0_type.3 b/src/lib/libcrypto/man/CMS_get0_type.3 deleted file mode 100644 index 45ed3167b5..0000000000 --- a/src/lib/libcrypto/man/CMS_get0_type.3 +++ /dev/null @@ -1,198 +0,0 @@ -.\" $OpenBSD: CMS_get0_type.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_GET0_TYPE 3 -.Os -.Sh NAME -.Nm CMS_get0_type , -.Nm CMS_set1_eContentType , -.Nm CMS_get0_eContentType , -.Nm CMS_get0_content -.Nd get and set CMS content types and content -.Sh SYNOPSIS -.In openssl/cms.h -.Ft const ASN1_OBJECT * -.Fo CMS_get0_type -.Fa "const CMS_ContentInfo *cms" -.Fc -.Ft int -.Fo CMS_set1_eContentType -.Fa "CMS_ContentInfo *cms" -.Fa "const ASN1_OBJECT *oid" -.Fc -.Ft const ASN1_OBJECT * -.Fo CMS_get0_eContentType -.Fa "CMS_ContentInfo *cms" -.Fc -.Ft ASN1_OCTET_STRING ** -.Fo CMS_get0_content -.Fa "CMS_ContentInfo *cms" -.Fc -.Sh DESCRIPTION -.Fn CMS_get0_type -returns the content type of the -.Vt ContentInfo -structure -.Fa cms . -The -.Vt ASN1_OBJECT -value returned can be converted to an integer NID value using -.Xr OBJ_obj2nid 3 . -The following content types are identified by the following NIDs: -.Pp -.Bl -column AuthenticatedData NID_id_smime_ct_compressedData -compact -.It Vt SignedData Ta Dv NID_pkcs7_signed -.It Vt EnvelopedData Ta Dv NID_pkcs7_enveloped -.It Vt DigestedData Ta Dv NID_pkcs7_digest -.It Vt EncryptedData Ta Dv NID_pkcs7_encrypted -.It Vt AuthenticatedData Ta Dv NID_id_smime_ct_authData -.It Vt CompressedData Ta Dv NID_id_smime_ct_compressedData -.It arbitrary data Ta Dv NID_pkcs7_data -.El -.Pp -The -.Vt SignedData , -.Vt DigestedData , -.Vt AuthenticatedData , -and -.Vt CompressedData -types contain a field -.Fa encapContentInfo -to allow embedding content, and -.Vt EnvelopedData -and -.Vt EncryptedData -contain a field -.Fa encryptedContentInfo -for that purpose. -The type of the embedded content to be stored in that field can be -set with the function -.Fn CMS_set1_eContentType , -to be called on -.Fa cms -structures returned from functions such as -.Xr CMS_sign 3 -or -.Xr CMS_encrypt 3 -with the -.Dv CMS_PARTIAL -flag set and -.Em before -the structure is finalised; otherwise the results are undefined. -.Fn CMS_set1_eContentType -copies the supplied -.Fa oid , -so it should be freed up after use. -.Pp -.Fn CMS_get0_eContentType -returns the type of the embedded content. -.Pp -.Fn CMS_get0_content -returns a pointer to the storage location where the pointer to the -embedded content is stored. -That means that for example after -.Pp -.Dl ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); -.Pp -.Pf * Va pconf -could be -.Dv NULL -if there is no embedded content. -Applications can access, modify or create the embedded content in a -.Vt CMS_ContentInfo -structure using this function. -Applications usually will not need to modify the embedded content as it -is normally set by higher level functions. -.Sh RETURN VALUES -.Fn CMS_get0_type -and -.Fn CMS_get0_eContentType -return internal pointers to -.Vt OBJECT IDENTIFIER -structures. -.Pp -.Fn CMS_get0_content -returns an internal pointer to the storage location where the pointer -to the embedded content is stored. -.Pp -.Fn CMS_set1_eContentType -returns 1 for success or 0 if an error occurred. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr d2i_CMS_ContentInfo 3 , -.Xr SMIME_read_CMS 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax -.Pp -RFC 3274: Compressed Data Content Type for Cryptographic Message Syntax (CMS) -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.8h -and have been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/src/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 deleted file mode 100644 index 9feedd13a2..0000000000 --- a/src/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 +++ /dev/null @@ -1,198 +0,0 @@ -.\" $OpenBSD: CMS_get1_ReceiptRequest.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_GET1_RECEIPTREQUEST 3 -.Os -.Sh NAME -.Nm CMS_ReceiptRequest_create0 , -.Nm CMS_add1_ReceiptRequest , -.Nm CMS_get1_ReceiptRequest , -.Nm CMS_ReceiptRequest_get0_values -.Nd CMS signed receipt request functions -.Sh SYNOPSIS -.In openssl/cms.h -.Ft CMS_ReceiptRequest * -.Fo CMS_ReceiptRequest_create0 -.Fa "unsigned char *id" -.Fa "int idlen" -.Fa "int allorfirst" -.Fa "STACK_OF(GENERAL_NAMES) *receiptList" -.Fa "STACK_OF(GENERAL_NAMES) *receiptsTo" -.Fc -.Ft int -.Fo CMS_add1_ReceiptRequest -.Fa "CMS_SignerInfo *si" -.Fa "CMS_ReceiptRequest *rr" -.Fc -.Ft int -.Fo CMS_get1_ReceiptRequest -.Fa "CMS_SignerInfo *si" -.Fa "CMS_ReceiptRequest **prr" -.Fc -.Ft void -.Fo CMS_ReceiptRequest_get0_values -.Fa "CMS_ReceiptRequest *rr" -.Fa "ASN1_STRING **pcid" -.Fa "int *pallorfirst" -.Fa "STACK_OF(GENERAL_NAMES) **plist" -.Fa "STACK_OF(GENERAL_NAMES) **prto" -.Fc -.Sh DESCRIPTION -.Fn CMS_ReceiptRequest_create0 -creates a new -.Vt ReceiptRequest -structure. -The -.Fa signedContentIdentifier -field is set using -.Fa id -and -.Fa idlen , -or it is set to 32 bytes of pseudo random data if -.Fa id -is -.Dv NULL . -If -.Fa receiptList -is -.Dv NULL , -the -.Fa allOrFirstTier -option in the -.Fa receiptsFrom -field is set to the value of the -.Fa allorfirst -argument. -If -.Fa receiptList -is not -.Dv NULL , -the -.Fa receiptList -option in the -.Fa receiptsFrom -field is used. -The -.Fa receiptsTo -argument specifies the value of the -.Fa receiptsTo -field. -.Pp -.Fn CMS_add1_ReceiptRequest -adds a BER-encoded copy of -.Fa rr -to -.Fa si . -.Pp -.Fn CMS_get1_ReceiptRequest -looks for a signed receipt request in -.Fa si . -If any is found, it is decoded and written to -.Fa prr . -.Pp -.Fn CMS_ReceiptRequest_get0_values -retrieves the values of a receipt request. -The -.Fa signedContentIdentifier -is copied to -.Fa pcid . -If the -.Fa allOrFirstTier -option is used in the -.Fa receiptsFrom -field, its value is copied to -.Fa pallorfirst ; -otherwise the -.Fa receiptList -field is copied to -.Fa plist . -The -.Fa receiptsTo -field is copied to -.Fa prto . -.Pp -The contents of a signed receipt should only be considered meaningful if -the corresponding -.Vt CMS_ContentInfo -structure can be successfully verified using -.Xr CMS_verify 3 . -.Sh RETURN VALUES -.Fn CMS_ReceiptRequest_create0 -returns the new signed receipt request structure or -.Dv NULL -if an error occurred. -.Pp -.Fn CMS_add1_ReceiptRequest -returns 1 for success or 0 if an error occurred. -.Pp -.Fn CMS_get1_ReceiptRequest -returns 1 is a signed receipt request is found and decoded. -It returns 0 if a signed receipt request is not present or -1 if it is -present but malformed. -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_sign 3 , -.Xr CMS_sign_receipt 3 , -.Xr CMS_verify 3 , -.Xr CMS_verify_receipt 3 , -.Xr ERR_get_error 3 -.Sh STANDARDS -RFC 2634: Enhanced Security Services for S/MIME, -section 2.7: Receipt Request Syntax -.Sh HISTORY -.Fn CMS_ReceiptRequest_create0 , -.Fn CMS_add1_ReceiptRequest , -.Fn CMS_get1_ReceiptRequest , -and -.Fn CMS_ReceiptRequest_get0_values -first appeared in OpenSSL 0.9.8h -and have been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CMS_sign.3 b/src/lib/libcrypto/man/CMS_sign.3 deleted file mode 100644 index 64461959dd..0000000000 --- a/src/lib/libcrypto/man/CMS_sign.3 +++ /dev/null @@ -1,243 +0,0 @@ -.\" $OpenBSD: CMS_sign.3,v 1.9 2020/06/24 18:15:00 jmc Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt CMS_SIGN 3 -.Os -.Sh NAME -.Nm CMS_sign -.Nd create a CMS SignedData structure -.Sh SYNOPSIS -.In openssl/cms.h -.Ft CMS_ContentInfo * -.Fo CMS_sign -.Fa "X509 *signcert" -.Fa "EVP_PKEY *pkey" -.Fa "STACK_OF(X509) *certs" -.Fa "BIO *data" -.Fa "unsigned int flags" -.Fc -.Sh DESCRIPTION -.Fn CMS_sign -creates and returns a CMS -.Vt SignedData -structure. -.Fa signcert -is the certificate to sign with, -.Fa pkey -is the corresponding private key. -.Fa certs -is an optional additional set of certificates to include in the CMS -structure (for example any intermediate CAs in the chain). -Any or all of these parameters can be -.Dv NULL . -.Pp -The data to be signed is read from -.Fa data . -.Pp -Any of the following flags (OR'ed together) can be passed in the -.Fa flags -argument: -.Bl -tag -width Ds -.It Dv CMS_TEXT -Prepend MIME headers for the type text/plain to the data. -Many S/MIME clients expect the signed content to include valid MIME -headers. -.It Dv CMS_NOCERTS -Do not include the signer's certificate in the -.Vt CMS_ContentInfo -structure. -The signer's certificate must still be supplied in the -.Fa signcert -parameter though. -This can reduce the size of the signature if the signer's certificate can -be obtained by other means, for example from a previously signed message. -.It Dv CMS_DETACHED -Omit the data being signed from the -.Vt CMS_ContentInfo -structure. -This is used for -.Vt CMS_ContentInfo -detached signatures which are used in S/MIME plaintext signed messages -for example. -.It Dv CMS_BINARY -Do not translate the supplied content into MIME canonical format -even though that is required by the S/MIME specifications. -This option should be used if the supplied data is in binary format. -Otherwise the translation will corrupt it. -.It Dv CMS_NOATTR -Do not add any -.Vt SignedAttributes . -By default, the -.Fa signerInfos -field includes several CMS -.Vt SignedAttributes -including the signing time, the CMS content type, -and the supported list of ciphers in an -.Vt SMIMECapabilities -attribute. -.It Dv CMS_NOSMIMECAP -Omit just the -.Vt SMIMECapabilities . -If present, the SMIMECapabilities attribute indicates support for the -following algorithms in preference order: 256-bit AES, Gost R3411-94, -Gost 28147-89, 192-bit AES, 128-bit AES, triple DES, 128-bit RC2, 64-bit -RC2, DES and 40-bit RC2. -If any of these algorithms is not available, then it will not be -included. -.It Dv CMS_USE_KEYID -Use the subject key identifier value to identify signing certificates. -An error occurs if the signing certificate does not have a subject key -identifier extension. -By default, issuer name and serial number are used instead. -.It Dv CMS_STREAM -Only initialize the returned -.Vt CMS_ContentInfo -structure to prepare it for performing the signing operation. -The signing is however -.Em not -performed and the data to be signed is not read from the -.Fa data -parameter. -Signing is deferred until after the data has been written. -In this way, data can be signed in a single pass. -The returned -.Vt CMS_ContentInfo -structure is -.Em not -complete and outputting its contents via a function that does not -properly finalize the -.Vt CMS_ContentInfo -structure will give unpredictable results. -Several functions including -.Xr SMIME_write_CMS 3 , -.Xr i2d_CMS_bio_stream 3 , -or -.Xr PEM_write_bio_CMS_stream 3 -finalize the structure. -Alternatively, finalization can be performed by obtaining the streaming -ASN1 -.Vt BIO -directly using -.Xr BIO_new_CMS 3 . -.It Dv CMS_PARTIAL -Output a partial -.Vt CMS_ContentInfo -structure to which additional signers and capabilities can be -added before finalization. -.El -.Pp -If a signer is specified, it will use the default digest for the signing -algorithm. -This is SHA1 for both RSA and DSA keys. -.Pp -If -.Fa signcert -and -.Fa pkey -are -.Dv NULL , -then a certificates only CMS structure is output. -.Pp -The function -.Fn CMS_sign -is a basic CMS signing function whose output will be suitable for many -purposes. -For finer control of the output format the -.Fa certs , -.Fa signcert -and -.Fa pkey -parameters can all be -.Dv NULL -and the -.Dv CMS_PARTIAL -flag set. -Then one or more signers can be added using the function -.Xr CMS_add1_signer 3 , -non default digests can be used and custom attributes added. -.Xr CMS_final 3 -must then be called to finalize the structure if streaming is not -enabled. -.Sh RETURN VALUES -.Fn CMS_sign -returns either a valid -.Vt CMS_ContentInfo -structure or -.Dv NULL -if an error occurred. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_add0_cert 3 , -.Xr CMS_add1_signer 3 , -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_final 3 , -.Xr CMS_sign_receipt 3 , -.Xr CMS_verify 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax (CMS) -.Bl -dash -compact -offset indent -.It -section 5.1: SignedData Type -.It -section 5.3: SignerInfo Type -.El -.Pp -RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME) -Version\ 4.0 Message Specification, -section 2.5.2: SMIMECapabilities Attribute -.Sh HISTORY -.Fn CMS_sign -first appeared in OpenSSL 0.9.8h -and has been available since -.Ox 6.7 . -.Sh BUGS -Some attributes such as counter signatures are not supported. diff --git a/src/lib/libcrypto/man/CMS_sign_receipt.3 b/src/lib/libcrypto/man/CMS_sign_receipt.3 deleted file mode 100644 index 6394957846..0000000000 --- a/src/lib/libcrypto/man/CMS_sign_receipt.3 +++ /dev/null @@ -1,119 +0,0 @@ -.\" $OpenBSD: CMS_sign_receipt.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_SIGN_RECEIPT 3 -.Os -.Sh NAME -.Nm CMS_sign_receipt -.Nd create a CMS signed receipt -.Sh SYNOPSIS -.In openssl/cms.h -.Ft CMS_ContentInfo * -.Fo CMS_sign_receipt -.Fa "CMS_SignerInfo *si" -.Fa "X509 *signcert" -.Fa "EVP_PKEY *pkey" -.Fa "STACK_OF(X509) *certs" -.Fa "unsigned int flags" -.Fc -.Sh DESCRIPTION -.Fn CMS_sign_receipt -creates a new CMS -.Vt SignedData -structure containing a signed -.Vt Receipt -as its embedded content. -.Fa si -is the -.Vt SignerInfo -structure containing the signed receipt request. -.Fa signcert -is the certificate to sign with, -.Fa pkey -is the corresponding private key. -.Fa certs -is an optional additional set of certificates to include in the CMS -structure (for example any intermediate CAs in the chain). -.Pp -This functions behaves in a similar way to -.Xr CMS_sign 3 -except that the -.Fa flags -values -.Dv CMS_DETACHED , -.Dv CMS_BINARY , -.Dv CMS_NOATTR , -.Dv CMS_TEXT , -and -.Dv CMS_STREAM -are not supported since they do not make sense in the context of -signed receipts. -.Sh RETURN VALUES -.Fn CMS_sign_receipt -returns either a valid -.Vt CMS_ContentInfo -structure or -.Dv NULL -if an error occurred. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_get1_ReceiptRequest 3 , -.Xr CMS_sign 3 , -.Xr CMS_verify_receipt 3 -.Sh STANDARDS -RFC 2634: Enhanced Security Services for S/MIME, section 2.8: Receipt Syntax -.Sh HISTORY -.Fn CMS_sign_receipt -first appeared in OpenSSL 0.9.8h -and has been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CMS_uncompress.3 b/src/lib/libcrypto/man/CMS_uncompress.3 deleted file mode 100644 index ed2172521e..0000000000 --- a/src/lib/libcrypto/man/CMS_uncompress.3 +++ /dev/null @@ -1,115 +0,0 @@ -.\" $OpenBSD: CMS_uncompress.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_UNCOMPRESS 3 -.Os -.Sh NAME -.Nm CMS_uncompress -.Nd uncompress a CMS CompressedData structure -.Sh SYNOPSIS -.In openssl/cms.h -.Ft int -.Fo CMS_uncompress -.Fa "CMS_ContentInfo *cms" -.Fa "BIO *dcont" -.Fa "BIO *out" -.Fa "unsigned int flags" -.Fc -.Sh DESCRIPTION -.Fn CMS_uncompress -extracts and uncompresses the content of a CMS -.Vt CompressedData -structure -.Fa cms -and writes it to -.Fa out . -.Pp -In the rare case where the compressed content is detached, -pass it in via -.Fa dcont . -For normal use, set -.Fa dcont -to -.Dv NULL . -.Pp -The only currently supported compression algorithm is zlib: if the -structure indicates the use of any other algorithm, an error is returned. -If zlib support is not compiled in, -.Fn CMS_uncompress -always returns an error. -.Pp -If the -.Dv CMS_TEXT -bit is set in -.Fa flags , -MIME headers for type text/plain are deleted from the content. -If the content is not of type text/plain, an error is returned. -.Sh RETURN VALUES -.Fn CMS_uncompress -returns 1 for success or 0 for failure. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_compress 3 , -.Xr CMS_ContentInfo_new 3 -.Sh STANDARDS -RFC 3274: Compressed Data Content Type for Cryptographic Message Syntax (CMS) -.Sh HISTORY -.Fn CMS_uncompress -first appeared in OpenSSL 0.9.8h -and has been available since -.Ox 6.7 . -.Sh BUGS -The lack of single pass processing and the need to hold all data in -memory as mentioned in -.Xr CMS_verify 3 -also applies to -.Fn CMS_uncompress . diff --git a/src/lib/libcrypto/man/CMS_verify.3 b/src/lib/libcrypto/man/CMS_verify.3 deleted file mode 100644 index 6bee927fbc..0000000000 --- a/src/lib/libcrypto/man/CMS_verify.3 +++ /dev/null @@ -1,223 +0,0 @@ -.\" $OpenBSD: CMS_verify.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_VERIFY 3 -.Os -.Sh NAME -.Nm CMS_verify , -.Nm CMS_get0_signers -.Nd verify a CMS SignedData structure -.Sh SYNOPSIS -.In openssl/cms.h -.Ft int -.Fo CMS_verify -.Fa "CMS_ContentInfo *cms" -.Fa "STACK_OF(X509) *certs" -.Fa "X509_STORE *store" -.Fa "BIO *indata" -.Fa "BIO *out" -.Fa "unsigned int flags" -.Fc -.Ft STACK_OF(X509) * -.Fo CMS_get0_signers -.Fa "CMS_ContentInfo *cms" -.Fc -.Sh DESCRIPTION -.Fn CMS_verify -verifies the CMS -.Vt SignedData -structure -.Fa cms . -.Fa certs -is a set of certificates in which to search for the signing -certificate(s). -.Fa store -is a trusted certificate store used for chain verification. -.Fa indata -is the detached content if the content is not present in -.Fa cms . -The content is written to -.Fa out -if it is not -.Dv NULL . -.Pp -.Fn CMS_get0_signers -retrieves the signing certificate(s) from -.Fa cms . -It must be called after a successful -.Fn CMS_verify -operation. -.Pp -Normally the verify process proceeds as follows. -.Pp -Initially some sanity checks are performed on -.Fa cms . -There must be at least one signature on the data. -If the content is detached, -.Fa indata -cannot be -.Dv NULL . -.Pp -An attempt is made to locate all the signing certificate(s), first -looking in the -.Fa certs -parameter (if it is not -.Dv NULL ) -and then looking in any certificates contained in the -.Fa cms -structure itself. -If any signing certificate cannot be located, the operation fails. -.Pp -Each signing certificate is chain verified using the -.Sy smimesign -purpose and the supplied trusted certificate -.Fa store . -Any internal certificates in the message are used as untrusted CAs. -If CRL checking is enabled in -.Fa store , -any internal CRLs are used in addition to attempting to look them up in -.Fa store . -If any chain verify fails, an error code is returned. -.Pp -Finally the signed content is read (and written to -.Fa out -if it is not -.Dv NULL ) -and the signature is checked. -.Pp -If all signatures verify correctly, then the function is successful. -.Pp -Any of the following -.Fa flags -(OR'ed together) can be passed to change the default verify behaviour: -.Bl -tag -width Ds -.It Dv CMS_NOINTERN -Do not use the certificates in the message itself when -locating the signing certificate(s). -This means that all the signing certificates must be in the -.Fa certs -parameter. -.It Dv CMS_NOCRL -If CRL checking is enabled in -.Fa store , -then any CRLs in the message itself are ignored. -.It Dv CMS_TEXT -MIME headers for type text/plain are deleted from the content. -If the content is not of type text/plain, an error is returned. -.It Dv CMS_NO_SIGNER_CERT_VERIFY -Do not verify signing certificates. -.It Dv CMS_NO_ATTR_VERIFY -Do not check the signed attributes signature. -.It Dv CMS_NO_CONTENT_VERIFY -Do not check the content digest. -.El -.Pp -One application of -.Dv CMS_NOINTERN -is to only accept messages signed by a small number of certificates. -The acceptable certificates would be passed in the -.Fa certs -parameter. -In this case, if the signer is not one of the certificates supplied in -.Fa certs , -then the verify will fail because the signer cannot be found. -.Pp -In some cases the standard techniques for looking up and validating -certificates are not appropriate: for example an application may wish to -lookup certificates in a database or perform customised verification. -This can be achieved by setting and verifying the signers certificates -manually using the signed data utility functions. -.Pp -Care should be taken when modifying the default verify behaviour, for -example setting -.Dv CMS_NO_CONTENT_VERIFY -will totally disable all content verification and any modified content -will be considered valid. -This combination is however useful if one merely wishes to write the -content to -.Fa out -and its validity is not considered important. -.Pp -Chain verification should arguably be performed using the signing time -rather than the current time. -However since the signing time is supplied by the signer it cannot be -trusted without additional evidence (such as a trusted timestamp). -.Sh RETURN VALUES -.Fn CMS_verify -returns 1 for a successful verification or 0 if an error occurred. -.Pp -.Fn CMS_get0_signers -returns all signers or -.Dv NULL -if an error occurred. -.Pp -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_get0_SignerInfos 3 , -.Xr CMS_sign 3 , -.Xr CMS_verify_receipt 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax (CMS), -section 5.1: SignedData Type -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.8h -and have been available since -.Ox 6.7 . -.Sh BUGS -The trusted certificate store is not searched for the signing certificate. -This is primarily due to the inadequacies of the current -.Vt X509_STORE -functionality. -.Pp -The lack of single pass processing means that the signed content must -all be held in memory if it is not detached. diff --git a/src/lib/libcrypto/man/CMS_verify_receipt.3 b/src/lib/libcrypto/man/CMS_verify_receipt.3 deleted file mode 100644 index ac50087a4c..0000000000 --- a/src/lib/libcrypto/man/CMS_verify_receipt.3 +++ /dev/null @@ -1,110 +0,0 @@ -.\" $OpenBSD: CMS_verify_receipt.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt CMS_VERIFY_RECEIPT 3 -.Os -.Sh NAME -.Nm CMS_verify_receipt -.Nd verify a CMS signed receipt -.Sh SYNOPSIS -.In openssl/cms.h -.Ft int -.Fo CMS_verify_receipt -.Fa "CMS_ContentInfo *rcms" -.Fa "CMS_ContentInfo *ocms" -.Fa "STACK_OF(X509) *certs" -.Fa "X509_STORE *store" -.Fa "unsigned int flags" -.Fc -.Sh DESCRIPTION -.Fn CMS_verify_receipt -verifies a CMS signed receipt. -.Fa rcms -is the signed receipt to verify. -.Fa ocms -is the original -.Vt SignedData -structure containing the receipt request. -.Fa certs -is a set of certificates in which to search for the signing certificate. -.Fa store -is a trusted certificate store (used for chain verification). -.Pp -This functions behaves in a similar way to -.Xr CMS_verify 3 -except that the -.Fa flags -values -.Dv CMS_DETACHED , -.Dv CMS_BINARY , -.Dv CMS_TEXT , -and -.Dv CMS_STREAM -are not supported since they do not make sense in the context of signed -receipts. -.Sh RETURN VALUES -.Fn CMS_verify_receipt -returns 1 for a successful verification or 0 if an error occurred. -.Pp -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_get1_ReceiptRequest 3 , -.Xr CMS_sign_receipt 3 , -.Xr CMS_verify 3 -.Sh STANDARDS -RFC 2634: Enhanced Security Services for S/MIME, section 2.8: Receipt Syntax -.Sh HISTORY -.Fn CMS_verify_receipt -first appeared in OpenSSL 0.9.8h -and has been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/CONF_modules_free.3 b/src/lib/libcrypto/man/CONF_modules_free.3 deleted file mode 100644 index be5f64d1e1..0000000000 --- a/src/lib/libcrypto/man/CONF_modules_free.3 +++ /dev/null @@ -1,103 +0,0 @@ -.\" $OpenBSD: CONF_modules_free.3,v 1.5 2018/03/22 21:08:22 schwarze Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2004, 2006 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt CONF_MODULES_FREE 3 -.Os -.Sh NAME -.Nm CONF_modules_free , -.Nm CONF_modules_finish , -.Nm CONF_modules_unload -.Nd OpenSSL configuration cleanup functions -.Sh SYNOPSIS -.In openssl/conf.h -.Ft void -.Fo CONF_modules_free -.Fa void -.Fc -.Ft void -.Fo CONF_modules_finish -.Fa void -.Fc -.Ft void -.Fo CONF_modules_unload -.Fa "int all" -.Fc -.Sh DESCRIPTION -.Fn CONF_modules_free -closes down and frees up all memory allocated by all configuration -modules. -Normally applications will only call this function -at application exit to tidy up any configuration performed. -.Pp -.Fn CONF_modules_finish -calls the configuration -.Sy finish -handler of each configuration module to free up any configuration -that module may have performed. -.Pp -.Fn CONF_modules_unload -finishes and unloads configuration modules. -If -.Fa all -is set to 0, only modules loaded from DSOs will be unloaded. -If -.Fa all -is 1, all modules, including builtin modules, will be unloaded. -.Sh SEE ALSO -.Xr CONF_modules_load_file 3 , -.Xr OPENSSL_config 3 -.Sh HISTORY -.Fn CONF_modules_free , -.Fn CONF_modules_finish , -and -.Fn CONF_modules_unload -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/CONF_modules_load_file.3 b/src/lib/libcrypto/man/CONF_modules_load_file.3 deleted file mode 100644 index bd419ef3e3..0000000000 --- a/src/lib/libcrypto/man/CONF_modules_load_file.3 +++ /dev/null @@ -1,285 +0,0 @@ -.\" $OpenBSD: CONF_modules_load_file.3,v 1.10 2021/08/03 18:49:30 schwarze Exp $ -.\" full merge up to: e9b77246 Jan 20 19:58:49 2017 +0100 -.\" selective merge up to: d090fc00 Feb 26 13:11:10 2019 +0800 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 3 2021 $ -.Dt CONF_MODULES_LOAD_FILE 3 -.Os -.Sh NAME -.Nm CONF_modules_load_file , -.Nm CONF_modules_load , -.Nm X509_get_default_cert_area -.Nd OpenSSL configuration functions -.Sh SYNOPSIS -.In openssl/conf.h -.Ft int -.Fo CONF_modules_load_file -.Fa "const char *filename" -.Fa "const char *appname" -.Fa "unsigned long flags" -.Fc -.Ft int -.Fo CONF_modules_load -.Fa "const CONF *cnf" -.Fa "const char *appname" -.Fa "unsigned long flags" -.Fc -.In openssl/x509.h -.Ft const char * -.Fn X509_get_default_cert_area void -.Sh DESCRIPTION -The function -.Fn CONF_modules_load_file -configures OpenSSL using the file -.Fa filename -in -.Xr openssl.cnf 5 -format and the application name -.Fa appname . -If -.Fa filename -is -.Dv NULL , -the standard OpenSSL configuration file -.Pa /etc/ssl/openssl.cnf -is used. -If -.Fa appname -is -.Dv NULL , -the standard OpenSSL application name -.Qq openssl_conf -is used. -The behaviour can be customized using -.Fa flags . -.Pp -See the -.Sx EXAMPLES -section for additional functions that may need to be called. -Calling configuration functions in the right order for the intended -effect can be tricky because many configuration functions internally -call each other. -.Pp -.Fn CONF_modules_load -is identical to -.Fn CONF_modules_load_file -except it reads configuration information from -.Fa cnf . -.Pp -The following -.Fa flags -are currently recognized: -.Bl -tag -width Ds -.It Dv CONF_MFLAGS_IGNORE_ERRORS -Ignore errors returned by individual configuration modules. -By default, the first module error is considered fatal and no further -modules are loaded. -.It Dv CONF_MFLAGS_SILENT -Do not add any error information. -By default, all module errors add error information to the error queue. -.It Dv CONF_MFLAGS_NO_DSO -Disable loading of configuration modules from DSOs. -.It Dv CONF_MFLAGS_IGNORE_MISSING_FILE -Let -.Fn CONF_modules_load_file -ignore missing configuration files. -By default, a missing configuration file returns an error. -.It CONF_MFLAGS_DEFAULT_SECTION -If -.Fa appname -is not -.Dv NULL -but does not exist, fall back to the default section -.Qq openssl_conf . -.El -.Pp -By using -.Fn CONF_modules_load_file -with appropriate flags, an application can customise application -configuration to best suit its needs. -In some cases the use of a configuration file is optional and its -absence is not an error: in this case -.Dv CONF_MFLAGS_IGNORE_MISSING_FILE -would be set. -.Pp -Errors during configuration may also be handled differently by -different applications. -For example in some cases an error may simply print out a warning -message and the application may continue. -In other cases an application might consider a configuration file -error fatal and exit immediately. -.Pp -Applications can use the -.Fn CONF_modules_load -function if they wish to load a configuration file themselves and -have finer control over how errors are treated. -.Sh RETURN VALUES -.Fn CONF_modules_load_file -and -.Fn CONF_modules_load -return 1 for success and zero or a negative value for failure. -If module errors are not ignored, the return code will reflect the return -value of the failing module (this will always be zero or negative). -.Pp -.Fn X509_get_default_cert_area -returns a pointer to the constant string -.Qq "/etc/ssl" . -.Sh FILES -.Bl -tag -width /etc/ssl/openssl.cnf -compact -.It Pa /etc/ssl -standard configuration directory -.It Pa /etc/ssl/openssl.cnf -standard configuration file -.El -.Sh EXAMPLES -Load a configuration file and print out any errors and exit (missing -file considered fatal): -.Bd -literal -if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { - fprintf(stderr, "FATAL: error loading configuration file\en"); - ERR_print_errors_fp(stderr); - exit(1); -} -.Ed -.Pp -Load default configuration file using the section indicated -by "myapp", tolerate missing files, but exit on other errors: -.Bd -literal -if (CONF_modules_load_file(NULL, "myapp", - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { - fprintf(stderr, "FATAL: error loading configuration file\en"); - ERR_print_errors_fp(stderr); - exit(1); -} -.Ed -.Pp -Load custom configuration file and section instead of the standard one, -only print warnings on error, missing configuration file ignored: -.Bd -literal -OPENSSL_no_config(); -ENGINE_load_builtin_engines(); -OPENSSL_load_builtin_modules(); -if (CONF_modules_load_file("/something/app.cnf", "myapp", - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { - fprintf(stderr, "WARNING: error loading configuration file\en"); - ERR_print_errors_fp(stderr); -} -.Ed -.Pp -In the previous example, the call to -.Xr OPENSSL_no_config 3 -is required first to suppress automatic loading -of the standard configuration file, and the calls to -.Xr ENGINE_load_builtin_engines 3 -and -.Xr OPENSSL_load_builtin_modules 3 -are needed so that the configuration of builtin modules and engines -is also loaded in addition to the configuration of -.Qq myapp . -.Pp -Load and parse configuration file manually, custom error handling: -.Bd -literal -FILE *fp; -CONF *cnf = NULL; -long eline; - -fp = fopen("/somepath/app.cnf", "r"); -if (fp == NULL) { - fprintf(stderr, "Error opening configuration file\en"); - /* Other missing configuration file behaviour */ -} else { - cnf = NCONF_new(NULL); - if (NCONF_load_fp(cnf, fp, &eline) == 0) { - fprintf(stderr, "Error on line %ld of configuration file\en", - eline); - ERR_print_errors_fp(stderr); - /* Other malformed configuration file behaviour */ - } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { - fprintf(stderr, "Error configuring application\en"); - ERR_print_errors_fp(stderr); - /* Other configuration error behaviour */ - } - fclose(fp); - NCONF_free(cnf); -} -.Ed -.Sh SEE ALSO -.Xr CONF_modules_free 3 , -.Xr ENGINE_load_builtin_engines 3 , -.Xr ERR 3 , -.Xr OPENSSL_config 3 , -.Xr OPENSSL_load_builtin_modules 3 -.Sh HISTORY -.Fn X509_get_default_cert_area -first appeared in SSLeay 0.4.1 and has been available since -.Ox 2.4 . -.Pp -.Fn CONF_modules_load_file -and -.Fn CONF_modules_load -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/CRYPTO_get_mem_functions.3 b/src/lib/libcrypto/man/CRYPTO_get_mem_functions.3 deleted file mode 100644 index 5d43116283..0000000000 --- a/src/lib/libcrypto/man/CRYPTO_get_mem_functions.3 +++ /dev/null @@ -1,114 +0,0 @@ -.\" $OpenBSD: CRYPTO_get_mem_functions.3,v 1.7 2019/06/10 09:49:48 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt CRYPTO_GET_MEM_FUNCTIONS 3 -.Os -.Sh NAME -.Nm CRYPTO_get_mem_functions , -.Nm CRYPTO_set_mem_functions , -.Nm CRYPTO_mem_ctrl , -.Nm CRYPTO_mem_leaks , -.Nm CRYPTO_mem_leaks_fp , -.Nm CRYPTO_mem_leaks_cb -.Nd legacy OpenSSL memory allocation control -.Sh SYNOPSIS -.In openssl/crypto.h -.Ft void -.Fo CRYPTO_get_mem_functions -.Fa "void *(**m)(size_t)" -.Fa "void *(**r)(void *, size_t)" -.Fa "void (**f)(void *)" -.Fc -.Ft int -.Fo CRYPTO_set_mem_functions -.Fa "void *(*m)(size_t)" -.Fa "void *(*r)(void *, size_t)" -.Fa "void (*f)(void *)" -.Fc -.Ft int -.Fo CRYPTO_mem_ctrl -.Fa "int mode" -.Fc -.Ft int -.Fo CRYPTO_mem_leaks -.Fa "BIO *b" -.Fc -.Ft int -.Fo CRYPTO_mem_leaks_fp -.Fa "FILE *fp" -.Fc -.Ft typedef int * -.Fo CRYPTO_MEM_LEAK_CB -.Fa "unsigned long" -.Fa "const char *" -.Fa int -.Fa int -.Fa "void *" -.Fc -.Ft int -.Fo CRYPTO_mem_leaks_cb -.Fa "CRYPTO_MEM_LEAK_CB *cb" -.Fc -.Sh DESCRIPTION -Do not use any of the interfaces documented here. -They are provided purely for compatibility with legacy application code. -.Pp -.Fn CRYPTO_get_mem_functions -assigns pointers to the C library functions -.Xr malloc 3 , -.Xr realloc 3 , -and -.Xr free 3 -to those of its arguments that are not -.Dv NULL . -.Pp -.Fn CRYPTO_set_mem_functions , -.Fn CRYPTO_mem_ctrl , -.Fn CRYPTO_mem_leaks , -.Fn CRYPTO_mem_leaks_fp , -and -.Fn CRYPTO_mem_leaks_cb -have no effect. -.Sh RETURN VALUES -.Fn CRYPTO_set_mem_functions -always returns 0. -.Pp -.Fn CRYPTO_mem_ctrl -always returns -.Dv CRYPTO_MEM_CHECK_OFF . -.Pp -.Fn CRYPTO_mem_leaks , -.Fn CRYPTO_mem_leaks_fp , -and -.Fn CRYPTO_mem_leaks_cb -always return -1. -.Sh SEE ALSO -.Xr crypto 3 -.Sh HISTORY -.Fn CRYPTO_mem_ctrl , -.Fn CRYPTO_mem_leaks , -and -.Fn CRYPTO_mem_leaks_fp -first appeared in SSLeay 0.6.4. -.Fn CRYPTO_get_mem_functions -and -.Fn CRYPTO_set_mem_functions -first appeared in SSLeay 0.6.5. -.Fn CRYPTO_mem_leaks_cb -first appeared in SSLeay 0.6.6. -All these functions have all been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/CRYPTO_lock.3 b/src/lib/libcrypto/man/CRYPTO_lock.3 deleted file mode 100644 index cb6224a700..0000000000 --- a/src/lib/libcrypto/man/CRYPTO_lock.3 +++ /dev/null @@ -1,176 +0,0 @@ -.\" $OpenBSD: CRYPTO_lock.3,v 1.1 2019/03/10 15:00:34 schwarze Exp $ -.\" OpenSSL doc/crypto/threads.pod fb552ac6 Sep 30 23:43:01 2009 +0000 -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 10 2019 $ -.Dt CRYPTO_LOCK 3 -.Os -.Sh NAME -.Nm CRYPTO_THREADID_current , -.Nm CRYPTO_THREADID_cmp , -.Nm CRYPTO_THREADID_cpy , -.Nm CRYPTO_THREADID_hash , -.Nm CRYPTO_lock , -.Nm CRYPTO_w_lock , -.Nm CRYPTO_w_unlock , -.Nm CRYPTO_r_lock , -.Nm CRYPTO_r_unlock , -.Nm CRYPTO_add -.Nd thread support -.Sh SYNOPSIS -.In openssl/crypto.h -.Ft void -.Fo CRYPTO_THREADID_current -.Fa "CRYPTO_THREADID *id" -.Fc -.Ft int -.Fo CRYPTO_THREADID_cmp -.Fa "const CRYPTO_THREADID *a" -.Fa "const CRYPTO_THREADID *b" -.Fc -.Ft void -.Fo CRYPTO_THREADID_cpy -.Fa "CRYPTO_THREADID *dest" -.Fa "const CRYPTO_THREADID *src" -.Fc -.Ft unsigned long -.Fo CRYPTO_THREADID_hash -.Fa "const CRYPTO_THREADID *id" -.Fc -.Ft void -.Fo CRYPTO_lock -.Fa "int mode" -.Fa "int type" -.Fa "const char *file" -.Fa "int line" -.Fc -.Ft int -.Fo CRYPTO_add -.Fa "int *p" -.Fa "int amount" -.Fa "int type" -.Fc -.Bd -literal -#define CRYPTO_w_lock(type) \e - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE, type, __FILE__, __LINE__) -#define CRYPTO_w_unlock(type) \e - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE, type, __FILE__, __LINE__) -#define CRYPTO_r_lock(type) \e - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ, type, __FILE__, __LINE__) -#define CRYPTO_r_unlock(type) \e - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ, type, __FILE__, __LINE__) -.Ed -.Sh DESCRIPTION -These functions are obsolete. -.Pp -.Fn CRYPTO_THREADID_current -stores a unique identifier of the currently executing thread -into the opaque object -.Fa id . -.Pp -.Fn CRYPTO_THREADID_cpy -copies the contents of -.Fa src -to -.Fa dest . -.Pp -.Fn CRYPTO_lock -locks or unlocks a mutex lock. -.Pp -.Fa mode -is a bitfield describing what should be done with the lock. -For each call, either -.Dv CRYPTO_LOCK -or -.Dv CRYPTO_UNLOCK -must be included. -In the LibreSSL implementation, -.Dv CRYPTO_READ -and -.Dv CRYPTO_WRITE -are ignored. -.Pp -.Fa type -is a number in the range 0 <= -.Fa type No < Dv CRYPTO_NUM_LOCKS -identifying a particular lock. -Currently, the value of -.Dv CRYPTO_NUM_LOCKS -is 41. -.Pp -The -.Ar file -and -.Ar line -arguments are ignored. -.Pp -In the LibreSSL implementation, -.Fn CRYPTO_lock -is a wrapper around -.Xr pthread_mutex_lock 3 -and -.Xr pthread_mutex_unlock 3 . -.Pp -.Fn CRYPTO_add -locks the lock number -.Fa type , -adds -.Fa amount -to -.Pf * Fa p , -and unlocks the lock number -.Fa type -again. -.Sh RETURN VALUES -.Fn CRYPTO_THREADID_cmp -returns 0 if -.Fa a -and -.Fa b -refer to the same thread or a non-zero value otherwise. -.Pp -.Fn CRYPTO_THREADID_hash -returns a numeric value usable as a hash-table key. -In the LibreSSL implementation, it is the value returned from -.Xr pthread_self 3 -for the thread -.Fa id . -.Pp -.Fn CRYPTO_add -returns the new value of -.Pf * Fa p . -.Sh SEE ALSO -.Xr crypto 3 -.Sh HISTORY -.Fn CRYPTO_lock , -.Fn CRYPTO_w_lock , -.Fn CRYPTO_w_unlock , -.Fn CRYPTO_r_lock , -and -.Fn CRYPTO_r_unlock -first appeared in SSLeay 0.6.0. -.Fn CRYPTO_add -first appeared in SSLeay 0.6.2. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn CRYPTO_THREADID_current , -.Fn CRYPTO_THREADID_cmp , -.Fn CRYPTO_THREADID_cpy , -and -.Fn CRYPTO_THREADID_hash -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/CRYPTO_memcmp.3 b/src/lib/libcrypto/man/CRYPTO_memcmp.3 deleted file mode 100644 index cbc0030c55..0000000000 --- a/src/lib/libcrypto/man/CRYPTO_memcmp.3 +++ /dev/null @@ -1,95 +0,0 @@ -.\" $OpenBSD: CRYPTO_memcmp.3,v 1.1 2019/08/25 06:20:22 schwarze Exp $ -.\" full merge up to: OpenSSL 1075139c Jun 24 09:18:48 2019 +1000 -.\" -.\" This file was written by Pauli . -.\" Copyright (c) 2019 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 25 2019 $ -.Dt CRYPTO_MEMCMP 3 -.Os -.Sh NAME -.Nm CRYPTO_memcmp -.Nd constant time memory comparison -.Sh SYNOPSIS -.In openssl/crypto.h -.Ft int -.Fo CRYPTO_memcmp -.Fa "const void *a" -.Fa "const void *b" -.Fa "size_t len" -.Fc -.Sh DESCRIPTION -.Fn CRYPTO_memcmp -compares the -.Fa len -bytes pointed to by -.Fa a -and -.Fa b -for equality. -It takes an amount of time dependent on -.Fa len , -but independent of the contents of the memory regions pointed to by -.Fa a -and -.Fa b . -.Sh RETURN VALUES -.Fn CRYPTO_memcmp -returns 0 if the content of the memory regions is equal -or non-zero otherwise. -.Sh HISTORY -.Fn CRYPTO_memcmp -first appeared in OpenSSL 1.0.1d and has been available since -.Ox 5.6 . -.Sh BUGS -Unlike -.Xr memcmp 3 -and -.Xr timingsafe_memcmp 3 , -this function cannot be used to order the two memory regions. -In the current implementation, the return value is always greater -than or equal to 0. diff --git a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 deleted file mode 100644 index c78076b8a8..0000000000 --- a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ /dev/null @@ -1,369 +0,0 @@ -.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.12 2019/08/16 12:16:22 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL CRYPTO_get_ex_new_index 9e183d22 Mar 11 08:56:44 2017 -0500 -.\" selective merge up to: 72a7a702 Feb 26 14:05:09 2019 +0000 -.\" -.\" This file was written by Dr. Stephen Henson -.\" and by Rich Salz . -.\" Copyright (c) 2000, 2006, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 16 2019 $ -.Dt CRYPTO_SET_EX_DATA 3 -.Os -.Sh NAME -.Nm CRYPTO_EX_new , -.Nm CRYPTO_EX_free , -.Nm CRYPTO_EX_dup , -.Nm CRYPTO_get_ex_new_index , -.Nm CRYPTO_set_ex_data , -.Nm CRYPTO_get_ex_data , -.Nm CRYPTO_free_ex_data , -.Nm CRYPTO_new_ex_data -.Nd functions supporting application-specific data -.Sh SYNOPSIS -.In openssl/crypto.h -.Ft int -.Fo CRYPTO_get_ex_new_index -.Fa "int class_index" -.Fa "long argl" -.Fa "void *argp" -.Fa "CRYPTO_EX_new *new_func" -.Fa "CRYPTO_EX_dup *dup_func" -.Fa "CRYPTO_EX_free *free_func" -.Fc -.Ft typedef int -.Fo CRYPTO_EX_new -.Fa "void *parent" -.Fa "void *ptr" -.Fa "CRYPTO_EX_DATA *ad" -.Fa "int idx" -.Fa "long argl" -.Fa "void *argp" -.Fc -.Ft typedef void -.Fo CRYPTO_EX_free -.Fa "void *parent" -.Fa "void *ptr" -.Fa "CRYPTO_EX_DATA *ad" -.Fa "int idx" -.Fa "long argl" -.Fa "void *argp" -.Fc -.Ft typedef int -.Fo CRYPTO_EX_dup -.Fa "CRYPTO_EX_DATA *to" -.Fa "const CRYPTO_EX_DATA *from" -.Fa "void *from_d" -.Fa "int idx" -.Fa "long argl" -.Fa "void *argp" -.Fc -.Ft int -.Fo CRYPTO_new_ex_data -.Fa "int class_index" -.Fa "void *obj" -.Fa "CRYPTO_EX_DATA *ad" -.Fc -.Ft int -.Fo CRYPTO_set_ex_data -.Fa "CRYPTO_EX_DATA *r" -.Fa "int idx" -.Fa "void *arg" -.Fc -.Ft void * -.Fo CRYPTO_get_ex_data -.Fa "CRYPTO_EX_DATA *r" -.Fa "int idx" -.Fc -.Ft void -.Fo CRYPTO_free_ex_data -.Fa "int class_index" -.Fa "void *obj" -.Fa "CRYPTO_EX_DATA *r" -.Fc -.Sh DESCRIPTION -Several OpenSSL structures can have application specific data attached -to them, known as "exdata". -The specific structures are: -.Bd -literal - BIO - DH - DSA - EC_KEY - ECDH - ECDSA - ENGINE - RSA - SSL - SSL_CTX - SSL_SESSION - UI - X509 - X509_STORE - X509_STORE_CTX -.Ed -.Pp -Each is identified by a -.Dv CRYPTO_EX_INDEX_* -constant defined in the -.In openssl/crypto.h -header file. -.Pp -The API described here is used by OpenSSL to manipulate exdata for -specific structures. -Since the application data can be anything at all it is passed and -retrieved as a -.Vt void * -type. -.Pp -The -.Vt CRYPTO_EX_DATA -type is opaque. -To initialize the exdata part of a structure, call -.Fn CRYPTO_new_ex_data . -.Pp -Exdata types are identified by an index, an integer guaranteed to -be unique within structures for the lifetime of the program. -Applications using exdata typically call -.Fn CRYPTO_get_ex_new_index -at startup and store the result in a global variable, or write a -wrapper function to provide lazy evaluation. -The -.Fa class_index -should be one of the -.Dv CRYPTO_EX_INDEX_* -values. -The -.Fa argl -and -.Fa argp -parameters are saved to be passed to the callbacks but are otherwise not -used. -In order to transparently manipulate exdata, three callbacks must be -provided. -The semantics of those callbacks are described below. -.Pp -When copying or releasing objects with exdata, the callback functions -are called in increasing order of their index value. -.Pp -To set or get the exdata on an object, the appropriate type-specific -routine must be used. -This is because the containing structure is opaque and the -.Vt CRYPTO_EX_DATA -field is not accessible. -In both APIs, the -.Fa idx -parameter should be an already-created index value. -.Pp -When setting exdata, the pointer specified with a particular index is -saved, and returned on a subsequent "get" call. -If the application is going to release the data, it must make sure to -set a -.Dv NULL -value at the index, to avoid likely double-free crashes. -.Pp -The function -.Fn CRYPTO_free_ex_data -is used to free all exdata attached to a structure. -The appropriate type-specific routine must be used. -The -.Fa class_index -identifies the structure type, the -.Fa obj -is a pointer to the actual structure, and -.Fa r -is a pointer to the structure's exdata field. -.Pp -The callback functions are used as follows. -.Pp -When a structure is initially allocated (such as by -.Xr RSA_new 3 ) , -then -.Fa new_func -is called for every defined index. -There is no requirement that the entire parent, or containing, structure -has been set up. -The -.Fa new_func -is typically used only to allocate memory to store the -exdata, and perhaps an "initialized" flag within that memory. -The exdata value should be set by calling -.Fn CRYPTO_set_ex_data . -.Pp -When a structure is free'd (such as by -.Xr SSL_CTX_free 3 ) , -then the -.Fa free_func -is called for every defined index. -Again, the state of the parent structure is not guaranteed. -The -.Fa free_func -may be called with a -.Dv NULL -pointer. -.Pp -Both -.Fa new_func -and -.Fa free_func -take the same parameters. -The -.Fa parent -is the pointer to the structure that contains the exdata. -The -.Fa ptr -is the current exdata item; for -.Fa new_func -this will typically be -.Dv NULL . -The -.Fa r -parameter is a pointer to the exdata field of the object. -The -.Fa idx -is the index and is the value returned when the callbacks were initially -registered via -.Fn CRYPTO_get_ex_new_index -and can be used if the same callback handles different types of exdata. -.Pp -.Fa dup_func -is called when a structure is being copied. -This is only done for -.Vt SSL -and -.Vt SSL_SESSION -objects. -The -.Fa to -and -.Fa from -parameters are pointers to the destination and source -.Vt CRYPTO_EX_DATA -structures, respectively. -The -.Fa from_d -parameter is a pointer to the source exdata. -When -.Fa dup_func -returns, the value in -.Fa from_d -is copied to the destination ex_data. -If the pointer contained in -.Fa from_d -is not modified by the -.Fa dup_func , -then both -.Fa to -and -.Fa from -will point to the same data. -The -.Fa idx , -.Fa argl -and -.Fa argp -parameters are as described for the other two callbacks. -.Pp -.Fn CRYPTO_set_ex_data -is used to set application specific data. -The data is supplied in the -.Fa arg -parameter and its precise meaning is up to the application. -.Pp -.Fn CRYPTO_get_ex_data -is used to retrieve application specific data. -The data is returned to the application; this will be the same value as -supplied to a previous -.Fn CRYPTO_set_ex_data -call. -.Sh RETURN VALUES -.Fn CRYPTO_get_ex_new_index -returns a new index or -1 on failure; the value 0 is reserved for -the legacy "app_data" APIs. -.Pp -.Fn CRYPTO_set_ex_data -returns 1 on success or 0 on failure. -.Pp -.Fn CRYPTO_get_ex_data -returns the application data or -.Dv NULL -on failure; note that -.Dv NULL -may be a valid value. -.Pp -.Fa dup_func -should return 0 for failure and 1 for success. -.Pp -On failure an error code can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BIO_get_ex_new_index 3 , -.Xr DH_get_ex_new_index 3 , -.Xr DSA_get_ex_new_index 3 , -.Xr RSA_get_ex_new_index 3 , -.Xr SSL_CTX_get_ex_new_index 3 , -.Xr SSL_get_ex_new_index 3 , -.Xr SSL_SESSION_get_ex_new_index 3 , -.Xr X509_STORE_CTX_get_ex_new_index 3 , -.Xr X509_STORE_get_ex_new_index 3 -.Sh HISTORY -.Fn CRYPTO_get_ex_new_index , -.Fn CRYPTO_set_ex_data , -.Fn CRYPTO_get_ex_data , -.Fn CRYPTO_free_ex_data , -and -.Fn CRYPTO_new_ex_data -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . -.Pp -.Fn CRYPTO_EX_new , -.Fn CRYPTO_EX_free , -and -.Fn CRYPTO_EX_dup -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/ChaCha.3 b/src/lib/libcrypto/man/ChaCha.3 deleted file mode 100644 index 6b037f80ad..0000000000 --- a/src/lib/libcrypto/man/ChaCha.3 +++ /dev/null @@ -1,253 +0,0 @@ -.\" $OpenBSD: ChaCha.3,v 1.2 2020/06/24 18:15:00 jmc Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt CHACHA 3 -.Os -.Sh NAME -.Nm ChaCha_set_key , -.Nm ChaCha_set_iv , -.Nm ChaCha , -.Nm CRYPTO_chacha_20 , -.Nm CRYPTO_hchacha_20 , -.Nm CRYPTO_xchacha_20 -.Nd ChaCha20 stream cipher -.Sh SYNOPSIS -.In openssl/chacha.h -.Ft void -.Fo ChaCha_set_key -.Fa "ChaCha_ctx *ctx" -.Fa "const unsigned char *key" -.Fa "unsigned int keybits" -.Fc -.Ft void -.Fo ChaCha_set_iv -.Fa "ChaCha_ctx *ctx" -.Fa "const unsigned char *iv" -.Fa "const unsigned char *counter" -.Fc -.Ft void -.Fo ChaCha -.Fa "ChaCha_ctx *ctx" -.Fa "unsigned char *out" -.Fa "const unsigned char *in" -.Fa "size_t len" -.Fc -.Ft void -.Fo CRYPTO_chacha_20 -.Fa "unsigned char *out" -.Fa "const unsigned char *in" -.Fa "size_t len" -.Fa "const unsigned char key[32]" -.Fa "const unsigned char iv[8]" -.Fa "uint64_t counter" -.Fc -.Ft void -.Fo CRYPTO_hchacha_20 -.Fa "unsigned char out[32]" -.Fa "const unsigned char key[32]" -.Fa "const unsigned char iv[16]" -.Fc -.Ft void -.Fo CRYPTO_xchacha_20 -.Fa "unsigned char *out" -.Fa "const unsigned char *in" -.Fa "size_t len" -.Fa "const unsigned char key[32]" -.Fa "const unsigned char iv[24]" -.Fc -.Sh DESCRIPTION -These functions provide a low-level implementation -of the ChaCha stream cipher with 256 and 128-bit keys. -The number of rounds is hardcoded to 20; -variants with 8 or 12 rounds are not supported. -.Pp -Instead of using these functions directly, -application programs normally use the more portable -.Xr EVP_chacha20 3 -high-level interface. -.Pp -The ChaCha state is contained in the -.Vt ChaCha_ctx -structure and consists of sixteen 32-bit unsigned integers. -.Pp -For the recommended value of 256 -.Fa keybits , -.Fn ChaCha_set_key -copies 32 bytes (256 bits) from -.Fa key -to the middle eight integers of the ChaCha state, -using little endian order for each integer. -For the alternative value of 128 -.Fa keybits , -only 16 bytes (128 bits) are copied from -.Fa key -to the ChaCha state, but they are copied twice, -once to the second quarter and once to the third quarter. -The first quarter of the ChaCha state is set to four constant integers; -these constants differ depending on whether -.Fa keybits -is 128 or 256. -The last quarter of the ChaCha state remains unchanged. -.Pp -.Fn ChaCha_set_iv -copies eight bytes (64 bits) from -.Fa counter -and eight bytes (64 bits) from -.Fa iv -to the last quarter of the ChaCha state, the counter to the first -two integers and the initialization vector to the last two integers, -again in little endian order. -If -.Fa counter -is -.Dv NULL , -the two respective integers are set to 0 instead. -The first three quarters of the ChaCha state remain unchanged. -.Pp -.Fn ChaCha -encrypts -.Fa len -bytes of data from -.Fa in -to -.Fa out -using the -.Fa ctx -that was previously set up with -.Fn ChaCha_set_key -and -.Fn ChaCha_set_iv . -Providing an -.Fa out -buffer of at least -.Fa len -bytes is the responsibility of the caller. -This function can be called multiple times in a row with varying -.Fa len -arguments. -The -.Fa len -does not need to be a multiple of 64. -.Pp -.Fn CRYPTO_chacha_20 -encrypts -.Fa len -bytes of data from -.Fa in -to -.Fa out -in a one-shot operation, using the given -.Fa key -and -.Fa iv -as described for -.Fn ChaCha_set_key -and -.Fn ChaCha_set_iv -and copying the less significant half of -.Fa counter -to the first counter integer in the initial ChaCha state -and the more significant half to the second integer. -Providing an -.Fa out -buffer of at least -.Fa len -bytes is again the responsibility of the caller. -The maximum supported value for -.Fa len -is 2^32 \- 1. -.Pp -XChaCha is a variant of ChaCha designed to support longer nonces, -just like XSalsa20 is a variant of Salsa20 supporting longer nonces. -.Pp -.Fn CRYPTO_xchacha_20 -encrypts -.Fa len -bytes of data from -.Fa in -to -.Fa out -in a one-shot operation with the XChaCha algorithm, using the given -.Fa key -and -.Fa iv . -It is equivalent to -.Fn CRYPTO_chacha_20 -with the last third of -.Fa iv , -a -.Fa counter -of 0, and a key generated with -.Fn CRYPTO_hchacha_20 -from the first two thirds of -.Fa iv . -.Sh SEE ALSO -.Xr crypto 3 , -.Xr EVP_chacha20 3 -.Rs -.%A Daniel J. Bernstein -.%T ChaCha, a variant of Salsa20 -.%U http://cr.yp.to/chacha/chacha-20080128.pdf -.%C Chicago -.%D January 28, 2008 -.Re -.Rs -.%A Daniel J. Bernstein -.%T Extending the Salsa20 nonce -.%U https://cr.yp.to/snuffle/xsalsa-20110204.pdf -.%C Chicago -.%D August 22, 2017 -.Re -.Sh STANDARDS -RFC 8439: ChaCha20 and Poly1305 for IETF Protocols -.Pp -Note that the standard specifies -a 32-bit counter and a 96-bit initialization vector whereas -this implementation follows Bernstein's original specification -and uses a 64-bit counter and a 64-bit initialization vector. -.Pp -These functions are specific to LibreSSL and not provided by OpenSSL. -BoringSSL does provide -.Fn CRYPTO_chacha_20 , -but with an incompatible interface, taking a 96-bit -.Fa iv -and a 32-bit -.Fa counter . -.Sh HISTORY -.Fn ChaCha_set_key , -.Fn ChaCha_set_iv , -.Fn ChaCha , -and -.Fn CRYPTO_chacha_20 -first appeared in -.Ox 5.6 . -.\" Committed on May 1, 2014. -.\" BoringSSL added CRYPTO_chacha_20 on June 20, 2014. -.Pp -.Fn CRYPTO_hchacha_20 -and -.Fn CRYPTO_xchacha_20 -first appeared in -.Ox 6.5 . -.Sh AUTHORS -.An -nosplit -This implementation was written by -.An Daniel J. Bernstein Aq Mt djb@cr.yp.to . -The API layer was added by -.An Joel Sing Aq Mt jsing@openbsd.org -for ChaCha, and for XChaCha by -.An David Gwynne Aq Mt dlg@openbsd.org . diff --git a/src/lib/libcrypto/man/DES_set_key.3 b/src/lib/libcrypto/man/DES_set_key.3 deleted file mode 100644 index da58957d36..0000000000 --- a/src/lib/libcrypto/man/DES_set_key.3 +++ /dev/null @@ -1,870 +0,0 @@ -.\" $OpenBSD: DES_set_key.3,v 1.14 2019/06/06 01:06:58 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL man3/DES_random_key 521738e9 Oct 5 14:58:30 2018 -0400 -.\" -.\" -------------------------------------------------------------------------- -.\" Major patches to this file were contributed by -.\" Ulf Moeller , Ben Laurie , -.\" and Richard Levitte . -.\" -------------------------------------------------------------------------- -.\" Copyright (c) 2000, 2001, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" -------------------------------------------------------------------------- -.\" Parts of this file are derived from SSLeay documentation, -.\" which is covered by the following Copyright and license: -.\" -------------------------------------------------------------------------- -.\" -.\" Copyright (C) 1995-1998 Tim Hudson (tjh@cryptsoft.com) -.\" All rights reserved. -.\" -.\" This package is an SSL implementation written -.\" by Eric Young (eay@cryptsoft.com). -.\" The implementation was written so as to conform with Netscapes SSL. -.\" -.\" This library is free for commercial and non-commercial use as long as -.\" the following conditions are aheared to. The following conditions -.\" apply to all code found in this distribution, be it the RC4, RSA, -.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation -.\" included with this distribution is covered by the same copyright terms -.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). -.\" -.\" Copyright remains Eric Young's, and as such any Copyright notices in -.\" the code are not to be removed. -.\" If this package is used in a product, Eric Young should be given -.\" attribution as the author of the parts of the library used. -.\" This can be in the form of a textual message at program startup or -.\" in documentation (online or textual) provided with the package. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" "This product includes cryptographic software written by -.\" Eric Young (eay@cryptsoft.com)" -.\" The word 'cryptographic' can be left out if the rouines from the -.\" library being used are not cryptographic related :-). -.\" 4. If you include any Windows specific code (or a derivative thereof) -.\" from the apps directory (application code) you must include an -.\" acknowledgement: "This product includes software written by -.\" Tim Hudson (tjh@cryptsoft.com)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" The licence and distribution terms for any publically available version or -.\" derivative of this code cannot be changed. i.e. this code cannot simply be -.\" copied and put under another distribution licence -.\" [including the GNU Public Licence.] -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt DES_SET_KEY 3 -.Os -.Sh NAME -.Nm DES_random_key , -.Nm DES_set_key , -.Nm DES_key_sched , -.Nm DES_set_key_checked , -.Nm DES_set_key_unchecked , -.Nm DES_set_odd_parity , -.Nm DES_is_weak_key , -.Nm DES_ecb_encrypt , -.Nm DES_ecb2_encrypt , -.Nm DES_ecb3_encrypt , -.Nm DES_ncbc_encrypt , -.Nm DES_cfb_encrypt , -.Nm DES_ofb_encrypt , -.Nm DES_pcbc_encrypt , -.Nm DES_cfb64_encrypt , -.Nm DES_ofb64_encrypt , -.Nm DES_xcbc_encrypt , -.Nm DES_ede2_cbc_encrypt , -.Nm DES_ede2_cfb64_encrypt , -.Nm DES_ede2_ofb64_encrypt , -.Nm DES_ede3_cbc_encrypt , -.Nm DES_ede3_cbcm_encrypt , -.Nm DES_ede3_cfb64_encrypt , -.Nm DES_ede3_ofb64_encrypt , -.Nm DES_cbc_cksum , -.Nm DES_quad_cksum , -.Nm DES_string_to_key , -.Nm DES_string_to_2keys , -.Nm DES_fcrypt , -.Nm DES_crypt , -.Nm DES_enc_read , -.Nm DES_enc_write -.Nd DES encryption -.Sh SYNOPSIS -.In openssl/des.h -.Ft void -.Fo DES_random_key -.Fa "DES_cblock *ret" -.Fc -.Ft int -.Fo DES_set_key -.Fa "const_DES_cblock *key" -.Fa "DES_key_schedule *schedule" -.Fc -.Ft int -.Fo DES_key_sched -.Fa "const_DES_cblock *key" -.Fa "DES_key_schedule *schedule" -.Fc -.Ft int -.Fo DES_set_key_checked -.Fa "const_DES_cblock *key" -.Fa "DES_key_schedule *schedule" -.Fc -.Ft void -.Fo DES_set_key_unchecked -.Fa "const_DES_cblock *key" -.Fa "DES_key_schedule *schedule" -.Fc -.Ft void -.Fo DES_set_odd_parity -.Fa "DES_cblock *key" -.Fc -.Ft int -.Fo DES_is_weak_key -.Fa "const_DES_cblock *key" -.Fc -.Ft void -.Fo DES_ecb_encrypt -.Fa "const_DES_cblock *input" -.Fa "DES_cblock *output" -.Fa "DES_key_schedule *ks" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ecb2_encrypt -.Fa "const_DES_cblock *input" -.Fa "DES_cblock *output" -.Fa "DES_key_schedule *ks1" -.Fa "DES_key_schedule *ks2" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ecb3_encrypt -.Fa "const_DES_cblock *input" -.Fa "DES_cblock *output" -.Fa "DES_key_schedule *ks1" -.Fa "DES_key_schedule *ks2" -.Fa "DES_key_schedule *ks3" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ncbc_encrypt -.Fa "const unsigned char *input" -.Fa "unsigned char *output" -.Fa "long length" -.Fa "DES_key_schedule *schedule" -.Fa "DES_cblock *ivec" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_cfb_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "int numbits" -.Fa "long length" -.Fa "DES_key_schedule *schedule" -.Fa "DES_cblock *ivec" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ofb_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "int numbits" -.Fa "long length" -.Fa "DES_key_schedule *schedule" -.Fa "DES_cblock *ivec" -.Fc -.Ft void -.Fo DES_pcbc_encrypt -.Fa "const unsigned char *input" -.Fa "unsigned char *output" -.Fa "long length" -.Fa "DES_key_schedule *schedule" -.Fa "DES_cblock *ivec" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_cfb64_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "long length" -.Fa "DES_key_schedule *schedule" -.Fa "DES_cblock *ivec" -.Fa "int *num" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ofb64_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "long length" -.Fa "DES_key_schedule *schedule" -.Fa "DES_cblock *ivec" -.Fa "int *num" -.Fc -.Ft void -.Fo DES_xcbc_encrypt -.Fa "const unsigned char *input" -.Fa "unsigned char *output" -.Fa "long length" -.Fa "DES_key_schedule *schedule" -.Fa "DES_cblock *ivec" -.Fa "const_DES_cblock *inw" -.Fa "const_DES_cblock *outw" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ede2_cbc_encrypt -.Fa "const unsigned char *input" -.Fa "unsigned char *output" -.Fa "long length" -.Fa "DES_key_schedule *ks1" -.Fa "DES_key_schedule *ks2" -.Fa "DES_cblock *ivec" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ede2_cfb64_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "long length" -.Fa "DES_key_schedule *ks1" -.Fa "DES_key_schedule *ks2" -.Fa "DES_cblock *ivec" -.Fa "int *num" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ede2_ofb64_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "long length" -.Fa "DES_key_schedule *ks1" -.Fa "DES_key_schedule *ks2" -.Fa "DES_cblock *ivec" -.Fa "int *num" -.Fc -.Ft void -.Fo DES_ede3_cbc_encrypt -.Fa "const unsigned char *input" -.Fa "unsigned char *output" -.Fa "long length" -.Fa "DES_key_schedule *ks1" -.Fa "DES_key_schedule *ks2" -.Fa "DES_key_schedule *ks3" -.Fa "DES_cblock *ivec" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ede3_cbcm_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "long length" -.Fa "DES_key_schedule *ks1" -.Fa "DES_key_schedule *ks2" -.Fa "DES_key_schedule *ks3" -.Fa "DES_cblock *ivec1" -.Fa "DES_cblock *ivec2" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ede3_cfb64_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "long length" -.Fa "DES_key_schedule *ks1" -.Fa "DES_key_schedule *ks2" -.Fa "DES_key_schedule *ks3" -.Fa "DES_cblock *ivec" -.Fa "int *num" -.Fa "int enc" -.Fc -.Ft void -.Fo DES_ede3_ofb64_encrypt -.Fa "const unsigned char *in" -.Fa "unsigned char *out" -.Fa "long length" -.Fa "DES_key_schedule *ks1" -.Fa "DES_key_schedule *ks2" -.Fa "DES_key_schedule *ks3" -.Fa "DES_cblock *ivec" -.Fa "int *num" -.Fc -.Ft DES_LONG -.Fo DES_cbc_cksum -.Fa "const unsigned char *input" -.Fa "DES_cblock *output" -.Fa "long length" -.Fa "DES_key_schedule *schedule" -.Fa "const_DES_cblock *ivec" -.Fc -.Ft DES_LONG -.Fo DES_quad_cksum -.Fa "const unsigned char *input" -.Fa "DES_cblock output[]" -.Fa "long length" -.Fa "int out_count" -.Fa "DES_cblock *seed" -.Fc -.Ft void -.Fo DES_string_to_key -.Fa "const char *str" -.Fa "DES_cblock *key" -.Fc -.Ft void -.Fo DES_string_to_2keys -.Fa "const char *str" -.Fa "DES_cblock *key1" -.Fa "DES_cblock *key2" -.Fc -.Ft char * -.Fo DES_fcrypt -.Fa "const char *buf" -.Fa "const char *salt" -.Fa "char *ret" -.Fc -.Ft char * -.Fo DES_crypt -.Fa "const char *buf" -.Fa "const char *salt" -.Fc -.Ft int -.Fo DES_enc_read -.Fa "int fd" -.Fa "void *buf" -.Fa "int len" -.Fa "DES_key_schedule *sched" -.Fa "DES_cblock *iv" -.Fc -.Ft int -.Fo DES_enc_write -.Fa "int fd" -.Fa "const void *buf" -.Fa "int len" -.Fa "DES_key_schedule *sched" -.Fa "DES_cblock *iv" -.Fc -.Sh DESCRIPTION -This library contains a fast implementation of the DES encryption -algorithm. -.Pp -There are two phases to the use of DES encryption. -The first is the generation of a -.Vt DES_key_schedule -from a key, and the second is the actual encryption. -A DES key is of type -.Vt DES_cblock . -This type consists of 8 bytes with odd parity. -The least significant bit in each byte is the parity bit. -The key schedule is an expanded form of the key; it is used to speed the -encryption process. -.Pp -.Fn DES_random_key -generates a random key in odd parity. -.Pp -Before a DES key can be used, it must be converted into the architecture -dependent -.Vt DES_key_schedule -via the -.Fn DES_set_key_checked -or -.Fn DES_set_key_unchecked -function. -.Pp -.Fn DES_set_key_checked -will check that the key passed is of odd parity and is not a weak or -semi-weak key. -If the parity is wrong, then -1 is returned. -If the key is a weak key, then -2 is returned. -If an error is returned, the key schedule is not generated. -.Pp -.Fn DES_set_key -works like -.Fn DES_set_key_checked -if the -.Em DES_check_key -flag is non-zero, otherwise like -.Fn DES_set_key_unchecked . -These functions are available for compatibility; it is recommended to -use a function that does not depend on a global variable. -.Pp -.Fn DES_set_odd_parity -sets the parity of the passed -.Fa key -to odd. -.Pp -The following routines mostly operate on an input and output stream of -.Vt DES_cblock Ns s . -.Pp -.Fn DES_ecb_encrypt -is the basic DES encryption routine that encrypts or decrypts a single -8-byte -.Vt DES_cblock -in electronic code book (ECB) mode. -It always transforms the input data, pointed to by -.Fa input , -into the output data, pointed to by the -.Fa output -argument. -If the -.Fa enc -argument is non-zero -.Pq Dv DES_ENCRYPT , -the -.Fa input -(cleartext) is encrypted into the -.Fa output -(ciphertext) using the key_schedule specified by the -.Fa schedule -argument, previously set via -.Fn DES_set_key . -If -.Fa enc -is zero -.Pq Dv DES_DECRYPT , -the -.Fa input -(now ciphertext) is decrypted into the -.Fa output -(now cleartext). -Input and output may overlap. -.Fn DES_ecb_encrypt -does not return a value. -.Pp -.Fn DES_ecb3_encrypt -encrypts/decrypts the -.Fa input -block by using three-key Triple-DES encryption in ECB mode. -This involves encrypting the input with -.Fa ks1 , -decrypting with the key schedule -.Fa ks2 , -and then encrypting with -.Fa ks3 . -This routine greatly reduces the chances of brute force breaking of DES -and has the advantage of if -.Fa ks1 , -.Fa ks2 , -and -.Fa ks3 -are the same, it is equivalent to just encryption using ECB mode and -.Fa ks1 -as the key. -.Pp -The macro -.Fn DES_ecb2_encrypt -is provided to perform two-key Triple-DES encryption by using -.Fa ks1 -for the final encryption. -.Pp -.Fn DES_ncbc_encrypt -encrypts/decrypts using the cipher-block-chaining (CBC) mode of DES. -If the -.Fa enc -argument is non-zero, the routine cipher-block-chain encrypts the -cleartext data pointed to by the -.Fa input -argument into the ciphertext pointed to by the -.Fa output -argument, using the key schedule provided by the -.Fa schedule -argument, and initialization vector provided by the -.Fa ivec -argument. -If the -.Fa length -argument is not an integral multiple of eight bytes, the last block is -copied to a temporary area and zero filled. -The output is always an integral multiple of eight bytes. -.Pp -.Fn DES_xcbc_encrypt -is RSA's DESX mode of DES. -It uses -.Fa inw -and -.Fa outw -to "whiten" the encryption. -.Fa inw -and -.Fa outw -are secret (unlike the iv) and are as such, part of the key. -So the key is sort of 24 bytes. -This is much better than CBC DES. -.Pp -.Fn DES_ede3_cbc_encrypt -implements outer triple CBC DES encryption with three keys. -This means that each DES operation inside the CBC mode is -.Qq Li C=E(ks3,D(ks2,E(ks1,M))) . -This mode is used by SSL. -.Pp -The -.Fn DES_ede2_cbc_encrypt -macro implements two-key Triple-DES by reusing -.Fa ks1 -for the final encryption. -.Qq Li C=E(ks1,D(ks2,E(ks1,M))) . -This form of Triple-DES is used by the RSAREF library. -.Pp -.Fn DES_pcbc_encrypt -encrypts/decrypts using the propagating cipher block chaining mode used -by Kerberos v4. -Its parameters are the same as -.Fn DES_ncbc_encrypt . -.Pp -.Fn DES_cfb_encrypt -encrypts/decrypts using cipher feedback mode. -This method takes an array of characters as input and outputs an array -of characters. -It does not require any padding to 8 character groups. -Note: the -.Fa ivec -variable is changed and the new changed value needs to be passed to the -next call to this function. -Since this function runs a complete DES ECB encryption per -.Fa numbits , -this function is only suggested for use when sending a small number of -characters. -.Pp -.Fn DES_cfb64_encrypt -implements CFB mode of DES with 64-bit feedback. -Why is this useful you ask? -Because this routine will allow you to encrypt an arbitrary number of -bytes, without 8 byte padding. -Each call to this routine will encrypt the input bytes to output and -then update ivec and num. -num contains "how far" we are though ivec. -If this does not make much sense, read more about CFB mode of DES. -.Pp -.Fn DES_ede3_cfb64_encrypt -and -.Fn DES_ede2_cfb64_encrypt -is the same as -.Fn DES_cfb64_encrypt -except that Triple-DES is used. -.Pp -.Fn DES_ofb_encrypt -encrypts using output feedback mode. -This method takes an array of characters as input and outputs an array -of characters. -It does not require any padding to 8 character groups. -Note: the -.Fa ivec -variable is changed and the new changed value needs to be passed to the -next call to this function. -Since this function runs a complete DES ECB encryption per -.Fa numbits , -this function is only suggested for use when sending a small number -of characters. -.Pp -.Fn DES_ofb64_encrypt -is the same as -.Fn DES_cfb64_encrypt -using Output Feed Back mode. -.Pp -.Fn DES_ede3_ofb64_encrypt -and -.Fn DES_ede2_ofb64_encrypt -is the same as -.Fn DES_ofb64_encrypt , -using Triple-DES. -.Pp -The following functions are included in the DES library for -compatibility with the MIT Kerberos library. -.Pp -.Fn DES_cbc_cksum -produces an 8-byte checksum based on the input stream (via CBC -encryption). -The last 4 bytes of the checksum are returned and the complete 8 bytes -are placed in -.Fa output . -This function is used by Kerberos v4. -Other applications should use -.Xr EVP_DigestInit 3 -etc. instead. -.Pp -.Fn DES_quad_cksum -is a Kerberos v4 function. -It returns a 4-byte checksum from the input bytes. -The algorithm can be iterated over the input, depending on -.Fa out_count , -1, 2, 3 or 4 times. -If -.Fa output -is -.Pf non- Dv NULL , -the 8 bytes generated by each pass are written into -.Fa output . -.Pp -The following are DES-based transformations: -.Pp -.Fn DES_fcrypt -is a fast version of the Unix -.Xr crypt 3 -function. -The -.Fa salt -must be two ASCII characters. -This version is different from the normal crypt in that the third -parameter is the buffer that the return value is written into. -It needs to be at least 14 bytes long. -The fourteenth byte is set to NUL. -This version takes only a small amount of space relative to other -fast crypt implementations. -It is thread safe, unlike the normal crypt. -.Pp -.Fn DES_crypt -is a faster replacement for the normal system -.Xr crypt 3 . -This function calls -.Fn DES_fcrypt -with a static array passed as the third parameter. -This emulates the normal non-thread safe semantics of -.Xr crypt 3 . -.Pp -.Fn DES_enc_write -writes -.Fa len -bytes to file descriptor -.Fa fd -from buffer -.Fa buf . -The data is encrypted via -.Em pcbc_encrypt -(default) using -.Fa sched -for the key and -.Fa iv -as a starting vector. -The actual data send down -.Fa fd -consists of 4 bytes (in network byte order) containing the length of the -following encrypted data. -The encrypted data then follows, padded with random data out to a -multiple of 8 bytes. -.Pp -.Fn DES_enc_read -is used to read -.Fa len -bytes from file descriptor -.Fa fd -into buffer -.Fa buf . -The data being read from -.Fa fd -is assumed to have come from -.Fn DES_enc_write -and is decrypted using -.Fa sched -for the key schedule and -.Fa iv -for the initial vector. -.Pp -.Sy Warning : -The data format used by -.Fn DES_enc_write -and -.Fn DES_enc_read -has a cryptographic weakness: when asked to write more than -.Dv MAXWRITE -bytes, -.Fn DES_enc_write -will split the data into several chunks that are all encrypted using the -same IV. -So don't use these functions unless you are sure you know what -you do (in which case you might not want to use them anyway). -They cannot handle non-blocking sockets. -.Fn DES_enc_read -uses an internal state and thus cannot be used on multiple files. -.Pp -.Em DES_rw_mode -is used to specify the encryption mode to use with -.Fn DES_enc_read . -If set to -.Dv DES_PCBC_MODE -(the default), DES_pcbc_encrypt is used. -If set to -.Dv DES_CBC_MODE -DES_cbc_encrypt is used. -.Sh RETURN VALUES -.Fn DES_set_key , -.Fn DES_key_sched , -and -.Fn DES_set_key_checked -return 0 on success or a negative value on error. -.Pp -.Fn DES_is_weak_key -returns 1 if the passed key is a weak key or 0 if it is ok. -.Pp -.Fn DES_cbc_cksum -and -.Fn DES_quad_cksum -return a 4-byte integer representing the last 4 bytes of the checksum -of the input. -.Pp -.Fn DES_fcrypt -returns a pointer to the caller-provided buffer -.Fa ret , -and -.Fn DES_crypt -returns a pointer to a static buffer. -Both are allowed to return -.Dv NULL -to indicate failure, but currently, they cannot fail. -.Sh SEE ALSO -.Xr crypt 3 , -.Xr EVP_des_cbc 3 , -.Xr EVP_EncryptInit 3 -.Sh STANDARDS -ANSI X3.106 -.Pp -The DES library was initially written to be source code compatible -with the MIT Kerberos library. -.Sh HISTORY -.Fn DES_random_key , -.Fn DES_set_key , -.Fn DES_key_sched , -.Fn DES_set_odd_parity , -.Fn DES_is_weak_key , -.Fn DES_ecb_encrypt , -.Fn DES_cfb_encrypt , -.Fn DES_ofb_encrypt , -.Fn DES_pcbc_encrypt , -.Fn DES_cfb64_encrypt , -.Fn DES_ofb64_encrypt , -.Fn DES_ede3_cbc_encrypt , -.Fn DES_cbc_cksum , -.Fn DES_quad_cksum , -.Fn DES_string_to_key , -.Fn DES_string_to_2keys , -.Fn DES_crypt , -.Fn DES_enc_read , -and -.Fn DES_enc_write -appeared in SSLeay 0.4 or earlier. -.Fn DES_ncbc_encrypt -first appeared in SSLeay 0.4.2. -.Fn DES_ede2_cbc_encrypt -first appeared in SSLeay 0.4.4. -.Fn DES_ecb2_encrypt , -.Fn DES_ecb3_encrypt , -.Fn DES_ede2_cfb64_encrypt , -.Fn DES_ede2_ofb64_encrypt , -.Fn DES_ede3_cfb64_encrypt , -and -.Fn DES_ede3_ofb64_encrypt -first appeared in SSLeay 0.5.1. -.Fn DES_xcbc_encrypt -first appeared in SSLeay 0.6.2. -.Fn DES_fcrypt -first appeared in SSLeay 0.6.5. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn DES_set_key_checked -and -.Fn DES_set_key_unchecked -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -In OpenSSL 0.9.7 and -.Ox 3.2 , -all -.Sy des_ -functions were renamed to -.Sy DES_ -to avoid clashes with older versions of libdes. -.Sh AUTHORS -.An Eric Young Aq Mt eay@cryptsoft.com -.Sh CAVEATS -Single-key DES is insecure due to its short key size. -ECB mode is not suitable for most applications. -.Sh BUGS -DES_cbc_encrypt does not modify -.Fa ivec ; -use -.Fn DES_ncbc_encrypt -instead. -.Pp -.Fn DES_cfb_encrypt -and -.Fn DES_ofb_encrypt -operates on input of 8 bits. -What this means is that if you set numbits to 12, and length to 2, the -first 12 bits will come from the 1st input byte and the low half of the -second input byte. -The second 12 bits will have the low 8 bits taken from the 3rd input -byte and the top 4 bits taken from the 4th input byte. -The same holds for output. -This function has been implemented this way because most people will be -using a multiple of 8 and because once you get into pulling input -bytes apart things get ugly! -.Pp -.Fn DES_string_to_key -is available for backward compatibility with the MIT library. -New applications should use a cryptographic hash function. -The same applies for -.Fn DES_string_to_2key . diff --git a/src/lib/libcrypto/man/DH_generate_key.3 b/src/lib/libcrypto/man/DH_generate_key.3 deleted file mode 100644 index 076b49f7a1..0000000000 --- a/src/lib/libcrypto/man/DH_generate_key.3 +++ /dev/null @@ -1,122 +0,0 @@ -.\" $OpenBSD: DH_generate_key.3,v 1.12 2019/08/19 13:08:26 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 19 2019 $ -.Dt DH_GENERATE_KEY 3 -.Os -.Sh NAME -.Nm DH_generate_key , -.Nm DH_compute_key -.Nd perform Diffie-Hellman key exchange -.Sh SYNOPSIS -.In openssl/dh.h -.Ft int -.Fo DH_generate_key -.Fa "DH *dh" -.Fc -.Ft int -.Fo DH_compute_key -.Fa "unsigned char *key" -.Fa "BIGNUM *pub_key" -.Fa "DH *dh" -.Fc -.Sh DESCRIPTION -.Fn DH_generate_key -performs the first step of a Diffie-Hellman key exchange by generating -private and public DH values. -By calling -.Fn DH_compute_key , -these are combined with the other party's public value to compute the -shared key. -.Pp -.Fn DH_generate_key -expects -.Fa dh -to contain the shared parameters -.Sy dh->p -and -.Sy dh->g . -It generates a random private DH value unless -.Sy dh->priv_key -is already set, and computes the corresponding public value -.Sy dh->pub_key , -which can then be published. -.Pp -.Fn DH_compute_key -computes the shared secret from the private DH value in -.Fa dh -and the other party's public value in -.Fa pub_key -and stores it in -.Fa key . -.Fa key -must point to -.Fn DH_size dh -bytes of memory. -.Sh RETURN VALUES -.Fn DH_generate_key -returns 1 on success, or 0 otherwise. -.Pp -.Fn DH_compute_key -returns the size of the shared secret on success, or -1 on error. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr DH_get0_key 3 , -.Xr DH_new 3 , -.Xr DH_size 3 , -.Xr ECDH_compute_key 3 -.Sh HISTORY -.Fn DH_generate_key -and -.Fn DH_compute_key -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/DH_generate_parameters.3 b/src/lib/libcrypto/man/DH_generate_parameters.3 deleted file mode 100644 index accdf116f5..0000000000 --- a/src/lib/libcrypto/man/DH_generate_parameters.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" $OpenBSD: DH_generate_parameters.3,v 1.13 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt DH_GENERATE_PARAMETERS 3 -.Os -.Sh NAME -.Nm DH_generate_parameters_ex , -.Nm DH_check , -.Nm DH_generate_parameters -.Nd generate and check Diffie-Hellman parameters -.Sh SYNOPSIS -.In openssl/dh.h -.Ft int -.Fo DH_generate_parameters_ex -.Fa "DH *dh" -.Fa "int prime_len" -.Fa "int generator" -.Fa "BN_GENCB *cb" -.Fc -.Ft int -.Fo DH_check -.Fa "DH *dh" -.Fa "int *codes" -.Fc -.Pp -Deprecated: -.Pp -.Ft DH * -.Fo DH_generate_parameters -.Fa "int prime_len" -.Fa "int generator" -.Fa "void (*callback)(int, int, void *)" -.Fa "void *cb_arg" -.Fc -.Sh DESCRIPTION -.Fn DH_generate_parameters_ex -generates Diffie-Hellman parameters that can be shared among a group of -users, and stores them in the provided -.Vt DH -structure. -.Pp -.Fa prime_len -is the length in bits of the safe prime to be generated. -.Fa generator -is a small number > 1, typically 2 or 5. -.Pp -A callback function may be used to provide feedback about the progress -of the key generation. -If -.Fa cb -is not -.Dv NULL , -it will be called as described in -.Xr BN_generate_prime 3 -while a random prime number is generated, and when a prime has been -found, -.Fn BN_GENCB_call cb 3 0 -is called; see -.Xr BN_GENCB_call 3 . -.Pp -.Fn DH_check -validates Diffie-Hellman parameters. -If no problems are found, -.Pf * Ar codes -is set to zero. -Otherwise, one or more of the following bits are set: -.Bl -tag -width Ds -.It Dv DH_CHECK_P_NOT_PRIME -The parameter -.Fa dh->p -is not prime. -.It Dv DH_CHECK_P_NOT_SAFE_PRIME -The parameter -.Fa dh->p -is not a safe prime. -.It Dv DH_UNABLE_TO_CHECK_GENERATOR -The generator -.Fa dh->g -cannot be checked for suitability: it is neither 2 nor 5. -.It Dv DH_NOT_SUITABLE_GENERATOR -The generator -.Fa dh->g -is not suitable. -.El -.Sh RETURN VALUES -.Fn DH_generate_parameters_ex -and -.Fn DH_check -return 1 if the check could be performed, or 0 otherwise. -.Pp -.Fn DH_generate_parameters -(deprecated) returns a pointer to the -.Vt DH -structure, or -.Dv NULL -if the parameter generation fails. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr DH_get0_pqg 3 , -.Xr DH_new 3 -.Sh HISTORY -.Fn DH_check -and -.Fn DH_generate_parameters -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -The -.Fa cb_arg -argument to -.Fn DH_generate_parameters -was added in SSLeay 0.9.0. -.Pp -In versions before OpenSSL 0.9.5, -.Dv DH_CHECK_P_NOT_STRONG_PRIME -is used instead of -.Dv DH_CHECK_P_NOT_SAFE_PRIME . -.Pp -.Fn DH_generate_parameters_ex -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . -.Sh CAVEATS -.Fn DH_generate_parameters_ex -and -.Fn DH_generate_parameters -may run for several hours before finding a suitable prime. -.Pp -The parameters generated by -.Fn DH_generate_parameters_ex -and -.Fn DH_generate_parameters -are not to be used in signature schemes. -.Sh BUGS -If -.Fa generator -is not 2 or 5, -.Fa dh->g Ns = Ns Fa generator -is not a usable generator. diff --git a/src/lib/libcrypto/man/DH_get0_pqg.3 b/src/lib/libcrypto/man/DH_get0_pqg.3 deleted file mode 100644 index 5a115b71d0..0000000000 --- a/src/lib/libcrypto/man/DH_get0_pqg.3 +++ /dev/null @@ -1,273 +0,0 @@ -.\" $OpenBSD: DH_get0_pqg.3,v 1.5 2018/12/21 21:54:48 schwarze Exp $ -.\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2016, 2018 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: December 21 2018 $ -.Dt DH_GET0_PQG 3 -.Os -.Sh NAME -.Nm DH_get0_pqg , -.Nm DH_set0_pqg , -.Nm DH_get0_key , -.Nm DH_set0_key , -.Nm DH_clear_flags , -.Nm DH_test_flags , -.Nm DH_set_flags , -.Nm DH_get0_engine , -.Nm DH_set_length -.Nd get data from and set data in a DH object -.Sh SYNOPSIS -.In openssl/dh.h -.Ft void -.Fo DH_get0_pqg -.Fa "const DH *dh" -.Fa "const BIGNUM **p" -.Fa "const BIGNUM **q" -.Fa "const BIGNUM **g" -.Fc -.Ft int -.Fo DH_set0_pqg -.Fa "DH *dh" -.Fa "BIGNUM *p" -.Fa "BIGNUM *q" -.Fa "BIGNUM *g" -.Fc -.Ft void -.Fo DH_get0_key -.Fa "const DH *dh" -.Fa "const BIGNUM **pub_key" -.Fa "const BIGNUM **priv_key" -.Fc -.Ft int -.Fo DH_set0_key -.Fa "DH *dh" -.Fa "BIGNUM *pub_key" -.Fa "BIGNUM *priv_key" -.Fc -.Ft void -.Fo DH_clear_flags -.Fa "DH *dh" -.Fa "int flags" -.Fc -.Ft int -.Fo DH_test_flags -.Fa "const DH *dh" -.Fa "int flags" -.Fc -.Ft void -.Fo DH_set_flags -.Fa "DH *dh" -.Fa "int flags" -.Fc -.Ft ENGINE * -.Fo DH_get0_engine -.Fa "DH *d" -.Fc -.Ft int -.Fo DH_set_length -.Fa "DH *dh" -.Fa "long length" -.Fc -.Sh DESCRIPTION -A -.Vt DH -object contains the parameters -.Fa p , -.Fa g , -and optionally -.Fa q . -It also contains a public key -.Fa pub_key -and an optional private key -.Fa priv_key . -.Pp -The -.Fa p , -.Fa q , -and -.Fa g -parameters can be obtained by calling -.Fn DH_get0_pqg . -If the parameters have not yet been set, then -.Pf * Fa p , -.Pf * Fa q , -and -.Pf * Fa g -are set to -.Dv NULL . -Otherwise, they are set to pointers to the internal representations -of the values that should not be freed by the application. -Any of the out parameters -.Fa p , -.Fa q , -and -.Fa g -can be -.Dv NULL , -in which case no value is returned for that parameter. -.Pp -The -.Fa p , -.Fa q , -and -.Fa g -values can be set by calling -.Fn DH_set0_pqg . -Calling this function transfers the memory management of the values to -.Fa dh , -and therefore they should not be freed by the caller. -The -.Fa q -argument may be -.Dv NULL . -.Pp -The -.Fn DH_get0_key -function stores pointers to the internal representations -of the public key in -.Pf * Fa pub_key -and to the private key in -.Pf * Fa priv_key . -Either may be -.Dv NULL -if it has not yet been set. -If the private key has been set, then the public key must be. -Any of the out parameters -.Fa pub_key -and -.Fa priv_key -can be -.Dv NULL , -in which case no value is returned for that parameter. -.Pp -The public and private key values can be set using -.Fn DH_set0_key . -Either parameter may be -.Dv NULL , -which means the corresponding -.Vt DH -field is left untouched. -This function transfers the memory management of the key values to -.Fa dh , -and therefore they should not be freed by the caller. -.Pp -Values retrieved with -.Fn DH_get0_pqg -and -.Fn DH_get0_key -are owned by the -.Vt DH -object and may therefore not be passed to -.Fn DH_set0_pqg -or -.Fn DH_set0_key . -If needed, duplicate the received values using -.Xr BN_dup 3 -and pass the duplicates. -.Pp -.Fn DH_clear_flags -clears the specified -.Fa flags -in -.Fa dh . -.Fn DH_test_flags -tests the -.Fa flags -in -.Fa dh . -.Fn DH_set_flags -sets the -.Fa flags -in -.Fa dh ; -any flags already set remain set. -For all three functions, multiple flags can be passed in one call, -OR'ed together bitwise. -.Pp -.Fn DH_set_length -sets the optional length attribute of -.Fa dh , -indicating the length of the secret exponent (private key) in bits. -If the length attribute is non-zero, it is used, otherwise it is ignored. -.Sh RETURN VALUES -.Fn DH_set0_pqg , -.Fn DH_set0_key , -and -.Fn DH_set_length -return 1 on success or 0 on failure. -.Pp -.Fn DH_test_flags -return those of the given -.Fa flags -currently set in -.Fa dh -or 0 if none of the given -.Fa flags -are set. -.Pp -.Fn DH_get0_engine -returns a pointer to the -.Vt ENGINE -used by the -.Vt DH -object -.Fa dh , -or -.Dv NULL -if no engine was set for this object. -.Sh SEE ALSO -.Xr DH_generate_key 3 , -.Xr DH_generate_parameters 3 , -.Xr DH_new 3 , -.Xr DH_size 3 , -.Xr DHparams_print 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/DH_get_ex_new_index.3 b/src/lib/libcrypto/man/DH_get_ex_new_index.3 deleted file mode 100644 index 81a0aff8ec..0000000000 --- a/src/lib/libcrypto/man/DH_get_ex_new_index.3 +++ /dev/null @@ -1,99 +0,0 @@ -.\" $OpenBSD: DH_get_ex_new_index.3,v 1.5 2018/03/23 23:18:17 schwarze Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt DH_GET_EX_NEW_INDEX 3 -.Os -.Sh NAME -.Nm DH_get_ex_new_index , -.Nm DH_set_ex_data , -.Nm DH_get_ex_data -.Nd add application specific data to DH structures -.Sh SYNOPSIS -.In openssl/dh.h -.Ft int -.Fo DH_get_ex_new_index -.Fa "long argl" -.Fa "void *argp" -.Fa "CRYPTO_EX_new *new_func" -.Fa "CRYPTO_EX_dup *dup_func" -.Fa "CRYPTO_EX_free *free_func" -.Fc -.Ft int -.Fo DH_set_ex_data -.Fa "DH *d" -.Fa "int idx" -.Fa "void *arg" -.Fc -.Ft char * -.Fo DH_get_ex_data -.Fa "DH *d" -.Fa "int idx" -.Fc -.Sh DESCRIPTION -These functions handle application specific data in -.Vt DH -structures. -Their usage is identical to that of -.Xr RSA_get_ex_new_index 3 , -.Xr RSA_set_ex_data 3 , -and -.Xr RSA_get_ex_data 3 . -.Sh SEE ALSO -.Xr DH_new 3 , -.Xr RSA_get_ex_new_index 3 -.Sh HISTORY -.Fn DH_get_ex_new_index , -.Fn DH_set_ex_data , -and -.Fn DH_get_ex_data -first appeared in OpenSSL 0.9.5 -and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/DH_new.3 b/src/lib/libcrypto/man/DH_new.3 deleted file mode 100644 index 9882874ad7..0000000000 --- a/src/lib/libcrypto/man/DH_new.3 +++ /dev/null @@ -1,132 +0,0 @@ -.\" $OpenBSD: DH_new.3,v 1.11 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt DH_NEW 3 -.Os -.Sh NAME -.Nm DH_new , -.Nm DH_up_ref , -.Nm DH_free -.Nd allocate and free DH objects -.Sh SYNOPSIS -.In openssl/dh.h -.Ft DH* -.Fn DH_new void -.Ft int -.Fo DH_up_ref -.Fa "DH *dh" -.Fc -.Ft void -.Fo DH_free -.Fa "DH *dh" -.Fc -.Sh DESCRIPTION -The DH functions implement the Diffie-Hellman key agreement protocol. -.Pp -.Fn DH_new -allocates and initializes a -.Vt DH -structure, setting the reference count to 1. -It is equivalent to -.Xr DH_new_method 3 -with a -.Dv NULL -argument. -.Pp -.Fn DH_up_ref -increments the reference count by 1. -.Pp -.Fn DH_free -decrements the reference count by 1. -If it reaches 0, it frees the -.Vt DH -structure and its components. -The values are erased before the memory is returned to the system. -If -.Fa dh -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -If the allocation fails, -.Fn DH_new -returns -.Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 . -Otherwise it returns a pointer to the newly allocated structure. -.Pp -.Fn DH_up_ref -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr BN_new 3 , -.Xr crypto 3 , -.Xr d2i_DHparams 3 , -.Xr DH_generate_key 3 , -.Xr DH_generate_parameters 3 , -.Xr DH_get0_pqg 3 , -.Xr DH_get_ex_new_index 3 , -.Xr DH_set_method 3 , -.Xr DH_size 3 , -.Xr DHparams_print 3 , -.Xr DSA_dup_DH 3 , -.Xr EVP_PKEY_CTX_set_dh_paramgen_prime_len 3 , -.Xr EVP_PKEY_set1_DH 3 -.Sh HISTORY -.Fn DH_new -and -.Fn DH_free -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn DH_up_ref -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/DH_set_method.3 b/src/lib/libcrypto/man/DH_set_method.3 deleted file mode 100644 index 9863cbaca9..0000000000 --- a/src/lib/libcrypto/man/DH_set_method.3 +++ /dev/null @@ -1,217 +0,0 @@ -.\" $OpenBSD: DH_set_method.3,v 1.7 2018/04/18 01:09:01 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002, 2007 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt DH_SET_METHOD 3 -.Os -.Sh NAME -.Nm DH_set_default_method , -.Nm DH_get_default_method , -.Nm DH_set_method , -.Nm DH_new_method , -.Nm DH_OpenSSL -.Nd select DH method -.Sh SYNOPSIS -.In openssl/dh.h -.Ft void -.Fo DH_set_default_method -.Fa "const DH_METHOD *meth" -.Fc -.Ft const DH_METHOD * -.Fo DH_get_default_method -.Fa void -.Fc -.Ft int -.Fo DH_set_method -.Fa "DH *dh" -.Fa "const DH_METHOD *meth" -.Fc -.Ft DH * -.Fo DH_new_method -.Fa "ENGINE *engine" -.Fc -.Ft const DH_METHOD * -.Fo DH_OpenSSL -.Fa void -.Fc -.Sh DESCRIPTION -A -.Vt DH_METHOD -object contains pointers to the functions -used for Diffie-Hellman operations. -By default, the internal implementation returned by -.Fn DH_OpenSSL -is used. -By selecting another method, alternative implementations -such as hardware accelerators may be used. -.Pp -.Fn DH_set_default_method -selects -.Fa meth -as the default method for all -.Vt DH -structures created later. -If any -.Vt ENGINE -was registered with -.Xr ENGINE_register_DH 3 -that can be successfully initialized, it overrides the default. -.Pp -.Fn DH_get_default_method -returns a pointer to the current default method, -even if it is actually overridded by an -.Vt ENGINE . -.Pp -.Fn DH_set_method -selects -.Fa meth -to perform all operations using the key -.Fa dh . -This replaces the -.Vt DH_METHOD -used by the -.Fa dh -key and if the previous method was supplied by an -.Vt ENGINE , -.Xr ENGINE_finish 3 -is called on it. -It is possible to have -.Vt DH -keys that only work with certain -.Vt DH_METHOD -implementations (e.g. from an -.Vt ENGINE -module that supports embedded hardware-protected keys), -and in such cases attempting to change the -.Vt DH_METHOD -for the key can have unexpected results. -.Pp -.Fn DH_new_method -allocates and initializes a -.Vt DH -structure so that -.Fa engine -is used for the DH operations. -If -.Fa engine -is -.Dv NULL , -.Xr ENGINE_get_default_DH 3 -is used. -If that returns -.Dv NULL , -the default method controlled by -.Fn DH_set_default_method -is used. -.Pp -The -.Vt DH_METHOD -structure is defined as follows: -.Bd -literal -typedef struct dh_meth_st -{ - /* name of the implementation */ - const char *name; - - /* generate private and public DH values for key agreement */ - int (*generate_key)(DH *dh); - - /* compute shared secret */ - int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh); - - /* compute r = a ^ p mod m (May be NULL for some implementations) */ - int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); - - /* called at DH_new */ - int (*init)(DH *dh); - - /* called at DH_free */ - int (*finish)(DH *dh); - - int flags; - - char *app_data; /* ?? */ - -} DH_METHOD; -.Ed -.Sh RETURN VALUES -.Fn DH_OpenSSL -and -.Fn DH_get_default_method -return pointers to the respective -.Vt DH_METHOD . -.Pp -.Fn DH_set_method -returns 1 on success or 0 on failure. -Currently, it cannot fail. -.Pp -.Fn DH_new_method -returns -.Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 -if the allocation fails. -Otherwise it returns a pointer to the newly allocated structure. -.Sh SEE ALSO -.Xr DH_new 3 , -.Xr ENGINE_get_default_DH 3 , -.Xr ENGINE_register_DH 3 , -.Xr ENGINE_set_default_DH 3 -.Sh HISTORY -.Fn DH_set_default_method , -.Fn DH_get_default_method , -.Fn DH_set_method , -.Fn DH_new_method -and -.Fn DH_OpenSSL -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/DH_size.3 b/src/lib/libcrypto/man/DH_size.3 deleted file mode 100644 index be1f50990b..0000000000 --- a/src/lib/libcrypto/man/DH_size.3 +++ /dev/null @@ -1,96 +0,0 @@ -.\" $OpenBSD: DH_size.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller -.\" and Kurt Roeckx . -.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt DH_SIZE 3 -.Os -.Sh NAME -.Nm DH_size , -.Nm DH_bits -.Nd get Diffie-Hellman prime size -.Sh SYNOPSIS -.In openssl/dh.h -.Ft int -.Fo DH_size -.Fa "const DH *dh" -.Fc -.Ft int -.Fo DH_bits -.Fa "const DH *dh" -.Fc -.Sh DESCRIPTION -.Fn DH_size -returns the Diffie-Hellman prime size in bytes. -It can be used to determine how much memory must be allocated for the -shared secret computed by -.Xr DH_compute_key 3 . -.Pp -.Fn DH_bits -returns the number of significant bits in the key. -.Pp -.Fa dh -and -.Fa dh->p -must not be -.Dv NULL . -.Sh SEE ALSO -.Xr BN_num_bytes 3 , -.Xr DH_generate_key 3 , -.Xr DH_get0_key 3 , -.Xr DH_new 3 -.Sh HISTORY -.Fn DH_size -first appeared in SSLeay 0.5.1 and has been available since -.Ox 2.4 . -.Pp -.Fn DH_bits -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/DIST_POINT_new.3 b/src/lib/libcrypto/man/DIST_POINT_new.3 deleted file mode 100644 index 6a5cc40468..0000000000 --- a/src/lib/libcrypto/man/DIST_POINT_new.3 +++ /dev/null @@ -1,154 +0,0 @@ -.\" $OpenBSD: DIST_POINT_new.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt DIST_POINT_NEW 3 -.Os -.Sh NAME -.Nm DIST_POINT_new , -.Nm DIST_POINT_free , -.Nm CRL_DIST_POINTS_new , -.Nm CRL_DIST_POINTS_free , -.Nm DIST_POINT_NAME_new , -.Nm DIST_POINT_NAME_free , -.Nm ISSUING_DIST_POINT_new , -.Nm ISSUING_DIST_POINT_free -.Nd X.509 CRL distribution point extensions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft DIST_POINT * -.Fn DIST_POINT_new void -.Ft void -.Fn DIST_POINT_free "DIST_POINT *dp" -.Ft CRL_DIST_POINTS * -.Fn CRL_DIST_POINTS_new void -.Ft void -.Fn CRL_DIST_POINTS_free "CRL_DIST_POINTS *dps" -.Ft DIST_POINT_NAME * -.Fn DIST_POINT_NAME_new void -.Ft void -.Fn DIST_POINT_NAME_free "DIST_POINT_NAME *name" -.Ft ISSUING_DIST_POINT * -.Fn ISSUING_DIST_POINT_new void -.Ft void -.Fn ISSUING_DIST_POINT_free "ISSUING_DIST_POINT *dp" -.Sh DESCRIPTION -Using the CRL distribution point extension, a certificate can specify -where to obtain certificate revocation lists that might later revoke it. -.Pp -.Fn DIST_POINT_new -allocates and initializes an empty -.Vt DIST_POINT -object, representing an ASN.1 -.Vt DistributionPoint -structure defined in RFC 5280 section 4.2.1.13. -It can hold issuer names, distribution point names, and reason flags. -.Fn DIST_POINT_free -frees -.Fa dp . -.Pp -.Fn CRL_DIST_POINTS_new -allocates and initializes an empty -.Vt CRL_DIST_POINTS -object, which is a -.Vt STACK_OF(DIST_POINT) -and represents the ASN.1 -.Vt CRLDistributionPoints -structure defined in RFC 5280 section 4.2.1.13. -It can be used as an extension in -.Vt X509 -and in -.Vt X509_CRL -objects. -.Fn CRL_DIST_POINTS_free -frees -.Fa dps . -.Pp -.Fn DIST_POINT_NAME_new -allocates and initializes an empty -.Vt DIST_POINT_NAME -object, representing an ASN.1 -.Vt DistributionPointName -structure defined in RFC 5280 section 4.2.1.13. -It is used by the -.Vt DIST_POINT -and -.Vt ISSUING_DIST_POINT -objects and can hold multiple names, each representing a different -way to obtain the same CRL. -.Fn DIST_POINT_NAME_free -frees -.Fa name . -.Pp -.Fn ISSUING_DIST_POINT_new -allocates and initializes an empty -.Vt ISSUING_DIST_POINT -object, representing an ASN.1 -.Vt IssuingDistributionPoint -structure defined in RFC 5280 section 5.2.5. -Using this extension, a CRL can specify which distribution point -it was issued from and which kinds of certificates and revocation -reasons it covers. -.Fn ISSUING_DIST_POINT_free -frees -.Fa dp . -.Sh RETURN VALUES -.Fn DIST_POINT_new , -.Fn CRL_DIST_POINTS_new , -.Fn DIST_POINT_NAME_new , -and -.Fn ISSUING_DIST_POINT_new -return the new -.Vt DIST_POINT , -.Vt CRL_DIST_POINTS , -.Vt DIST_POINT_NAME , -or -.Vt ISSUING_DIST_POINT -object, respectively, or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_DIST_POINT 3 , -.Xr GENERAL_NAMES_new 3 , -.Xr X509_CRL_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_NAME_new 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile: -.Bl -dash -compact -.It -section 4.2.1.13: CRL Distribution Points -.It -section 5.2.5: Issuing Distribution Point -.El -.Sh HISTORY -.Fn DIST_POINT_new , -.Fn DIST_POINT_free , -.Fn CRL_DIST_POINTS_new , -.Fn CRL_DIST_POINTS_free , -.Fn DIST_POINT_NAME_new , -and -.Fn DIST_POINT_NAME_free -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . -.Pp -.Fn ISSUING_DIST_POINT_new -and -.Fn ISSUING_DIST_POINT_free -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/DSA_SIG_new.3 b/src/lib/libcrypto/man/DSA_SIG_new.3 deleted file mode 100644 index 160b453939..0000000000 --- a/src/lib/libcrypto/man/DSA_SIG_new.3 +++ /dev/null @@ -1,141 +0,0 @@ -.\" $OpenBSD: DSA_SIG_new.3,v 1.8 2019/06/10 14:58:48 schwarze Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller , -.\" Dr. Stephen Henson , and -.\" TJ Saunders . -.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt DSA_SIG_NEW 3 -.Os -.Sh NAME -.Nm DSA_SIG_new , -.Nm DSA_SIG_free , -.Nm DSA_SIG_get0 , -.Nm DSA_SIG_set0 -.Nd manipulate DSA signature objects -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft DSA_SIG * -.Fn DSA_SIG_new void -.Ft void -.Fo DSA_SIG_free -.Fa "DSA_SIG *sig" -.Fc -.Ft void -.Fo DSA_SIG_get0 -.Fa "const DSA_SIG *sig" -.Fa "const BIGNUM **r" -.Fa "const BIGNUM **s" -.Fc -.Ft int -.Fo DSA_SIG_set0 -.Fa "DSA_SIG *sig" -.Fa "BIGNUM *r" -.Fa "BIGNUM *s" -.Fc -.Sh DESCRIPTION -.Fn DSA_SIG_new -allocates an empty -.Vt DSA_SIG -structure. -.Pp -.Fn DSA_SIG_free -frees the -.Vt DSA_SIG -structure and its components. -The values are erased before the memory is returned to the system. -If -.Fa sig -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn DSA_SIG_get0 -retrieves internal pointers to the -.Fa r -and -.Fa s -values contained in -.Fa sig . -.Pp -The -.Fa r -and -.Fa s -values can be set by calling -.Fn DSA_SIG_set0 . -Calling this function transfers the memory management of the values to -.Fa sig , -and therefore they should not be freed by the caller. -.Sh RETURN VALUES -If the allocation fails, -.Fn DSA_SIG_new -returns -.Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 . -Otherwise it returns a pointer to the newly allocated structure. -.Pp -.Fn DSA_SIG_set0 -returns 1 on success or 0 on failure. -.Sh SEE ALSO -.Xr DSA_do_sign 3 , -.Xr DSA_new 3 -.Sh HISTORY -.Fn DSA_SIG_new -and -.Fn DSA_SIG_free -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . -.Pp -.Fn DSA_SIG_get0 -and -.Fn DSA_SIG_set0 -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/DSA_do_sign.3 b/src/lib/libcrypto/man/DSA_do_sign.3 deleted file mode 100644 index 4602bed872..0000000000 --- a/src/lib/libcrypto/man/DSA_do_sign.3 +++ /dev/null @@ -1,119 +0,0 @@ -.\" $OpenBSD: DSA_do_sign.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt DSA_DO_SIGN 3 -.Os -.Sh NAME -.Nm DSA_do_sign , -.Nm DSA_do_verify -.Nd raw DSA signature operations -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft DSA_SIG * -.Fo DSA_do_sign -.Fa "const unsigned char *dgst" -.Fa "int dlen" -.Fa "DSA *dsa" -.Fc -.Ft int -.Fo DSA_do_verify -.Fa "const unsigned char *dgst" -.Fa "int dgst_len" -.Fa "DSA_SIG *sig" -.Fa "DSA *dsa" -.Fc -.Sh DESCRIPTION -.Fn DSA_do_sign -computes a digital signature on the -.Fa dlen -byte message digest -.Fa dgst -using the private key -.Fa dsa -and returns it in a newly allocated -.Vt DSA_SIG -structure. -.Pp -.Xr DSA_sign_setup 3 -may be used to precompute part of the signing operation in case -signature generation is time-critical. -.Pp -.Fn DSA_do_verify -verifies that the signature -.Fa sig -matches a given message digest -.Fa dgst -of size -.Fa dgst_len . -.Fa dsa -is the signer's public key. -.Sh RETURN VALUES -.Fn DSA_do_sign -returns the signature or -.Dv NULL -on error. -.Fn DSA_do_verify -returns 1 for a valid signature, 0 for an incorrect signature, -and -1 on error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr DSA_get0_key 3 , -.Xr DSA_meth_set_sign 3 , -.Xr DSA_new 3 , -.Xr DSA_SIG_new 3 , -.Xr DSA_sign 3 -.Sh HISTORY -.Fn DSA_do_sign -and -.Fn DSA_do_verify -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/DSA_dup_DH.3 b/src/lib/libcrypto/man/DSA_dup_DH.3 deleted file mode 100644 index d82defa378..0000000000 --- a/src/lib/libcrypto/man/DSA_dup_DH.3 +++ /dev/null @@ -1,92 +0,0 @@ -.\" $OpenBSD: DSA_dup_DH.3,v 1.8 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt DSA_DUP_DH 3 -.Os -.Sh NAME -.Nm DSA_dup_DH -.Nd create a DH structure out of DSA structure -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft DH * -.Fo DSA_dup_DH -.Fa "const DSA *r" -.Fc -.Sh DESCRIPTION -.Fn DSA_dup_DH -duplicates -.Vt DSA -parameters/keys as -.Vt DH -parameters/keys. -.Fa r->q -is lost during that conversion, but the resulting -.Vt DH -parameters contain its length. -.Sh RETURN VALUES -.Fn DSA_dup_DH -returns the new -.Vt DH -structure or -.Dv NULL -on error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr DH_new 3 , -.Xr DSA_get0_pqg 3 , -.Xr DSA_new 3 -.Sh HISTORY -.Fn DSA_dup_DH -first appeared in OpenSSL 0.9.4 and has been available since -.Ox 2.6 . -.Sh CAVEATS -Be careful to avoid small subgroup attacks when using this. diff --git a/src/lib/libcrypto/man/DSA_generate_key.3 b/src/lib/libcrypto/man/DSA_generate_key.3 deleted file mode 100644 index 97e185e0b5..0000000000 --- a/src/lib/libcrypto/man/DSA_generate_key.3 +++ /dev/null @@ -1,84 +0,0 @@ -.\" $OpenBSD: DSA_generate_key.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt DSA_GENERATE_KEY 3 -.Os -.Sh NAME -.Nm DSA_generate_key -.Nd generate DSA key pair -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft int -.Fo DSA_generate_key -.Fa "DSA *a" -.Fc -.Sh DESCRIPTION -.Fn DSA_generate_key -expects -.Fa a -to contain DSA parameters. -It generates a new key pair and stores it in -.Fa a->pub_key -and -.Fa a->priv_key . -.Sh RETURN VALUES -.Fn DSA_generate_key -returns 1 on success or 0 otherwise. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr DSA_generate_parameters 3 , -.Xr DSA_get0_key 3 , -.Xr DSA_new 3 -.Sh HISTORY -.Fn DSA_generate_key -first appeared in SSLeay 0.6.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/DSA_generate_parameters.3 b/src/lib/libcrypto/man/DSA_generate_parameters.3 deleted file mode 100644 index f7dcb901f3..0000000000 --- a/src/lib/libcrypto/man/DSA_generate_parameters.3 +++ /dev/null @@ -1,226 +0,0 @@ -.\" $OpenBSD: DSA_generate_parameters.3,v 1.12 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL 9b86974e Aug 7 22:14:47 2015 -0400 -.\" -.\" This file was written by Ulf Moeller , -.\" Bodo Moeller , and Matt Caswell . -.\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt DSA_GENERATE_PARAMETERS 3 -.Os -.Sh NAME -.Nm DSA_generate_parameters_ex , -.Nm DSA_generate_parameters -.Nd generate DSA parameters -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft int -.Fo DSA_generate_parameters_ex -.Fa "DSA *dsa" -.Fa "int bits" -.Fa "const unsigned char *seed" -.Fa "int seed_len" -.Fa "int *counter_ret" -.Fa "unsigned long *h_ret" -.Fa "BN_GENCB *cb" -.Fc -.Pp -Deprecated: -.Pp -.Ft DSA * -.Fo DSA_generate_parameters -.Fa "int bits" -.Fa "unsigned char *seed" -.Fa "int seed_len" -.Fa "int *counter_ret" -.Fa "unsigned long *h_ret" -.Fa "void (*callback)(int, int, void *)" -.Fa "void *cb_arg" -.Fc -.Sh DESCRIPTION -.Fn DSA_generate_parameters_ex -generates primes p and q and a generator g for use in the DSA and stores -the result in -.Fa dsa . -.Pp -.Fa bits -is the length of the prime to be generated; the DSS allows a maximum of -1024 bits. -.Pp -If -.Fa seed -is -.Dv NULL -or -.Fa seed_len -< 20, the primes will be generated at random. -Otherwise, the seed is used to generate them. -If the given seed does not yield a prime q, a new random seed is chosen -and placed at -.Fa seed . -.Pp -.Fn DSA_generate_parameters_ex -places the iteration count in -.Pf * Fa counter_ret -and a counter used for finding a generator in -.Pf * Fa h_ret , -unless these are -.Dv NULL . -.Pp -A callback function may be used to provide feedback about the progress -of the key generation. -If -.Fa cb -is not -.Dv NULL , -it will be called as shown below. -For information on the -.Vt BN_GENCB -structure, refer to -.Xr BN_GENCB_call 3 . -.Bl -bullet -.It -When a candidate for q is generated, -.Fn BN_GENCB_call cb 0 m++ -is called -.Pf ( Fa m -is 0 for the first candidate). -.It -When a candidate for q has passed a test by trial division, -.Fn BN_GENCB_call cb 1 -1 -is called. -While a candidate for q is tested by Miller-Rabin primality tests, -.Fn BN_GENCB_call cb 1 i -is called in the outer loop (once for each witness that confirms that -the candidate may be prime); -.Fa i -is the loop counter (starting at 0). -.It -When a prime q has been found, -.Fn BN_GENCB_call cb 2 0 -and -.Fn BN_GENCB_call cb 3 0 -are called. -.It -Before a candidate for p (other than the first) is generated and tested, -.Fn BN_GENCB_call cb 0 counter -is called. -.It -When a candidate for p has passed the test by trial division, -.Fn BN_GENCB_call cb 1 -1 -is called. -While it is tested by the Miller-Rabin primality test, -.Fn BN_GENCB_call cb 1 i -is called in the outer loop (once for each witness that confirms that -the candidate may be prime). -.Fa i -is the loop counter (starting at 0). -.It -When p has been found, -.Fn BN_GENCB_call cb 2 1 -is called. -.It -When the generator has been found, -.Fn BN_GENCB_call cb 3 1 -is called. -.El -.Pp -.Fn DSA_generate_parameters -(deprecated) works in much the same way as for -.Fn DSA_generate_parameters_ex , -except that no -.Fa dsa -parameter is passed and instead a newly allocated -.Vt DSA -structure is returned. -Additionally "old style" callbacks are used instead of the newer -.Vt BN_GENCB -based approach. -Refer to -.Xr BN_generate_prime 3 -for further information. -.Sh RETURN VALUES -.Fn DSA_generate_parameters_ex -returns a 1 on success, or 0 otherwise. -.Pp -.Fn DSA_generate_parameters -returns a pointer to the -.Vt DSA -structure, or -.Dv NULL -if the parameter generation fails. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_generate_prime 3 , -.Xr DSA_get0_pqg 3 , -.Xr DSA_new 3 -.Sh HISTORY -.Fn DSA_generate_parameters -first appeared in SSLeay 0.8.0 and had its -.Fa cb_arg -argument added in SSLeay 0.9.0. -It has been available since -.Ox 2.4 . -.Pp -In versions up to OpenSSL 0.9.4, -.Fn callback 1 ...\& -was called in the inner loop of the Miller-Rabin test whenever it -reached the squaring step (the parameters to -.Fn callback -did not reveal how many witnesses had been tested); since OpenSSL 0.9.5, -.Fn callback 1 ...\& -is called as in -.Xr BN_is_prime 3 , -i.e. once for each witness. -.Pp -.Fn DSA_generate_parameters_ex -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . -.Sh BUGS -Seed lengths > 20 are not supported. diff --git a/src/lib/libcrypto/man/DSA_get0_pqg.3 b/src/lib/libcrypto/man/DSA_get0_pqg.3 deleted file mode 100644 index 56d57066be..0000000000 --- a/src/lib/libcrypto/man/DSA_get0_pqg.3 +++ /dev/null @@ -1,252 +0,0 @@ -.\" $OpenBSD: DSA_get0_pqg.3,v 1.4 2018/03/23 23:18:17 schwarze Exp $ -.\" full merge up to: OpenSSL e90fc053 Jul 15 09:39:45 2017 -0400 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt DSA_GET0_PQG 3 -.Os -.Sh NAME -.Nm DSA_get0_pqg , -.Nm DSA_set0_pqg , -.Nm DSA_get0_key , -.Nm DSA_set0_key , -.Nm DSA_clear_flags , -.Nm DSA_test_flags , -.Nm DSA_set_flags , -.Nm DSA_get0_engine -.Nd get data from and set data in a DSA object -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft void -.Fo DSA_get0_pqg -.Fa "const DSA *d" -.Fa "const BIGNUM **p" -.Fa "const BIGNUM **q" -.Fa "const BIGNUM **g" -.Fc -.Ft int -.Fo DSA_set0_pqg -.Fa "DSA *d" -.Fa "BIGNUM *p" -.Fa "BIGNUM *q" -.Fa "BIGNUM *g" -.Fc -.Ft void -.Fo DSA_get0_key -.Fa "const DSA *d" -.Fa "const BIGNUM **pub_key" -.Fa "const BIGNUM **priv_key" -.Fc -.Ft int -.Fo DSA_set0_key -.Fa "DSA *d" -.Fa "BIGNUM *pub_key" -.Fa "BIGNUM *priv_key" -.Fc -.Ft void -.Fo DSA_clear_flags -.Fa "DSA *d" -.Fa "int flags" -.Fc -.Ft int -.Fo DSA_test_flags -.Fa "const DSA *d" -.Fa "int flags" -.Fc -.Ft void -.Fo DSA_set_flags -.Fa "DSA *d" -.Fa "int flags" -.Fc -.Ft ENGINE * -.Fo DSA_get0_engine -.Fa "DSA *d" -.Fc -.Sh DESCRIPTION -A -.Vt DSA -object contains the parameters -.Fa p , -.Fa q , -and -.Fa g . -It also contains a public key -.Fa pub_key -and an optional private key -.Fa priv_key . -.Pp -The -.Fa p , -.Fa q , -and -.Fa g -parameters can be obtained by calling -.Fn DSA_get0_pqg . -If the parameters have not yet been set, then -.Pf * Fa p , -.Pf * Fa q , -and -.Pf * Fa g -are set to -.Dv NULL . -Otherwise, they are set to pointers to the internal representations -of the values that should not be freed by the application. -.Pp -The -.Fa p , -.Fa q , -and -.Fa g -values can be set by calling -.Fn DSA_set0_pqg . -Calling this function transfers the memory management of the values to -.Fa d , -and therefore they should not be freed by the caller. -.Pp -The -.Fn DSA_get0_key -function stores pointers to the internal representations -of the public key in -.Pf * Fa pub_key -and to the private key in -.Pf * Fa priv_key . -Either may be -.Dv NULL -if it has not yet been set. -If the private key has been set, then the public key must be. -.Pp -The public and private key values can be set using -.Fn DSA_set0_key . -The public key must be -.Pf non- Dv NULL -the first time this function is called on a given -.Vt DSA -object. -The private key may be -.Dv NULL . -On subsequent calls, either may be -.Dv NULL , -which means the corresponding -.Vt DSA -field is left untouched. -.Fn DSA_set0_key -transfers the memory management of the key values to -.Fa d , -and therefore they should not be freed by the caller. -.Pp -Values retrieved with -.Fn DSA_get0_pqg -and -.Fn DSA_get0_key -are owned by the -.Vt DSA -object and may therefore not be passed to -.Fn DSA_set0_pqg -or -.Fn DSA_set0_key . -If needed, duplicate the received values using -.Xr BN_dup 3 -and pass the duplicates. -.Pp -.Fn DSA_clear_flags -clears the specified -.Fa flags -in -.Fa d . -.Fn DSA_test_flags -tests the -.Fa flags -in -.Fa d . -.Fn DSA_set_flags -sets the -.Fa flags -in -.Fa d ; -any flags already set remain set. -For all three functions, multiple flags can be passed in one call, -OR'ed together bitwise. -.Sh RETURN VALUES -.Fn DSA_set0_pqg -and -.Fn DSA_set0_key -return 1 on success or 0 on failure. -.Pp -.Fn DSA_test_flags -returns those of the given -.Fa flags -currently set in -.Fa d -or 0 if none of the given -.Fa flags -are set. -.Pp -.Fn DSA_get0_engine -returns a pointer to the -.Vt ENGINE -used by the -.Vt DSA -object -Fa d , -or -.Dv NULL -if no engine was set for this object. -.Sh SEE ALSO -.Xr DSA_do_sign 3 , -.Xr DSA_dup_DH 3 , -.Xr DSA_generate_key 3 , -.Xr DSA_generate_parameters 3 , -.Xr DSA_new 3 , -.Xr DSA_print 3 , -.Xr DSA_sign 3 , -.Xr DSA_size 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/DSA_get_ex_new_index.3 b/src/lib/libcrypto/man/DSA_get_ex_new_index.3 deleted file mode 100644 index 8fe055f337..0000000000 --- a/src/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ /dev/null @@ -1,98 +0,0 @@ -.\" $OpenBSD: DSA_get_ex_new_index.3,v 1.5 2018/03/22 16:06:33 schwarze Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2009 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt DSA_GET_EX_NEW_INDEX 3 -.Os -.Sh NAME -.Nm DSA_get_ex_new_index , -.Nm DSA_set_ex_data , -.Nm DSA_get_ex_data -.Nd add application specific data to DSA structures -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft int -.Fo DSA_get_ex_new_index -.Fa "long argl" -.Fa "void *argp" -.Fa "CRYPTO_EX_new *new_func" -.Fa "CRYPTO_EX_dup *dup_func" -.Fa "CRYPTO_EX_free *free_func" -.Fc -.Ft int -.Fo DSA_set_ex_data -.Fa "DSA *d" -.Fa "int idx" -.Fa "void *arg" -.Fc -.Ft char * -.Fo DSA_get_ex_data -.Fa "DSA *d" -.Fa "int idx" -.Fc -.Sh DESCRIPTION -These functions handle application specific data in -.Vt DSA -structures. -Their usage is identical to that of -.Xr RSA_get_ex_new_index 3 , -.Xr RSA_set_ex_data 3 , -and -.Xr RSA_get_ex_data 3 . -.Sh SEE ALSO -.Xr DSA_new 3 , -.Xr RSA_get_ex_new_index 3 -.Sh HISTORY -.Fn DSA_get_ex_new_index , -.Fn DSA_set_ex_data , -and -.Fn DSA_get_ex_data -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/DSA_meth_new.3 b/src/lib/libcrypto/man/DSA_meth_new.3 deleted file mode 100644 index 41f4382422..0000000000 --- a/src/lib/libcrypto/man/DSA_meth_new.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" $OpenBSD: DSA_meth_new.3,v 1.1 2018/03/18 13:06:36 schwarze Exp $ -.\" selective merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Matt Caswell . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 18 2018 $ -.Dt DSA_METH_NEW 3 -.Os -.Sh NAME -.Nm DSA_meth_new , -.Nm DSA_meth_free , -.Nm DSA_meth_dup , -.Nm DSA_meth_set_sign , -.Nm DSA_meth_set_finish -.Nd build up DSA methods -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft DSA_METHOD * -.Fo DSA_meth_new -.Fa "const char *name" -.Fa "int flags" -.Fc -.Ft void -.Fo DSA_meth_free -.Fa "DSA_METHOD *meth" -.Fc -.Ft DSA_METHOD * -.Fo DSA_meth_dup -.Fa "const DSA_METHOD *meth" -.Fc -.Ft int -.Fo DSA_meth_set_sign -.Fa "DSA_METHOD *meth" -.Fa "DSA_SIG *(*sign)(const unsigned char *, int, DSA *)" -.Fc -.Ft int -.Fo DSA_meth_set_finish -.Fa "DSA_METHOD *meth" -.Fa "int (*finish)(DSA *)" -.Fc -.Sh DESCRIPTION -The -.Vt DSA_METHOD -structure holds function pinters for custom DSA implementations. -.Pp -.Fn DSA_meth_new -creates a new -.Vt DSA_METHOD -structure. -A copy of the NUL-terminated -.Fa name -is stored in the new -.Vt DSA_METHOD -object. -Any new -.Vt DSA -object constructed from this -.Vt DSA_METHOD -will have the given -.Fa flags -set by default. -.Pp -.Fn DSA_meth_dup -creates a deep copy of -.Fa meth . -This might be useful for creating a new -.Vt DSA_METHOD -based on an existing one, but with some differences. -.Pp -.Fn DSA_meth_free -destroys -.Fa meth -and frees any memory associated with it. -.Pp -.Fn DSA_meth_set_sign -sets the function used for creating a DSA signature. -This function will be called from -.Xr DSA_do_sign 3 -and indirectly from -.Xr DSA_sign 3 . -The parameters of -.Fa sign -have the same meaning as for -.Xr DSA_do_sign 3 . -.Pp -.Fn DSA_meth_set_finish -sets an optional function for destroying a -.Vt DSA -object. -Unless -.Fa finish -is -.Dv NULL , -it will be called from -.Xr DSA_free 3 . -It takes the same argument -and is intended to do DSA implementation specific cleanup. -The memory used by the -.Vt DSA -object itself should not be freed by the -.Fa finish -function. -.Sh RETURN VALUES -.Fn DSA_meth_new -and -.Fn DSA_meth_dup -return the newly allocated DSA_METHOD object or NULL on failure. -.Pp -All -.Fn DSA_meth_set_* -functions return 1 on success or 0 on failure. -.Sh SEE ALSO -.Xr DSA_do_sign 3 , -.Xr DSA_new 3 , -.Xr DSA_set_method 3 , -.Xr DSA_SIG_new 3 , -.Xr DSA_sign 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/DSA_new.3 b/src/lib/libcrypto/man/DSA_new.3 deleted file mode 100644 index 537dd18aed..0000000000 --- a/src/lib/libcrypto/man/DSA_new.3 +++ /dev/null @@ -1,140 +0,0 @@ -.\" $OpenBSD: DSA_new.3,v 1.12 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt DSA_NEW 3 -.Os -.Sh NAME -.Nm DSA_new , -.Nm DSA_up_ref , -.Nm DSA_free -.Nd allocate and free DSA objects -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft DSA* -.Fn DSA_new void -.Ft int -.Fo DSA_up_ref -.Fa "DSA *dsa" -.Fc -.Ft void -.Fo DSA_free -.Fa "DSA *dsa" -.Fc -.Sh DESCRIPTION -The DSA functions implement the Digital Signature Algorithm. -.Pp -.Fn DSA_new -allocates and initializes a -.Vt DSA -structure, setting the reference count to 1. -It is equivalent to calling -.Xr DSA_new_method 3 -with a -.Dv NULL -argument. -.Pp -.Fn DSA_up_ref -increments the reference count by 1. -.Pp -.Fn DSA_free -decrements the reference count by 1. -If it reaches 0, it frees the -.Vt DSA -structure and its components. -The values are erased before the memory is returned to the system. -If -.Fa dsa -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -If the allocation fails, -.Fn DSA_new -returns -.Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 . -Otherwise it returns a pointer to the newly allocated structure. -.Pp -.Fn DSA_up_ref -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr BN_new 3 , -.Xr crypto 3 , -.Xr d2i_DSAPublicKey 3 , -.Xr DH_new 3 , -.Xr DSA_do_sign 3 , -.Xr DSA_dup_DH 3 , -.Xr DSA_generate_key 3 , -.Xr DSA_generate_parameters 3 , -.Xr DSA_get0_pqg 3 , -.Xr DSA_get_ex_new_index 3 , -.Xr DSA_meth_new 3 , -.Xr DSA_print 3 , -.Xr DSA_set_method 3 , -.Xr DSA_SIG_new 3 , -.Xr DSA_sign 3 , -.Xr DSA_size 3 , -.Xr EVP_PKEY_set1_DSA 3 , -.Xr RSA_new 3 -.Sh STANDARDS -US Federal Information Processing Standard FIPS 186 (Digital Signature -Standard, DSS), ANSI X9.30 -.Sh HISTORY -.Fn DSA_new -and -.Fn DSA_free -first appeared in SSLeay 0.6.0 and have been available since -.Ox 2.4 . -.Pp -.Fn DSA_up_ref -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/DSA_set_method.3 b/src/lib/libcrypto/man/DSA_set_method.3 deleted file mode 100644 index 8221f856be..0000000000 --- a/src/lib/libcrypto/man/DSA_set_method.3 +++ /dev/null @@ -1,221 +0,0 @@ -.\" $OpenBSD: DSA_set_method.3,v 1.9 2018/04/18 01:09:01 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002, 2007 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt DSA_SET_METHOD 3 -.Os -.Sh NAME -.Nm DSA_set_default_method , -.Nm DSA_get_default_method , -.Nm DSA_set_method , -.Nm DSA_new_method , -.Nm DSA_OpenSSL -.Nd select DSA method -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft void -.Fo DSA_set_default_method -.Fa "const DSA_METHOD *meth" -.Fc -.Ft const DSA_METHOD * -.Fn DSA_get_default_method void -.Ft int -.Fo DSA_set_method -.Fa "DSA *dsa" -.Fa "const DSA_METHOD *meth" -.Fc -.Ft DSA * -.Fo DSA_new_method -.Fa "ENGINE *engine" -.Fc -.Ft DSA_METHOD * -.Fn DSA_OpenSSL void -.Sh DESCRIPTION -A -.Vt DSA_METHOD -object contains pointers to the functions used for DSA operations. -By default, the internal implementation returned by -.Fn DSA_OpenSSL -is used. -By selecting another method, alternative implementations -such as hardware accelerators may be used. -.Pp -.Fn DSA_set_default_method -selects -.Fa meth -as the default method for all -.Vt DSA -structures created later. -If any -.Vt ENGINE -was registered with -.Xr ENGINE_register_DSA 3 -that can be successfully initialized, it overrides the default. -.Pp -.Fn DSA_get_default_method -returns a pointer to the current default method, -even if it is actually overridded by an -.Vt ENGINE . -.Pp -.Fn DSA_set_method -selects -.Fa meth -to perform all operations using the key -.Fa dsa . -This replaces the -.Vt DSA_METHOD -used by the DSA key and if the previous method was supplied by an -.Vt ENGINE , -.Xr ENGINE_finish 3 -is called on it. -It is possible to have DSA keys that only work with certain -.Vt DSA_METHOD -implementations (e.g. from an -.Vt ENGINE -module that supports embedded hardware-protected keys), -and in such cases attempting to change the -.Vt DSA_METHOD -for the key can have unexpected results. -.Pp -.Fn DSA_new_method -allocates and initializes a -.Vt DSA -structure so that -.Fa engine -is used for the DSA operations. -If -.Fa engine -is -.Dv NULL , -.Xr ENGINE_get_default_DSA 3 -is used. -If that returns -.Dv NULL , -the default method controlled by -.Fn DSA_set_default_method -is used. -.Pp -The -.Vt DSA_METHOD -structure is defined as follows: -.Bd -literal -struct -{ - /* name of the implementation */ - const char *name; - - /* sign */ - DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen, - DSA *dsa); - - /* pre-compute k^-1 and r */ - int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); - - /* verify */ - int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - - /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some - implementations) */ - int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont); - - /* compute r = a ^ p mod m (May be NULL for some implementations) */ - int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *m_ctx); - - /* called at DSA_new */ - int (*init)(DSA *DSA); - - /* called at DSA_free */ - int (*finish)(DSA *DSA); - - int flags; - - char *app_data; /* ?? */ - -} DSA_METHOD; -.Ed -.Sh RETURN VALUES -.Fn DSA_OpenSSL -and -.Fn DSA_get_default_method -return pointers to the respective -.Vt DSA_METHOD . -.Pp -.Fn DSA_set_method -returns 1 on success or 0 on failure. -Currently, it cannot fail. -.Pp -.Fn DSA_new_method -returns -.Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 -if the allocation fails. -Otherwise it returns a pointer to the newly allocated structure. -.Sh SEE ALSO -.Xr DSA_meth_new 3 , -.Xr DSA_new 3 , -.Xr ENGINE_get_default_DSA 3 , -.Xr ENGINE_register_DSA 3 , -.Xr ENGINE_set_default_DSA 3 -.Sh HISTORY -.Fn DSA_set_default_method , -.Fn DSA_get_default_method , -.Fn DSA_set_method , -.Fn DSA_new_method , -and -.Fn DSA_OpenSSL -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/DSA_sign.3 b/src/lib/libcrypto/man/DSA_sign.3 deleted file mode 100644 index 59f9042ba6..0000000000 --- a/src/lib/libcrypto/man/DSA_sign.3 +++ /dev/null @@ -1,173 +0,0 @@ -.\" $OpenBSD: DSA_sign.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt DSA_SIGN 3 -.Os -.Sh NAME -.Nm DSA_sign , -.Nm DSA_sign_setup , -.Nm DSA_verify -.Nd DSA signatures -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft int -.Fo DSA_sign -.Fa "int type" -.Fa "const unsigned char *dgst" -.Fa "int len" -.Fa "unsigned char *sigret" -.Fa "unsigned int *siglen" -.Fa "DSA *dsa" -.Fc -.Ft int -.Fo DSA_sign_setup -.Fa "DSA *dsa" -.Fa "BN_CTX *ctx" -.Fa "BIGNUM **kinvp" -.Fa "BIGNUM **rp" -.Fc -.Ft int -.Fo DSA_verify -.Fa "int type" -.Fa "const unsigned char *dgst" -.Fa "int len" -.Fa "unsigned char *sigbuf" -.Fa "int siglen" -.Fa "DSA *dsa" -.Fc -.Sh DESCRIPTION -.Fn DSA_sign -computes a digital signature on the -.Fa len -byte message digest -.Fa dgst -using the private key -.Fa dsa -and places its ASN.1 DER encoding at -.Fa sigret . -The length of the signature is placed in -.Pf * Fa siglen . -.Fa sigret -must point to -.Fn DSA_size dsa -bytes of memory. -.Pp -.Fn DSA_sign_setup -may be used to precompute part of the signing operation in case -signature generation is time-critical. -It expects -.Fa dsa -to contain DSA parameters. -It places the precomputed values in newly allocated -.Vt BIGNUM Ns s -at -.Pf * Fa kinvp -and -.Pf * Fa rp , -after freeing the old ones unless -.Fa kinvp -and -.Fa rp -are -.Dv NULL . -These values may be passed to -.Fn DSA_sign -in -.Fa dsa->kinv -and -.Sy dsa->r . -.Fa ctx -is a pre-allocated -.Vt BN_CTX -or -.Dv NULL . -.Pp -.Fn DSA_verify -verifies that the signature -.Fa sigbuf -of size -.Fa siglen -matches a given message digest -.Fa dgst -of size -.Fa len . -.Fa dsa -is the signer's public key. -.Pp -The -.Fa type -parameter is ignored. -.Sh RETURN VALUES -.Fn DSA_sign -and -.Fn DSA_sign_setup -return 1 on success or 0 on error. -.Fn DSA_verify -returns 1 for a valid signature, 0 for an incorrect signature, -and -1 on error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr DSA_do_sign 3 , -.Xr DSA_get0_key 3 , -.Xr DSA_new 3 -.Sh STANDARDS -US Federal Information Processing Standard FIPS 186 (Digital Signature -Standard, DSS), ANSI X9.30 -.Sh HISTORY -.Fn DSA_sign -and -.Fn DSA_verify -first appeared in SSLeay 0.6.0. -.Fn DSA_sign_setup -first appeared in SSLeay 0.8.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/DSA_size.3 b/src/lib/libcrypto/man/DSA_size.3 deleted file mode 100644 index 7e935e3a42..0000000000 --- a/src/lib/libcrypto/man/DSA_size.3 +++ /dev/null @@ -1,81 +0,0 @@ -.\" $OpenBSD: DSA_size.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt DSA_SIZE 3 -.Os -.Sh NAME -.Nm DSA_size -.Nd get DSA signature size -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft int -.Fo DSA_size -.Fa "const DSA *dsa" -.Fc -.Sh DESCRIPTION -This function returns the size of an ASN.1 encoded DSA signature in -bytes. -It can be used to determine how much memory must be allocated for a DSA -signature. -.Pp -.Fa dsa->q -must not be -.Dv NULL . -.Sh RETURN VALUES -The size in bytes. -.Sh SEE ALSO -.Xr DSA_get0_pqg 3 , -.Xr DSA_new 3 , -.Xr DSA_sign 3 -.Sh HISTORY -.Fn DSA_size -first appeared in SSLeay 0.6.0 and has been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ECDH_compute_key.3 b/src/lib/libcrypto/man/ECDH_compute_key.3 deleted file mode 100644 index ba67098cd0..0000000000 --- a/src/lib/libcrypto/man/ECDH_compute_key.3 +++ /dev/null @@ -1,88 +0,0 @@ -.\" $OpenBSD: ECDH_compute_key.3,v 1.2 2021/03/12 05:18:00 jsg Exp $ -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 12 2021 $ -.Dt ECDH_COMPUTE_KEY 3 -.Os -.Sh NAME -.Nm ECDH_compute_key , -.Nm ECDH_size -.Nd Elliptic Curve Diffie-Hellman key exchange -.Sh SYNOPSIS -.In openssl/ecdh.h -.Ft int -.Fo ECDH_compute_key -.Fa "void *out" -.Fa "size_t outlen" -.Fa "const EC_POINT *public_key" -.Fa "EC_KEY *ecdh" -.Fa "void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)" -.Fc -.Ft int -.Fo ECDH_size -.Fa "const EC_KEY *ecdh" -.Fc -.Sh DESCRIPTION -.Fn ECDH_compute_key -performs Elliptic Curve Diffie-Hellman key agreement. -It combines the private key contained in -.Fa ecdh -with the other party's -.Fa public_key , -takes the -.Fa x -component of the affine coordinates, -and optionally applies the key derivation function -.Fa KDF . -It stores the resulting symmetric key in the buffer -.Fa out , -which is -.Fa outlen -bytes long. -If -.Fa KDF -is -.Dv NULL , -.Fa outlen -must be at least -.Fn ECDH_size ecdh . -.Pp -.Fn ECDH_size -returns the number of bytes needed to store an affine coordinate of a -point on the elliptic curve used by -.Fa ecdh , -which is one eighth of the degree of the finite field underlying -that elliptic curve, rounded up to the next integer number. -.Sh RETURN VALUES -.Fn ECDH_compute_key -returns the length of the computed key in bytes or -1 if an error occurs. -.Pp -.Fn ECDH_size -returns the number of bytes needed to store an affine coordinate. -.Sh SEE ALSO -.Xr DH_generate_key 3 , -.Xr DH_size 3 , -.Xr EC_GROUP_new 3 , -.Xr EC_KEY_new 3 , -.Xr EC_POINT_new 3 , -.Xr X25519 3 -.Sh HISTORY -.Fn ECDH_compute_key -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . -.Pp -.Fn ECDH_size -first appeared in -.Ox 6.1 . diff --git a/src/lib/libcrypto/man/ECDSA_SIG_new.3 b/src/lib/libcrypto/man/ECDSA_SIG_new.3 deleted file mode 100644 index 72802155b0..0000000000 --- a/src/lib/libcrypto/man/ECDSA_SIG_new.3 +++ /dev/null @@ -1,526 +0,0 @@ -.\" $OpenBSD: ECDSA_SIG_new.3,v 1.15 2019/08/25 14:11:41 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" selective merge up to: OpenSSL da4ea0cf Aug 5 16:13:24 2019 +0100 -.\" -.\" This file was written by Nils Larsch . -.\" Copyright (c) 2004, 2005, 2013, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 25 2019 $ -.Dt ECDSA_SIG_NEW 3 -.Os -.Sh NAME -.Nm ECDSA_SIG_new , -.Nm ECDSA_SIG_free , -.Nm ECDSA_SIG_get0 , -.Nm ECDSA_SIG_set0 , -.Nm i2d_ECDSA_SIG , -.Nm d2i_ECDSA_SIG , -.Nm ECDSA_size , -.Nm ECDSA_sign_setup , -.Nm ECDSA_sign , -.Nm ECDSA_sign_ex , -.Nm ECDSA_verify , -.Nm ECDSA_do_sign , -.Nm ECDSA_do_sign_ex , -.Nm ECDSA_do_verify , -.Nm ECDSA_OpenSSL , -.Nm ECDSA_get_default_method , -.Nm ECDSA_set_default_method , -.Nm ECDSA_set_method -.Nd Elliptic Curve Digital Signature Algorithm -.Sh SYNOPSIS -.In openssl/ecdsa.h -.Ft ECDSA_SIG* -.Fo ECDSA_SIG_new -.Fa void -.Fc -.Ft void -.Fo ECDSA_SIG_free -.Fa "ECDSA_SIG *sig" -.Fc -.Ft void -.Fo ECDSA_SIG_get0 -.Fa "const ECDSA_SIG *sig" -.Fa "const BIGNUM **r" -.Fa "const BIGNUM **s" -.Fc -.Ft int -.Fo ECDSA_SIG_set0 -.Fa "ECDSA_SIG *sig" -.Fa "BIGNUM *r" -.Fa "BIGNUM *s" -.Fc -.Ft int -.Fo i2d_ECDSA_SIG -.Fa "const ECDSA_SIG *sig_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ECDSA_SIG* -.Fo d2i_ECDSA_SIG -.Fa "ECDSA_SIG **sig_out" -.Fa "const unsigned char **der_in" -.Fa "long len" -.Fc -.Ft int -.Fo ECDSA_size -.Fa "const EC_KEY *eckey" -.Fc -.Ft int -.Fo ECDSA_sign_setup -.Fa "EC_KEY *eckey" -.Fa "BN_CTX *ctx" -.Fa "BIGNUM **kinv" -.Fa "BIGNUM **rp" -.Fc -.Ft int -.Fo ECDSA_sign -.Fa "int type" -.Fa "const unsigned char *dgst" -.Fa "int dgstlen" -.Fa "unsigned char *sig" -.Fa "unsigned int *siglen" -.Fa "EC_KEY *eckey" -.Fc -.Ft int -.Fo ECDSA_sign_ex -.Fa "int type" -.Fa "const unsigned char *dgst" -.Fa "int dgstlen" -.Fa "unsigned char *sig" -.Fa "unsigned int *siglen" -.Fa "const BIGNUM *kinv" -.Fa "const BIGNUM *rp" -.Fa "EC_KEY *eckey" -.Fc -.Ft int -.Fo ECDSA_verify -.Fa "int type" -.Fa "const unsigned char *dgst" -.Fa "int dgstlen" -.Fa "const unsigned char *sig" -.Fa "int siglen" -.Fa "EC_KEY *eckey" -.Fc -.Ft ECDSA_SIG* -.Fo ECDSA_do_sign -.Fa "const unsigned char *dgst" -.Fa "int dgst_len" -.Fa "EC_KEY *eckey" -.Fc -.Ft ECDSA_SIG* -.Fo ECDSA_do_sign_ex -.Fa "const unsigned char *dgst" -.Fa "int dgstlen" -.Fa "const BIGNUM *kinv" -.Fa "const BIGNUM *rp" -.Fa "EC_KEY *eckey" -.Fc -.Ft int -.Fo ECDSA_do_verify -.Fa "const unsigned char *dgst" -.Fa "int dgst_len" -.Fa "const ECDSA_SIG *sig" -.Fa "EC_KEY* eckey" -.Fc -.Ft const ECDSA_METHOD* -.Fo ECDSA_OpenSSL -.Fa void -.Fc -.Ft const ECDSA_METHOD* -.Fo ECDSA_get_default_method -.Fa void -.Fc -.Ft void -.Fo ECDSA_set_default_method -.Fa "const ECDSA_METHOD *meth" -.Fc -.Ft int -.Fo ECDSA_set_method -.Fa "EC_KEY *eckey" -.Fa "const ECDSA_METHOD *meth" -.Fc -.Sh DESCRIPTION -These functions provide a low level interface to ECDSA. -Most applications should use the higher level EVP interface such as -.Xr EVP_DigestSignInit 3 -or -.Xr EVP_DigestVerifyInit 3 -instead. -Creation of the required -.Vt EC_KEY -objects is described in -.Xr EC_KEY_new 3 . -.Pp -The -.Vt ECDSA_SIG -structure consists of two -.Vt BIGNUM Ns s -for the -.Fa r -and -.Fa s -value of an ECDSA signature (see X9.62 or FIPS 186-2). -.Bd -literal -offset indent -struct { - BIGNUM *r; - BIGNUM *s; -} ECDSA_SIG; -.Ed -.Pp -.Fn ECDSA_SIG_new -allocates a new -.Vt ECDSA_SIG -structure (note: this function also allocates the -.Vt BIGNUM Ns s ) -and initializes it. -.Pp -.Fn ECDSA_SIG_free -frees the -.Vt ECDSA_SIG -structure -.Fa sig . -.Pp -.Fn ECDSA_SIG_get0 -retrieves internal pointers the -.Fa r -and -.Fa s -values contained in -.Fa sig . -.Pp -.Fn ECDSA_SIG_set0 -sets the -.Fa r -and -.Fa s -values in -.Fa sig . -Calling this function transfers the memory management of the values to -.Fa sig . -Therefore, the values that have been passed in -should not be freed by the caller. -.Pp -.Fn i2d_ECDSA_SIG -creates the DER encoding of the ECDSA signature -.Fa sig_in -and writes the encoded signature to -.Pf * Fa der_out . -.Fn d2i_ECDSA_SIG -decodes the DER-encoded signature stored in the buffer -.Pf * Fa der_in -which is -.Fa len -bytes long into -.Pf * Fa sig_out . -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn ECDSA_size -returns the maximum length of a DER-encoded ECDSA signature created with -the private EC key -.Fa eckey . -.Pp -.Fn ECDSA_sign_setup -may be used to precompute parts of the signing operation. -.Fa eckey -is the private EC key and -.Fa ctx -is a pointer to a -.Vt BN_CTX -structure (or -.Dv NULL ) . -The precomputed values are returned in -.Fa kinv -and -.Fa rp -and can be used in a later call to -.Fa ECDSA_sign_ex -or -.Fa ECDSA_do_sign_ex . -.Pp -.Fn ECDSA_sign -is a wrapper function for -.Fa ECDSA_sign_ex -with -.Fa kinv -and -.Fa rp -set to -.Dv NULL . -.Pp -.Fn ECDSA_sign_ex -computes a digital signature of the -.Fa dgstlen -bytes hash value -.Fa dgst -using the private EC key -.Fa eckey -and the optional pre-computed values -.Fa kinv -and -.Fa rp . -The DER-encoded signature is stored in -.Fa sig -and its length is returned in -.Fa siglen . -Note: -.Fa sig -must point to -.Fn ECDSA_size -bytes of memory. -The parameter -.Fa type -is ignored. -.Pp -.Fn ECDSA_verify -verifies that the signature in -.Fa sig -of size -.Fa siglen -is a valid ECDSA signature of the hash value -.Fa dgst -of size -.Fa dgstlen -using the public key -.Fa eckey . -The parameter -.Fa type -is ignored. -.Pp -.Fn ECDSA_do_sign -is a wrapper function for -.Fn ECDSA_do_sign_ex -with -.Fa kinv -and -.Fa rp -set to -.Dv NULL . -.Pp -.Fn ECDSA_do_sign_ex -computes a digital signature of the -.Fa dgst_len -bytes hash value -.Fa dgst -using the private key -.Fa eckey -and the optional pre-computed values -.Fa kinv -and -.Fa rp . -The signature is returned in a newly allocated -.Vt ECDSA_SIG -structure (or -.Dv NULL -on error). -.Pp -.Fn ECDSA_do_verify -verifies that the signature -.Fa sig -is a valid ECDSA signature of the hash value -.Fa dgst -of size -.Fa dgst_len -using the public key -.Fa eckey . -.Sh RETURN VALUES -.Fn ECDSA_SIG_new -returns the new -.Vt ECDSA_SIG -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_ECDSA_SIG -returns the number of bytes successfully encoded -or a negative value if an error occurs. -.Pp -.Fn d2i_ECDSA_SIG -returns a pointer to the decoded -.Vt ECDSA_SIG -structure or -.Dv NULL -if an error occurs. -.Pp -.Fn ECDSA_size -returns the maximum length signature or 0 on error. -.Pp -.Fn ECDSA_SIG_set0 , -.Fn ECDSA_sign , -.Fn ECDSA_sign_ex , -and -.Fn ECDSA_sign_setup -return 1 if successful or 0 on error. -.Pp -.Fn ECDSA_do_sign -and -.Fn ECDSA_do_sign_ex -return a pointer to an allocated -.Vt ECDSA_SIG -structure or -.Dv NULL -on error. -.Pp -.Fn ECDSA_verify -and -.Fn ECDSA_do_verify -return 1 for a valid signature, 0 for an invalid signature and -1 on -error. -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh EXAMPLES -Creating an ECDSA signature of given SHA-1 hash value using the named -curve secp192k1. -.Pp -First step: create an -.Vt EC_KEY -object. -This part is -.Em not -ECDSA specific. -.Bd -literal -offset indent -int ret; -ECDSA_SIG *sig; -EC_KEY *eckey; - -eckey = EC_KEY_new_by_curve_name(NID_secp192k1); -if (eckey == NULL) { - /* error */ -} -if (!EC_KEY_generate_key(eckey)) { - /* error */ -} -.Ed -.Pp -Second step: compute the ECDSA signature of a SHA-1 hash value using -.Fn ECDSA_do_sign -.Bd -literal -offset indent -sig = ECDSA_do_sign(digest, 20, eckey); -if (sig == NULL) { - /* error */ -} -.Ed -.Pp -or using -.Fn ECDSA_sign -.Bd -literal -offset indent -unsigned char *buffer, *pp; -int buf_len; - -buf_len = ECDSA_size(eckey); -buffer = malloc(buf_len); -pp = buffer; -if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) { - /* error */ -} -.Ed -.Pp -Third step: verify the created ECDSA signature using -.Fn ECDSA_do_verify -.Pp -.Dl ret = ECDSA_do_verify(digest, 20, sig, eckey); -.Pp -or using -.Fn ECDSA_verify -.Pp -.Dl ret = ECDSA_verify(0, digest, 20, buffer, buf_len, eckey); -.Pp -and finally evaluate the return value: -.Bd -literal -offset indent -if (ret == -1) { - /* error */ -} else if (ret == 0) { - /* incorrect signature */ -} else { - /* ret == 1 */ - /* signature ok */ -} -.Ed -.Sh SEE ALSO -.Xr crypto 3 , -.Xr d2i_ECPKParameters 3 , -.Xr DSA_new 3 , -.Xr EC_GROUP_new 3 , -.Xr EC_KEY_METHOD_new 3 , -.Xr EC_KEY_new 3 , -.Xr ECDSA_set_ex_data 3 , -.Xr EVP_DigestSignInit 3 , -.Xr EVP_DigestVerifyInit 3 , -.Xr RSA_new 3 -.Sh STANDARDS -ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 -(Digital Signature Standard, DSS) -.Sh HISTORY -.Fn ECDSA_SIG_new , -.Fn ECDSA_SIG_free , -.Fn i2d_ECDSA_SIG , -.Fn d2i_ECDSA_SIG , -.Fn ECDSA_size , -.Fn ECDSA_sign_setup , -.Fn ECDSA_sign , -.Fn ECDSA_sign_ex , -.Fn ECDSA_verify , -.Fn ECDSA_do_sign , -.Fn ECDSA_do_sign_ex , -.Fn ECDSA_do_verify , -.Fn ECDSA_OpenSSL , -.Fn ECDSA_get_default_method , -.Fn ECDSA_set_default_method , -and -.Fn ECDSA_set_method -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn ECDSA_SIG_get0 -and -.Fn ECDSA_SIG_set0 -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . -.Sh AUTHORS -.An Nils Larsch -for the OpenSSL project. diff --git a/src/lib/libcrypto/man/EC_GFp_simple_method.3 b/src/lib/libcrypto/man/EC_GFp_simple_method.3 deleted file mode 100644 index ad5268fa92..0000000000 --- a/src/lib/libcrypto/man/EC_GFp_simple_method.3 +++ /dev/null @@ -1,181 +0,0 @@ -.\" $OpenBSD: EC_GFp_simple_method.3,v 1.9 2018/03/23 05:48:56 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt EC_GFP_SIMPLE_METHOD 3 -.Os -.Sh NAME -.Nm EC_GFp_simple_method , -.Nm EC_GFp_mont_method , -.Nm EC_GFp_nist_method , -.Nm EC_GFp_nistp224_method , -.Nm EC_GFp_nistp256_method , -.Nm EC_GFp_nistp521_method , -.Nm EC_GF2m_simple_method , -.Nm EC_METHOD_get_field_type -.Nd obtain EC_METHOD objects -.Sh SYNOPSIS -.In openssl/ec.h -.Ft const EC_METHOD * -.Fn EC_GFp_simple_method void -.Ft const EC_METHOD * -.Fn EC_GFp_mont_method void -.Ft const EC_METHOD * -.Fn EC_GFp_nist_method void -.Ft const EC_METHOD * -.Fn EC_GFp_nistp224_method void -.Ft const EC_METHOD * -.Fn EC_GFp_nistp256_method void -.Ft const EC_METHOD * -.Fn EC_GFp_nistp521_method void -.Ft const EC_METHOD * -.Fn EC_GF2m_simple_method void -.Ft int -.Fo EC_METHOD_get_field_type -.Fa "const EC_METHOD *meth" -.Fc -.Sh DESCRIPTION -The elliptic curve library provides a number of different -implementations through a single common interface. -Each implementation is optimised for different scenarios. -An implementation is represented by an -.Vt EC_METHOD -structure. -.Pp -When constructing a curve using -.Xr EC_GROUP_new 3 , -an implementation method must be provided. -The functions described here all return a const pointer to an -.Sy EC_METHOD -structure that can be passed to -.Xr EC_GROUP_new 3 . -It is important that the correct implementation type for the form -of curve selected is used. -.Pp -For F2^m curves there is only one implementation choice, -.Fn EC_GF2_simple_method . -.Pp -For Fp curves the lowest common denominator implementation is the -.Fn EC_GFp_simple_method -implementation. -All other implementations are based on this one. -.Fn EC_GFp_mont_method -adds the use of Montgomery multiplication (see -.Xr BN_mod_mul_montgomery 3 ) . -.Fn EC_GFp_nist_method -offers an implementation optimised for use with NIST recommended -curves. -NIST curves are available through -.Xr EC_GROUP_new_by_curve_name 3 . -.Pp -The functions -.Fn EC_GFp_nistp224_method , -.Fn EC_GFp_nistp256_method , -and -.Fn EC_GFp_nistp521_method -offer 64-bit optimised implementations for the NIST P224, P256 and -P521 curves respectively. -Note, however, that these implementations are not available on all -platforms. -.Pp -.Fn EC_METHOD_get_field_type -identifies what type of field the -.Vt EC_METHOD -structure supports, which will be either F2^m or Fp. -If the field type is Fp, then the value -.Dv NID_X9_62_prime_field -is returned. -If the field type is F2^m, then the value -.Dv NID_X9_62_characteristic_two_field -is returned. -These values are defined in the -.In openssl/obj_mac.h -header file. -.Sh RETURN VALUES -All -.Fn EC_GFp* -functions and -.Fn EC_GF2m_simple_method -always return a const pointer to an -.Vt EC_METHOD -structure. -.Pp -.Fn EC_METHOD_get_field_type -returns an integer that identifies the type of field the -.Vt EC_METHOD -structure supports. -.Sh SEE ALSO -.Xr BN_mod_mul_montgomery 3 , -.Xr d2i_ECPKParameters 3 , -.Xr EC_GROUP_copy 3 , -.Xr EC_GROUP_new 3 , -.Xr EC_KEY_new 3 , -.Xr EC_POINT_add 3 , -.Xr EC_POINT_new 3 -.Sh HISTORY -.Fn EC_GFp_simple_method -and -.Fn EC_GFp_mont_method -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn EC_GFp_nist_method , -.Fn EC_GF2m_simple_method , -and -.Fn EC_METHOD_get_field_type -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn EC_GFp_nistp224_method , -.Fn EC_GFp_nistp256_method , -and -.Fn EC_GFp_nistp521_method -first appeared in OpenSSL 1.0.1 and have been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/EC_GROUP_copy.3 b/src/lib/libcrypto/man/EC_GROUP_copy.3 deleted file mode 100644 index bdbd72c2cc..0000000000 --- a/src/lib/libcrypto/man/EC_GROUP_copy.3 +++ /dev/null @@ -1,518 +0,0 @@ -.\" $OpenBSD: EC_GROUP_copy.3,v 1.10 2018/03/23 23:18:17 schwarze Exp $ -.\" OpenSSL aafbe1cc Jun 12 23:42:08 2013 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2013, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt EC_GROUP_COPY 3 -.Os -.Sh NAME -.Nm EC_GROUP_copy , -.Nm EC_GROUP_dup , -.Nm EC_GROUP_method_of , -.Nm EC_GROUP_set_generator , -.Nm EC_GROUP_get0_generator , -.Nm EC_GROUP_get_order , -.Nm EC_GROUP_get_cofactor , -.Nm EC_GROUP_set_curve_name , -.Nm EC_GROUP_get_curve_name , -.Nm EC_GROUP_set_asn1_flag , -.Nm EC_GROUP_get_asn1_flag , -.Nm EC_GROUP_set_point_conversion_form , -.Nm EC_GROUP_get_point_conversion_form , -.Nm EC_GROUP_get0_seed , -.Nm EC_GROUP_get_seed_len , -.Nm EC_GROUP_set_seed , -.Nm EC_GROUP_get_degree , -.Nm EC_GROUP_check , -.Nm EC_GROUP_check_discriminant , -.Nm EC_GROUP_cmp , -.Nm EC_GROUP_get_basis_type , -.Nm EC_GROUP_get_trinomial_basis , -.Nm EC_GROUP_get_pentanomial_basis -.Nd manipulate EC_GROUP objects -.Sh SYNOPSIS -.In openssl/ec.h -.In openssl/bn.h -.Ft int -.Fo EC_GROUP_copy -.Fa "EC_GROUP *dst" -.Fa "const EC_GROUP *src" -.Fc -.Ft EC_GROUP * -.Fo EC_GROUP_dup -.Fa "const EC_GROUP *src" -.Fc -.Ft const EC_METHOD * -.Fo EC_GROUP_method_of -.Fa "const EC_GROUP *group" -.Fc -.Ft int -.Fo EC_GROUP_set_generator -.Fa "EC_GROUP *group" -.Fa "const EC_POINT *generator" -.Fa "const BIGNUM *order" -.Fa "const BIGNUM *cofactor" -.Fc -.Ft const EC_POINT * -.Fo EC_GROUP_get0_generator -.Fa "const EC_GROUP *group" -.Fc -.Ft int -.Fo EC_GROUP_get_order -.Fa "const EC_GROUP *group" -.Fa "BIGNUM *order" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_get_cofactor -.Fa "const EC_GROUP *group" -.Fa "BIGNUM *cofactor" -.Fa "BN_CTX *ctx" -.Fc -.Ft void -.Fo EC_GROUP_set_curve_name -.Fa "EC_GROUP *group" -.Fa "int nid" -.Fc -.Ft int -.Fo EC_GROUP_get_curve_name -.Fa "const EC_GROUP *group" -.Fc -.Ft void -.Fo EC_GROUP_set_asn1_flag -.Fa "EC_GROUP *group" -.Fa "int flag" -.Fc -.Ft int -.Fo EC_GROUP_get_asn1_flag -.Fa "const EC_GROUP *group" -.Fc -.Ft void -.Fo EC_GROUP_set_point_conversion_form -.Fa "EC_GROUP *group" -.Fa "point_conversion_form_t form" -.Fc -.Ft point_conversion_form_t -.Fo EC_GROUP_get_point_conversion_form -.Fa "const EC_GROUP *" -.Fc -.Ft unsigned char * -.Fo EC_GROUP_get0_seed -.Fa "const EC_GROUP *x" -.Fc -.Ft size_t -.Fo EC_GROUP_get_seed_len -.Fa "const EC_GROUP *" -.Fc -.Ft size_t -.Fo EC_GROUP_set_seed -.Fa "EC_GROUP *" -.Fa "const unsigned char *" -.Fa "size_t len" -.Fc -.Ft int -.Fo EC_GROUP_get_degree -.Fa "const EC_GROUP *group" -.Fc -.Ft int -.Fo EC_GROUP_check -.Fa "const EC_GROUP *group" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_check_discriminant -.Fa "const EC_GROUP *group" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_cmp -.Fa "const EC_GROUP *a" -.Fa "const EC_GROUP *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_get_basis_type -.Fa "const EC_GROUP *" -.Fc -.Ft int -.Fo EC_GROUP_get_trinomial_basis -.Fa "const EC_GROUP *" -.Fa "unsigned int *k" -.Fc -.Ft int -.Fo EC_GROUP_get_pentanomial_basis -.Fa "const EC_GROUP *" -.Fa "unsigned int *k1" -.Fa "unsigned int *k2" -.Fa "unsigned int *k3" -.Fc -.Sh DESCRIPTION -These functions operate on -.Vt EC_GROUP -objects created by the functions described in -.Xr EC_GROUP_new 3 . -.Pp -.Fn EC_GROUP_copy -copies the curve -.Fa src -into -.Fa dst . -Both -.Fa src -and -.Fa dst -must use the same -.Vt EC_METHOD . -.Pp -.Fn EC_GROUP_dup -creates a new -.Vt EC_GROUP -object and copies the content from -.Fa src -to the newly created -.Vt EC_GROUP -object. -.Pp -.Fn EC_GROUP_method_of -obtains the -.Vt EC_METHOD -of -.Fa group . -.Pp -.Fn EC_GROUP_set_generator -sets curve parameters that must be agreed by all participants using -the curve. -These parameters include the -.Fa generator , -the -.Fa order -and the -.Fa cofactor . -The -.Fa generator -is a well defined point on the curve chosen for cryptographic -operations. -Integers used for point multiplications will be between 0 and -.Fa order No - 1 . -The -.Fa order -multiplied by the -.Fa cofactor -gives the number of points on the curve. -.Pp -.Fn EC_GROUP_get0_generator -returns the generator for the identified -.Fa group . -.Pp -The functions -.Fn EC_GROUP_get_order -and -.Fn EC_GROUP_get_cofactor -populate the provided -.Fa order -and -.Fa cofactor -parameters with the respective order and cofactors for the -.Fa group . -.Pp -The functions -.Fn EC_GROUP_set_curve_name -and -.Fn EC_GROUP_get_curve_name -set and get the NID for the curve, respectively (see -.Xr EC_GROUP_new 3 ) . -If a curve does not have a NID associated with it, then -.Fn EC_GROUP_get_curve_name -will return 0. -.Pp -The asn1_flag value on a curve is used to determine whether there is a -specific ASN.1 OID to describe the curve or not. -If the asn1_flag is 1 then this is a named curve with an associated ASN.1 OID. -If not then asn1_flag is 0. -The functions -.Fn EC_GROUP_get_asn1_flag -and -.Fn EC_GROUP_set_asn1_flag -get and set the status of the asn1_flag for the curve. -If set, then the curve_name must also be set. -.Pp -The point_conversion_form for a curve controls how -.Vt EC_POINT -data is encoded as ASN.1 as defined in X9.62 (ECDSA). -.Vt point_conversion_form_t -is an enum defined as follows: -.Bd -literal -typedef enum { - /** the point is encoded as z||x, where the octet z specifies - * which solution of the quadratic equation y is */ - POINT_CONVERSION_COMPRESSED = 2, - /** the point is encoded as z||x||y, where z is the octet 0x02 */ - POINT_CONVERSION_UNCOMPRESSED = 4, - /** the point is encoded as z||x||y, where the octet z specifies - * which solution of the quadratic equation y is */ - POINT_CONVERSION_HYBRID = 6 -} point_conversion_form_t; -.Ed -.Pp -For -.Dv POINT_CONVERSION_UNCOMPRESSED -the point is encoded as an octet signifying the UNCOMPRESSED form -has been used followed by the octets for x, followed by the octets -for y. -.Pp -For any given x coordinate for a point on a curve it is possible to -derive two possible y values. -For -.Dv POINT_CONVERSION_COMPRESSED -the point is encoded as an octet signifying that the COMPRESSED -form has been used AND which of the two possible solutions for y -has been used, followed by the octets for x. -.Pp -For -.Dv POINT_CONVERSION_HYBRID -the point is encoded as an octet signifying the HYBRID form has -been used AND which of the two possible solutions for y has been -used, followed by the octets for x, followed by the octets for y. -.Pp -The functions -.Fn EC_GROUP_set_point_conversion_form -and -.Fn EC_GROUP_get_point_conversion_form -set and get the point_conversion_form for the curve, respectively. -.Pp -ANSI X9.62 (ECDSA standard) defines a method of generating the curve -parameter b from a random number. -This provides advantages in that a parameter obtained in this way is -highly unlikely to be susceptible to special purpose attacks, or have -any trapdoors in it. -If the seed is present for a curve then the b parameter was generated in -a verifiable fashion using that seed. -The OpenSSL EC library does not use this seed value but does enable you -to inspect it using -.Fn EC_GROUP_get0_seed . -This returns a pointer to a memory block containing the seed that was -used. -The length of the memory block can be obtained using -.Fn EC_GROUP_get_seed_len . -A number of the builtin curves within the library provide seed values -that can be obtained. -It is also possible to set a custom seed using -.Fn EC_GROUP_set_seed -and passing a pointer to a memory block, along with the length of -the seed. -Again, the EC library will not use this seed value, although it will be -preserved in any ASN.1 based communications. -.Pp -.Fn EC_GROUP_get_degree -gets the degree of the field. -For Fp fields this will be the number of bits in p. -For F2^m fields this will be the value m. -.Pp -The function -.Fn EC_GROUP_check_discriminant -calculates the discriminant for the curve and verifies that it is -valid. -For a curve defined over Fp the discriminant is given by the formula -4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is simply b. -In either case for the curve to be valid the discriminant must be -non-zero. -.Pp -The function -.Fn EC_GROUP_check -performs a number of checks on a curve to verify that it is valid. -Checks performed include verifying that the discriminant is non-zero; -that a generator has been defined; that the generator is on the curve -and has the correct order. -.Pp -.Fn EC_GROUP_cmp -compares -.Fa a -and -.Fa b -to determine whether they represent the same curve or not. -.Pp -The functions -.Fn EC_GROUP_get_basis_type , -.Fn EC_GROUP_get_trinomial_basis , -and -.Fn EC_GROUP_get_pentanomial_basis -should only be called for curves defined over an F2^m field. -Addition and multiplication operations within an F2^m field are -performed using an irreducible polynomial function f(x). -This function is either a trinomial of the form: -.Pp -.Dl f(x) = x^m + x^k + 1 with m > k >= 1 -.Pp -or a pentanomial of the form: -.Pp -.Dl f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 -.Pp -The function -.Fn EC_GROUP_get_basis_type -returns a NID identifying whether a trinomial or pentanomial is in -use for the field. -The function -.Fn EC_GROUP_get_trinomial_basis -must only be called where f(x) is of the trinomial form, and returns -the value of -.Fa k . -Similarly, the function -.Fn EC_GROUP_get_pentanomial_basis -must only be called where f(x) is of the pentanomial form, and -returns the values of -.Fa k1 , -.Fa k2 , -and -.Fa k3 . -.Sh RETURN VALUES -The following functions return 1 on success or 0 on error: -.Fn EC_GROUP_copy , -.Fn EC_GROUP_set_generator , -.Fn EC_GROUP_check , -.Fn EC_GROUP_check_discriminant , -.Fn EC_GROUP_get_trinomial_basis , -and -.Fn EC_GROUP_get_pentanomial_basis . -.Pp -.Fn EC_GROUP_dup -returns a pointer to the duplicated curve or -.Dv NULL -on error. -.Pp -.Fn EC_GROUP_method_of -returns the -.Vt EC_METHOD -implementation in use for the given curve or -.Dv NULL -on error. -.Pp -.Fn EC_GROUP_get0_generator -returns the generator for the given curve or -.Dv NULL -on error. -.Pp -.Fn EC_GROUP_get_order , -.Fn EC_GROUP_get_cofactor , -.Fn EC_GROUP_get_curve_name , -.Fn EC_GROUP_get_asn1_flag , -.Fn EC_GROUP_get_point_conversion_form , -and -.Fn EC_GROUP_get_degree -return the order, cofactor, curve name (NID), ASN.1 flag, -point_conversion_form and degree for the specified curve, respectively. -If there is no curve name associated with a curve then -.Fn EC_GROUP_get_curve_name -returns 0. -.Pp -.Fn EC_GROUP_get0_seed -returns a pointer to the seed that was used to generate the parameter -b, or -.Dv NULL -if the seed is not specified. -.Fn EC_GROUP_get_seed_len -returns the length of the seed or 0 if the seed is not specified. -.Pp -.Fn EC_GROUP_set_seed -returns the length of the seed that has been set. -If the supplied seed is -.Dv NULL -or the supplied seed length is 0, the return value will be 1. -On error 0 is returned. -.Pp -.Fn EC_GROUP_cmp -returns 0 if the curves are equal, 1 if they are not equal, -or -1 on error. -.Pp -.Fn EC_GROUP_get_basis_type -returns the values -.Dv NID_X9_62_tpBasis -or -.Dv NID_X9_62_ppBasis -as defined in -.In openssl/obj_mac.h -for a trinomial or pentanomial, respectively. -Alternatively in the event of an error a 0 is returned. -.Sh SEE ALSO -.Xr d2i_ECPKParameters 3 , -.Xr EC_GFp_simple_method 3 , -.Xr EC_GROUP_new 3 , -.Xr EC_KEY_new 3 , -.Xr EC_POINT_add 3 , -.Xr EC_POINT_new 3 -.Sh HISTORY -.Fn EC_GROUP_copy , -.Fn EC_GROUP_method_of , -.Fn EC_GROUP_set_generator , -.Fn EC_GROUP_get0_generator , -.Fn EC_GROUP_get_order , -and -.Fn EC_GROUP_get_cofactor -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn EC_GROUP_dup , -.Fn EC_GROUP_set_curve_name , -.Fn EC_GROUP_get_curve_name , -.Fn EC_GROUP_set_asn1_flag , -.Fn EC_GROUP_get_asn1_flag , -.Fn EC_GROUP_set_point_conversion_form , -.Fn EC_GROUP_get_point_conversion_form , -.Fn EC_GROUP_get0_seed , -.Fn EC_GROUP_get_seed_len , -.Fn EC_GROUP_set_seed , -.Fn EC_GROUP_get_degree , -.Fn EC_GROUP_check , -.Fn EC_GROUP_check_discriminant , -.Fn EC_GROUP_cmp , -.Fn EC_GROUP_get_basis_type , -.Fn EC_GROUP_get_trinomial_basis , -and -.Fn EC_GROUP_get_pentanomial_basis -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/EC_GROUP_new.3 b/src/lib/libcrypto/man/EC_GROUP_new.3 deleted file mode 100644 index a02104f967..0000000000 --- a/src/lib/libcrypto/man/EC_GROUP_new.3 +++ /dev/null @@ -1,366 +0,0 @@ -.\" $OpenBSD: EC_GROUP_new.3,v 1.13 2021/05/11 04:22:32 tb Exp $ -.\" OpenSSL 6328d367 Sat Jul 4 21:58:30 2020 +0200 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 11 2021 $ -.Dt EC_GROUP_NEW 3 -.Os -.Sh NAME -.Nm EC_GROUP_new , -.Nm EC_GROUP_free , -.Nm EC_GROUP_clear_free , -.Nm EC_GROUP_new_curve_GFp , -.Nm EC_GROUP_new_curve_GF2m , -.Nm EC_GROUP_new_by_curve_name , -.Nm EC_GROUP_set_curve , -.Nm EC_GROUP_get_curve , -.Nm EC_GROUP_set_curve_GFp , -.Nm EC_GROUP_get_curve_GFp , -.Nm EC_GROUP_set_curve_GF2m , -.Nm EC_GROUP_get_curve_GF2m , -.Nm EC_get_builtin_curves -.Nd create and destroy EC_GROUP objects -.Sh SYNOPSIS -.In openssl/ec.h -.In openssl/bn.h -.Ft EC_GROUP * -.Fo EC_GROUP_new -.Fa "const EC_METHOD *meth" -.Fc -.Ft void -.Fo EC_GROUP_free -.Fa "EC_GROUP *group" -.Fc -.Ft void -.Fo EC_GROUP_clear_free -.Fa "EC_GROUP *group" -.Fc -.Ft EC_GROUP * -.Fo EC_GROUP_new_curve_GFp -.Fa "const BIGNUM *p" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft EC_GROUP * -.Fo EC_GROUP_new_curve_GF2m -.Fa "const BIGNUM *p" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft EC_GROUP * -.Fo EC_GROUP_new_by_curve_name -.Fa "int nid" -.Fc -.Ft int -.Fo EC_GROUP_set_curve -.Fa "EC_GROUP *group" -.Fa "const BIGNUM *p" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_get_curve -.Fa "const EC_GROUP *group" -.Fa "BIGNUM *p" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_set_curve_GFp -.Fa "EC_GROUP *group" -.Fa "const BIGNUM *p" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_get_curve_GFp -.Fa "const EC_GROUP *group" -.Fa "BIGNUM *p" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_set_curve_GF2m -.Fa "EC_GROUP *group" -.Fa "const BIGNUM *p" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_get_curve_GF2m -.Fa "const EC_GROUP *group" -.Fa "BIGNUM *p" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft size_t -.Fo EC_get_builtin_curves -.Fa "EC_builtin_curve *r" -.Fa "size_t nitems" -.Fc -.Sh DESCRIPTION -The EC library provides functions for performing operations on -elliptic curves over finite fields. -In general, an elliptic curve satisfies an equation of the form: -.Pp -.Dl y^2 = x^3 + ax + b -.Pp -Within the library there are two forms of elliptic curves that are of -interest. -The first form is those defined over the prime field Fp. -The elements of Fp are the integers 0 to p-1, where -.Fa p -is a prime number. -This gives us a revised elliptic curve equation as follows: -.Pp -.Dl y^2 mod p = x^3 + ax + b mod p -.Pp -The second form is those defined over a binary field F2^m where the -elements of the field are integers of length at most m bits. -For this form the elliptic curve equation is modified to: -.Pp -.Dl y^2 + xy = x^3 + ax^2 + b (where b != 0) -.Pp -Operations in a binary field are performed relative to an irreducible -polynomial. -All such curves with OpenSSL use a trinomial or a pentanomial for this -parameter. -.Pp -An -.Vt EC_GROUP -structure is used to represent the definition of an elliptic curve. -A new curve can be constructed by calling -.Fn EC_GROUP_new , -using the implementation provided by -.Fa meth -(see -.Xr EC_GFp_simple_method 3 ) . -It is then necessary to call -.Fn EC_GROUP_set_curve -to set the curve parameters. -.Pp -.Fn EC_GROUP_set_curve -sets the curve parameters -.Fa p , -.Fa a , -and -.Fa b . -For a curve over Fp, -.Fa p -is the prime for the field. -For a curve over F2^m -.Fa p -represents the irreducible polynomial - each bit represents a term in -the polynomial. -Therefore, there will either be three or five bits set dependent on -whether the polynomial is a trinomial or a pentanomial. -In either case, -.Fa a -and -.Fa b -represent the coefficients of the curve equation. -.Pp -.Fn EC_GROUP_set_curve_GFp -and -.Fn EC_GROUP_set_curve_GF2m -are deprecated synonyms for -.Fn EC_GROUP_set_curve . -.Pp -.Fn EC_GROUP_get_curve -obtains the previously set curve parameters. -.Pp -.Fn EC_GROUP_get_curve_GFp -and -.Fn EC_GROUP_get_curve_GF2m -are deprecated synonyms for -.Fn EC_GROUP_get_curve . -.Pp -The functions -.Fn EC_GROUP_new_curve_GFp -and -.Fn EC_GROUP_new_curve_GF2m -are shortcuts for calling -.Fn EC_GROUP_new -and the appropriate -.Fn EC_GROUP_set_curve_* -function. -An appropriate default implementation method will be used. -.Pp -Whilst the library can be used to create any curve using the functions -described above, there are also a number of predefined curves that are -available. -In order to obtain a list of all of the predefined curves, call the -function -.Fn EC_get_builtin_curves . -The parameter -.Fa r -should be an array of -.Vt EC_builtin_cure -structures of size -.Fa nitems . -The function will populate the -.Fa r -array with information about the builtin curves. -If -.Fa nitems -is less than the total number of curves available, then the first -.Fa nitems -curves will be returned. -Otherwise the total number of curves will be provided. -The return value is the total number of curves available (whether that -number has been populated in -.Fa r -or not). -Passing a -.Dv NULL -.Fa r , -or setting -.Fa nitems -to 0, will do nothing other than return the total number of curves -available. -The -.Vt EC_builtin_curve -structure is defined as follows: -.Bd -literal -typedef struct { - int nid; - const char *comment; -} EC_builtin_curve; -.Ed -.Pp -Each -.Vt EC_builtin_curve -item has a unique integer ID -.Pq Fa nid -and a human readable comment string describing the curve. -.Pp -In order to construct a builtin curve use the function -.Fn EC_GROUP_new_by_curve_name -and provide the -.Fa nid -of the curve to be constructed. -.Pp -.Fn EC_GROUP_free -frees the memory associated with the -.Vt EC_GROUP . -If -.Fa group -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn EC_GROUP_clear_free -destroys any sensitive data held within the -.Vt EC_GROUP -and then frees its memory. -If -.Fa group -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -All -.Fn EC_GROUP_new* -functions return a pointer to the newly constructed group or -.Dv NULL -on error. -.Pp -.Fn EC_get_builtin_curves -returns the number of builtin curves that are available. -.Pp -.Fn EC_GROUP_set_curve , -.Fn EC_GROUP_get_curve , -.Fn EC_GROUP_set_curve_GFp , -.Fn EC_GROUP_get_curve_GFp , -.Fn EC_GROUP_set_curve_GF2m , -and -.Fn EC_GROUP_get_curve_GF2m -return 1 on success or 0 on error. -.Sh SEE ALSO -.Xr crypto 3 , -.Xr d2i_ECPKParameters 3 , -.Xr EC_GFp_simple_method 3 , -.Xr EC_GROUP_copy 3 , -.Xr EC_KEY_new 3 , -.Xr EC_POINT_add 3 , -.Xr EC_POINT_new 3 , -.Xr ECDH_compute_key 3 , -.Xr ECDSA_SIG_new 3 -.Sh HISTORY -.Fn EC_GROUP_new , -.Fn EC_GROUP_free , -.Fn EC_GROUP_clear_free , -.Fn EC_GROUP_new_curve_GFp , -.Fn EC_GROUP_set_curve_GFp , -and -.Fn EC_GROUP_get_curve_GFp -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn EC_GROUP_new_curve_GF2m , -.Fn EC_GROUP_new_by_curve_name , -.Fn EC_GROUP_set_curve_GF2m , -.Fn EC_GROUP_get_curve_GF2m , -and -.Fn EC_get_builtin_curves -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Fn EC_GROUP_set_curve -and -.Fn EC_GROUP_get_curve -first appeared in OpenSSL 1.1.1 and have been available since -.Ox 7.0 . diff --git a/src/lib/libcrypto/man/EC_KEY_METHOD_new.3 b/src/lib/libcrypto/man/EC_KEY_METHOD_new.3 deleted file mode 100644 index 383688b0ef..0000000000 --- a/src/lib/libcrypto/man/EC_KEY_METHOD_new.3 +++ /dev/null @@ -1,325 +0,0 @@ -.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.1 2019/08/16 16:15:50 schwarze Exp $ -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 16 2019 $ -.Dt EC_KEY_METHOD_NEW 3 -.Os -.Sh NAME -.Nm EC_KEY_METHOD_new , -.Nm EC_KEY_METHOD_free , -.Nm EC_KEY_METHOD_set_init , -.Nm EC_KEY_METHOD_get_init , -.Nm EC_KEY_METHOD_set_sign , -.Nm EC_KEY_METHOD_get_sign , -.Nm EC_KEY_METHOD_set_verify , -.Nm EC_KEY_METHOD_get_verify , -.Nm EC_KEY_METHOD_set_keygen , -.Nm EC_KEY_METHOD_get_keygen , -.Nm EC_KEY_METHOD_set_compute_key , -.Nm EC_KEY_METHOD_get_compute_key , -.Nm EC_KEY_OpenSSL , -.Nm EC_KEY_set_default_method , -.Nm EC_KEY_get_default_method , -.Nm EC_KEY_new_method , -.Nm EC_KEY_set_method , -.Nm EC_KEY_get_method -.Nd custom EC_KEY implementations -.Sh SYNOPSIS -.In openssl/ec.h -.Ft EC_KEY_METHOD * -.Fo EC_KEY_METHOD_new -.Fa "const EC_KEY_METHOD *meth" -.Fc -.Ft void -.Fo EC_KEY_METHOD_free -.Fa "EC_KEY_METHOD *meth" -.Fc -.Ft void -.Fo EC_KEY_METHOD_set_init -.Fa "EC_KEY_METHOD *meth" -.Fa "int (*init)(EC_KEY *key)" -.Fa "void (*finish)(EC_KEY *key)" -.Fa "int (*copy)(EC_KEY *dest, const EC_KEY *src)" -.Fa "int (*set_group)(EC_KEY *key, const EC_GROUP *grp)" -.Fa "int (*set_private)(EC_KEY *key, const BIGNUM *priv_key)" -.Fa "int (*set_public)(EC_KEY *key, const EC_POINT *pub_key)" -.Fc -.Ft void -.Fo EC_KEY_METHOD_get_init -.Fa "const EC_KEY_METHOD *meth" -.Fa "int (**pinit)(EC_KEY *key)" -.Fa "void (**pfinish)(EC_KEY *key)" -.Fa "int (**pcopy)(EC_KEY *dest, const EC_KEY *src)" -.Fa "int (**pset_group)(EC_KEY *key, const EC_GROUP *grp)" -.Fa "int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key)" -.Fa "int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)" -.Fc -.In openssl/ecdsa.h -.Ft void -.Fo EC_KEY_METHOD_set_sign -.Fa "EC_KEY_METHOD *meth" -.Fa "int (*sign)(int type, const unsigned char *dgst, int dgstlen,\ - unsigned char *sig, unsigned int *siglen,\ - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)" -.Fa "int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx,\ - BIGNUM **kinv, BIGNUM **rp)" -.Fa "ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgstlen,\ - const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey)" -.Fc -.Ft void -.Fo EC_KEY_METHOD_get_sign -.Fa "const EC_KEY_METHOD *meth" -.Fa "int (**psign)(int type, const unsigned char *dgst, int dgstlen,\ - unsigned char *sig, unsigned int *siglen,\ - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)" -.Fa "int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx,\ - BIGNUM **kinv, BIGNUM **rp)" -.Fa "ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, int dgstlen,\ - const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey)" -.Fc -.Ft void -.Fo EC_KEY_METHOD_set_verify -.Fa "EC_KEY_METHOD *meth" -.Fa "int (*verify)(int type, const unsigned char *dgst, int dgst_len,\ - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)" -.Fa "int (*verify_sig)(const unsigned char *dgst, int dgst_len,\ - const ECDSA_SIG *sig, EC_KEY *eckey)" -.Fc -.Ft void -.Fo EC_KEY_METHOD_get_verify -.Fa "const EC_KEY_METHOD *meth" -.Fa "int (**pverify)(int type, const unsigned char *dgst, int dgst_len,\ - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)" -.Fa "int (**pverify_sig)(const unsigned char *dgst, int dgst_len,\ - const ECDSA_SIG *sig, EC_KEY *eckey)" -.Fc -.In openssl/ec.h -.Ft void -.Fo EC_KEY_METHOD_set_keygen -.Fa "EC_KEY_METHOD *meth" -.Fa "int (*keygen)(EC_KEY *key)" -.Fc -.Ft void -.Fo EC_KEY_METHOD_get_keygen -.Fa "const EC_KEY_METHOD *meth" -.Fa "int (**pkeygen)(EC_KEY *key)" -.Fc -.Ft void -.Fo EC_KEY_METHOD_set_compute_key -.Fa "EC_KEY_METHOD *meth" -.Fa "int (*ckey)(void *out, size_t outlen,\ - const EC_POINT *pub_key, EC_KEY *ecdh,\ - void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))" -.Fc -.Ft void -.Fo EC_KEY_METHOD_get_compute_key -.Fa "const EC_KEY_METHOD *meth" -.Fa "int (**pck)(void *out, size_t outlen,\ - const EC_POINT *pub_key, EC_KEY *ecdh,\ - void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))" -.Fc -.Ft const EC_KEY_METHOD * -.Fn EC_KEY_OpenSSL void -.Ft void -.Fo EC_KEY_set_default_method -.Fa "const EC_KEY_METHOD *meth" -.Fc -.Ft const EC_KEY_METHOD * -.Fn EC_KEY_get_default_method void -.Ft EC_KEY * -.Fo EC_KEY_new_method -.Fa "ENGINE *engine" -.Fc -.Ft int -.Fo EC_KEY_set_method -.Fa "EC_KEY *key" -.Fa "const EC_KEY_METHOD *meth" -.Fc -.Ft const EC_KEY_METHOD * -.Fo EC_KEY_get_method -.Fa "const EC_KEY *key" -.Fc -.Sh DESCRIPTION -An -.Vt EC_KEY_METHOD -object holds function pointers used for -.Vt EC_KEY -operations. -.Pp -.Fn EC_KEY_METHOD_new -creates a shallow copy of -.Fa meth , -or an empty -.Vt EC_KEY_METHOD -object if -.Fa meth -is -.Dv NULL . -.Pp -.Fn EC_KEY_METHOD_free -frees -.Fa meth . -If -.Fa meth -is -.Dv NULL -or the return value of -.Fn EC_KEY_OpenSSL , -no action occurs. -.Pp -.Fn EC_KEY_METHOD_set_init -and -.Fn EC_KEY_METHOD_get_init -set and retrieve optional callback functions called at the following places: -.Pp -.Bl -tag -width set_private -compact -.It Fa init -at the end of -.Fn EC_KEY_new_method -and -.Fn EC_KEY_set_method -.It Fa finish -at the beginning of -.Xr EC_KEY_free 3 , -.Xr EC_KEY_copy 3 , -and -.Fn EC_KEY_set_method -.It Fa copy -at the end of -.Xr EC_KEY_copy 3 -.It Fa set_group -at the end of -.Xr EC_KEY_set_group 3 -and -.Xr EC_KEY_new_by_curve_name 3 -.It Fa set_private -at the beginning of -.Xr EC_KEY_set_private_key 3 -.It Fa set_public -at the beginning of -.Xr EC_KEY_set_public_key 3 -.El -.Pp -If any of these callbacks returns 0, the calling function fails. -By default, all these callbacks are -.Dv NULL . -Arguments of -.Fn EC_KEY_METHOD_get_init -can be set to -.Dv NULL -to selectively retrieve callback function pointers. -.Pp -.Fn EC_KEY_METHOD_set_sign -and -.Fn EC_KEY_METHOD_get_sign -set and retrieve the functions implementing -.Xr ECDSA_sign_ex 3 , -.Xr ECDSA_sign_setup 3 , -and -.Xr ECDSA_do_sign_ex 3 . -.Pp -.Fn EC_KEY_METHOD_set_verify -and -.Fn EC_KEY_METHOD_get_verify -set and retrieve the functions implementing -.Xr ECDSA_verify 3 -and -.Xr ECDSA_do_verify 3 . -.Pp -.Fn EC_KEY_METHOD_set_keygen -and -.Fn EC_KEY_METHOD_get_keygen -set and retrieve the function implementing -.Xr EC_KEY_generate_key 3 . -.Pp -.Fn EC_KEY_METHOD_set_compute_key -and -.Fn EC_KEY_METHOD_get_compute_key -set and retrieve the function implementing -.Xr ECDH_compute_key 3 . -.Pp -.Fn EC_KEY_set_default_method -chooses the -.Fa meth -to be used for the creation of new -.Vt EC_KEY -objects by future invocations of -.Fn EC_KEY_new_method , -or reverts to the default implementation if -.Fa meth -is -.Dv NULL . -.Pp -.Fn EC_KEY_new_method -creates and initializes a new -.Vt EC_KEY -object using the given -.Fa engine , -or the using the -.Vt EC_KEY_METHOD -set with -.Fn EC_KEY_set_default_method -if -.Fa engine -is -.Dv NULL , -or using the default EC_KEY implementation by default. -.Pp -.Fn EC_KEY_set_method -dissociates the -.Fa key -from the -.Vt ENGINE -it is using, if any, and causes it to use -.Fa meth -in the future. -.Sh RETURN VALUES -.Fn EC_KEY_METHOD_new -returns the newly allocated -.Vt EC_KEY_METHOD -object or -.Dv NULL -if an error occurs. -.Pp -.Fn EC_KEY_OpenSSL -returns a static object representing the default EC_KEY implementation. -.Pp -.Fn EC_KEY_get_default_method -returns the -.Vt EC_KEY_METHOD -that -.Fn EC_KEY_new_method -will use for the creation of new -.Vt EC_KEY -objects in the future. -.Pp -.Fn EC_KEY_new_method -returns the newly allocated -.Vt EC_KEY -object or NULL if an error occurs. -.Pp -.Fn EC_KEY_set_method -returns 1 for success or 0 for failure. -.Pp -.Fn EC_KEY_get_method -returns the EC_KEY implementation used by the given -.Fa key . -.Sh SEE ALSO -.Xr EC_KEY_new 3 , -.Xr ECDSA_sign 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 6.5 . diff --git a/src/lib/libcrypto/man/EC_KEY_new.3 b/src/lib/libcrypto/man/EC_KEY_new.3 deleted file mode 100644 index ef3028c4b7..0000000000 --- a/src/lib/libcrypto/man/EC_KEY_new.3 +++ /dev/null @@ -1,570 +0,0 @@ -.\" $OpenBSD: EC_KEY_new.3,v 1.16 2020/09/08 03:25:15 tb Exp $ -.\" full merge up to: OpenSSL 3aef36ff Jan 5 13:06:03 2016 -0500 -.\" partial merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2013, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 8 2020 $ -.Dt EC_KEY_NEW 3 -.Os -.Sh NAME -.Nm EC_KEY_new , -.Nm EC_KEY_get_flags , -.Nm EC_KEY_set_flags , -.Nm EC_KEY_clear_flags , -.Nm EC_KEY_new_by_curve_name , -.Nm EC_KEY_free , -.Nm EC_KEY_copy , -.Nm EC_KEY_dup , -.Nm EC_KEY_up_ref , -.Nm EC_KEY_get0_group , -.Nm EC_KEY_set_group , -.Nm EC_KEY_get0_private_key , -.Nm EC_KEY_set_private_key , -.Nm EC_KEY_get0_public_key , -.Nm EC_KEY_set_public_key , -.Nm EC_KEY_get_enc_flags , -.Nm EC_KEY_set_enc_flags , -.Nm EC_KEY_get_conv_form , -.Nm EC_KEY_set_conv_form , -.Nm EC_KEY_get_key_method_data , -.Nm EC_KEY_insert_key_method_data , -.Nm EC_KEY_set_asn1_flag , -.Nm EC_KEY_precompute_mult , -.Nm EC_KEY_generate_key , -.Nm EC_KEY_check_key , -.Nm EC_KEY_set_public_key_affine_coordinates , -.Nm EC_KEY_print , -.Nm EC_KEY_print_fp -.Nd create, destroy and manipulate EC_KEY objects -.Sh SYNOPSIS -.In openssl/ec.h -.In openssl/bn.h -.Ft EC_KEY * -.Fn EC_KEY_new void -.Ft int -.Fo EC_KEY_get_flags -.Fa "const EC_KEY *key" -.Fc -.Ft void -.Fo EC_KEY_set_flags -.Fa "EC_KEY *key" -.Fa "int flags" -.Fc -.Ft void -.Fo EC_KEY_clear_flags -.Fa "EC_KEY *key" -.Fa "int flags" -.Fc -.Ft EC_KEY * -.Fo EC_KEY_new_by_curve_name -.Fa "int nid" -.Fc -.Ft void -.Fo EC_KEY_free -.Fa "EC_KEY *key" -.Fc -.Ft EC_KEY * -.Fo EC_KEY_copy -.Fa "EC_KEY *dst" -.Fa "const EC_KEY *src" -.Fc -.Ft EC_KEY * -.Fo EC_KEY_dup -.Fa "const EC_KEY *src" -.Fc -.Ft int -.Fo EC_KEY_up_ref -.Fa "EC_KEY *key" -.Fc -.Ft const EC_GROUP * -.Fo EC_KEY_get0_group -.Fa "const EC_KEY *key" -.Fc -.Ft int -.Fo EC_KEY_set_group -.Fa "EC_KEY *key" -.Fa "const EC_GROUP *group" -.Fc -.Ft const BIGNUM * -.Fo EC_KEY_get0_private_key -.Fa "const EC_KEY *key" -.Fc -.Ft int -.Fo EC_KEY_set_private_key -.Fa "EC_KEY *key" -.Fa "const BIGNUM *prv" -.Fc -.Ft const EC_POINT * -.Fo EC_KEY_get0_public_key -.Fa "const EC_KEY *key" -.Fc -.Ft int -.Fo EC_KEY_set_public_key -.Fa "EC_KEY *key" -.Fa "const EC_POINT *pub" -.Fc -.Ft unsigned int -.Fo EC_KEY_get_enc_flags -.Fa "const EC_KEY *key" -.Fc -.Ft void -.Fo EC_KEY_set_enc_flags -.Fa "EC_KEY *key" -.Fa "unsigned int flags" -.Fc -.Ft point_conversion_form_t -.Fo EC_KEY_get_conv_form -.Fa "const EC_KEY *key" -.Fc -.Ft void -.Fo EC_KEY_set_conv_form -.Fa "EC_KEY *key" -.Fa "point_conversion_form_t cform" -.Fc -.Ft void * -.Fo EC_KEY_get_key_method_data -.Fa "EC_KEY *key" -.Fa "void *(*dup_func)(void *)" -.Fa "void (*free_func)(void *)" -.Fa "void (*clear_free_func)(void *)" -.Fc -.Ft void -.Fo EC_KEY_insert_key_method_data -.Fa "EC_KEY *key" -.Fa "void *data" -.Fa "void *(*dup_func)(void *)" -.Fa "void (*free_func)(void *)" -.Fa "void (*clear_free_func)(void *)" -.Fc -.Ft void -.Fo EC_KEY_set_asn1_flag -.Fa "EC_KEY *key" -.Fa "int asn1_flag" -.Fc -.Ft int -.Fo EC_KEY_precompute_mult -.Fa "EC_KEY *key" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_KEY_generate_key -.Fa "EC_KEY *key" -.Fc -.Ft int -.Fo EC_KEY_check_key -.Fa "const EC_KEY *key" -.Fc -.Ft int -.Fo EC_KEY_set_public_key_affine_coordinates -.Fa "EC_KEY *key" -.Fa "BIGNUM *x" -.Fa "BIGNUM *y" -.Fc -.Ft int -.Fo EC_KEY_print -.Fa "BIO *bp" -.Fa "const EC_KEY *key" -.Fa "int off" -.Fc -.Ft int -.Fo EC_KEY_print_fp -.Fa "FILE *fp" -.Fa "const EC_KEY *key" -.Fa "int off" -.Fc -.Sh DESCRIPTION -An -.Vt EC_KEY -represents a public key and (optionally) an associated private key. -The public key is a point on a curve represented by an -.Vt EC_POINT , -see -.Xr EC_POINT_new 3 . -The private key is simply a -.Vt BIGNUM , -see -.Xr BN_new 3 . -.Pp -A new -.Vt EC_KEY -(with no associated curve) can be constructed by calling -.Fn EC_KEY_new . -The reference count for the newly created -.Vt EC_KEY -is initially set to 1. -A curve can be associated with the -.Vt EC_KEY -by calling -.Fn EC_KEY_set_group . -.Pp -Alternatively a new -.Vt EC_KEY -can be constructed by calling -.Fn EC_KEY_new_by_curve_name -and supplying the -.Fa nid -of the associated curve. -Refer to -.Xr EC_GROUP_new 3 -for a description of curve names. -This function simply wraps calls to -.Fn EC_KEY_new -and -.Fn EC_GROUP_new_by_curve_name . -.Pp -Calling -.Fn EC_KEY_free -decrements the reference count for the -.Vt EC_KEY -object and, if it has dropped to zero, then frees the memory associated -with it. -If -.Fa key -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn EC_KEY_copy -copies the contents of the -.Vt EC_KEY -in -.Fa src -into -.Fa dst . -.Pp -.Fn EC_KEY_dup -creates a new -.Vt EC_KEY -object and copies -.Fa src -into it. -.Pp -.Fn EC_KEY_up_ref -increments the reference count associated with the -.Vt EC_KEY -object. -.Pp -.Fn EC_KEY_generate_key -generates a new public and private key for the supplied -.Fa key -object. -.Fa key -must have an -.Vt EC_GROUP -object associated with it before calling this function. -The private key is a random integer (0 < priv_key < order, where order -is the order of the -.Vt EC_GROUP -object). -The public key is an -.Vt EC_POINT -on the curve calculated by multiplying the generator for the curve -by the private key. -.Pp -.Fn EC_KEY_check_key -performs various sanity checks on the -.Vt EC_KEY -object to confirm that it is valid. -.Pp -.Fn EC_KEY_set_public_key_affine_coordinates -sets the public key for -.Fa key -based on its affine coordinates, i.e. it constructs an -.Vt EC_POINT -object based on the supplied -.Fa x -and -.Fa y -values and sets the public key to be this -.Vt EC_POINT . -It also performs certain sanity checks on the key to confirm that -it is valid. -.Pp -The functions -.Fn EC_KEY_get0_group , -.Fn EC_KEY_set_group , -.Fn EC_KEY_get0_private_key , -.Fn EC_KEY_set_private_key , -.Fn EC_KEY_get0_public_key , -and -.Fn EC_KEY_set_public_key -get and set the -.Vt EC_GROUP -object, the private key and the -.Vt EC_POINT -public key for the -.Fa key , -respectively. -.Pp -The functions -.Fn EC_KEY_get_enc_flags -and -.Fn EC_KEY_set_enc_flags -get and set the value of the encoding flags for the -.Fa key . -There are two encoding flags currently defined: -.Dv EC_PKEY_NO_PARAMETERS -and -.Dv EC_PKEY_NO_PUBKEY . -These flags define the behaviour of how the -.Fa key -is converted into ASN.1 in a call to -.Fn i2d_ECPrivateKey . -If -.Dv EC_PKEY_NO_PARAMETERS -is set then the public parameters for the curve -are not encoded along with the private key. -If -.Dv EC_PKEY_NO_PUBKEY -is set then the public key is not encoded along with the private -key. -.Pp -The format of the external representation of the public key written by -.Xr i2d_ECPrivateKey 3 , -such as whether it is stored in a compressed form or not, -is described by the point_conversion_form. -See -.Xr EC_GROUP_copy 3 -for a description of point_conversion_form. -.Pp -When reading a private key encoded without an associated public key, -for example if -.Dv EC_PKEY_NO_PUBKEY -was used, -.Xr d2i_ECPrivateKey 3 -generates the missing public key automatically. -Private keys encoded without parameters, for example if -.Dv EC_PKEY_NO_PARAMETERS -was used, cannot be loaded using -.Xr d2i_ECPrivateKey 3 . -.Pp -The functions -.Fn EC_KEY_get_conv_form -and -.Fn EC_KEY_set_conv_form -get and set the point_conversion_form for the -.Fa key . -For a description of point_conversion_form please refer to -.Xr EC_GROUP_copy 3 . -.Pp -.Fn EC_KEY_insert_key_method_data -and -.Fn EC_KEY_get_key_method_data -enable the caller to associate arbitrary additional data specific -to the elliptic curve scheme being used with the -.Vt EC_KEY -object. -This data is treated as a "black box" by the EC library. -The data to be stored by -.Fn EC_KEY_insert_key_method_data -is provided in the -.Fa data -parameter, which must have associated functions for duplicating, freeing -and "clear_freeing" the data item. -If a subsequent -.Fn EC_KEY_get_key_method_data -call is issued, the functions for duplicating, freeing and -"clear_freeing" the data item must be provided again, and they must -be the same as they were when the data item was inserted. -.Pp -.Fn EC_KEY_set_flags -sets the flags in the -.Fa flags -parameter on the -.Vt EC_KEY -object. -Any flags that are already set are left set. -The currently defined standard flags are -.Dv EC_FLAG_NON_FIPS_ALLOW -and -.Dv EC_FLAG_FIPS_CHECKED . -In addition there is the flag -.Dv EC_FLAG_COFACTOR_ECDH -which is specific to ECDH and is defined in -.In openssl/ecdh.h . -.Fn EC_KEY_get_flags -returns the current flags that are set for this -.Vt EC_KEY . -.Fn EC_KEY_clear_flags -clears the flags indicated by the -.Fa flags -parameter. -All other flags are left in their existing state. -.Pp -.Fn EC_KEY_set_asn1_flag -sets the asn1_flag on the underlying -.Vt EC_GROUP -object (if set). -Refer to -.Xr EC_GROUP_copy 3 -for further information on the asn1_flag. -.Pp -.Fn EC_KEY_precompute_mult -stores multiples of the underlying -.Vt EC_GROUP -generator for faster point multiplication. -See also -.Xr EC_POINT_add 3 . -.Pp -.Fn EC_KEY_print -and -.Fn EC_KEY_print_fp -print out the content of -.Fa key -to the -.Vt BIO -.Fa bp -or to the -.Vt FILE -pointer -.Fa fp , -respectively. -Each line is indented by -.Fa indent -spaces. -.Sh RETURN VALUES -.Fn EC_KEY_new , -.Fn EC_KEY_new_by_curve_name , -and -.Fn EC_KEY_dup -return a pointer to the newly created -.Vt EC_KEY object -or -.Dv NULL -on error. -.Pp -.Fn EC_KEY_get_flags -returns the flags associated with the -.Vt EC_KEY object . -.Pp -.Fn EC_KEY_copy -returns a pointer to the destination key or -.Dv NULL -on error. -In the latter case, part of the content may already have been copied. -.Pp -.Fn EC_KEY_up_ref , -.Fn EC_KEY_set_group , -.Fn EC_KEY_set_private_key , -.Fn EC_KEY_set_public_key , -.Fn EC_KEY_precompute_mult , -.Fn EC_KEY_generate_key , -.Fn EC_KEY_check_key , -.Fn EC_KEY_set_public_key_affine_coordinates , -.Fn EC_KEY_print , -and -.Fn EC_KEY_print_fp -return 1 on success or 0 on error. -.Pp -.Fn EC_KEY_get0_group -returns the -.Vt EC_GROUP -associated with the -.Vt EC_KEY . -.Pp -.Fn EC_KEY_get0_private_key -and -.Fn EC_KEY_get0_public_key -return the private or public keys, respectively, associated with the -.Vt EC_KEY . -.Pp -.Fn EC_KEY_get_enc_flags -returns the value of the current encoding flags for the -.Vt EC_KEY . -.Pp -.Fn EC_KEY_get_conv_form -returns the point_conversion_form for the -.Vt EC_KEY . -.Sh SEE ALSO -.Xr d2i_ECPKParameters 3 , -.Xr EC_GFp_simple_method 3 , -.Xr EC_GROUP_copy 3 , -.Xr EC_GROUP_new 3 , -.Xr EC_KEY_METHOD_new 3 , -.Xr EC_POINT_add 3 , -.Xr EC_POINT_new 3 , -.Xr ECDH_compute_key 3 , -.Xr ECDSA_SIG_new 3 , -.Xr EVP_PKEY_set1_EC_KEY 3 -.Sh HISTORY -.Fn EC_KEY_new , -.Fn EC_KEY_new_by_curve_name , -.Fn EC_KEY_free , -.Fn EC_KEY_copy , -.Fn EC_KEY_dup , -.Fn EC_KEY_up_ref , -.Fn EC_KEY_get0_group , -.Fn EC_KEY_set_group , -.Fn EC_KEY_get0_private_key , -.Fn EC_KEY_set_private_key , -.Fn EC_KEY_get0_public_key , -.Fn EC_KEY_set_public_key , -.Fn EC_KEY_get_enc_flags , -.Fn EC_KEY_set_enc_flags , -.Fn EC_KEY_get_conv_form , -.Fn EC_KEY_set_conv_form , -.Fn EC_KEY_get_key_method_data , -.Fn EC_KEY_insert_key_method_data , -.Fn EC_KEY_set_asn1_flag , -.Fn EC_KEY_precompute_mult , -.Fn EC_KEY_generate_key , -.Fn EC_KEY_check_key , -.Fn EC_KEY_print , -and -.Fn EC_KEY_print_fp -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn EC_KEY_get_flags , -.Fn EC_KEY_set_flags , -.Fn EC_KEY_clear_flags , -and -.Fn EC_KEY_set_public_key_affine_coordinates -first appeared in OpenSSL 1.0.1 and have been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/EC_POINT_add.3 b/src/lib/libcrypto/man/EC_POINT_add.3 deleted file mode 100644 index 7c3ecbb1ad..0000000000 --- a/src/lib/libcrypto/man/EC_POINT_add.3 +++ /dev/null @@ -1,310 +0,0 @@ -.\" $OpenBSD: EC_POINT_add.3,v 1.11 2018/07/16 17:37:25 tb Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 16 2018 $ -.Dt EC_POINT_ADD 3 -.Os -.Sh NAME -.Nm EC_POINT_add , -.Nm EC_POINT_dbl , -.Nm EC_POINT_invert , -.Nm EC_POINT_is_at_infinity , -.Nm EC_POINT_is_on_curve , -.Nm EC_POINT_cmp , -.Nm EC_POINT_make_affine , -.Nm EC_POINTs_make_affine , -.Nm EC_POINTs_mul , -.Nm EC_POINT_mul , -.Nm EC_GROUP_precompute_mult , -.Nm EC_GROUP_have_precompute_mult -.Nd perform mathematical operations and tests on EC_POINT objects -.Sh SYNOPSIS -.In openssl/ec.h -.In openssl/bn.h -.Ft int -.Fo EC_POINT_add -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *r" -.Fa "const EC_POINT *a" -.Fa "const EC_POINT *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_dbl -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *r" -.Fa "const EC_POINT *a" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_invert -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *a" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_is_at_infinity -.Fa "const EC_GROUP *group" -.Fa "const EC_POINT *p" -.Fc -.Ft int -.Fo EC_POINT_is_on_curve -.Fa "const EC_GROUP *group" -.Fa "const EC_POINT *point" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_cmp -.Fa "const EC_GROUP *group" -.Fa "const EC_POINT *a" -.Fa "const EC_POINT *b" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_make_affine -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *point" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINTs_make_affine -.Fa "const EC_GROUP *group" -.Fa "size_t num" -.Fa "EC_POINT *points[]" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINTs_mul -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *r" -.Fa "const BIGNUM *n" -.Fa "size_t num" -.Fa "const EC_POINT *p[]" -.Fa "const BIGNUM *m[]" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_mul -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *r" -.Fa "const BIGNUM *n" -.Fa "const EC_POINT *q" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_precompute_mult -.Fa "EC_GROUP *group" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_GROUP_have_precompute_mult -.Fa "const EC_GROUP *group" -.Fc -.Sh DESCRIPTION -These functions operate on -.Vt EC_POINT -objects created by -.Xr EC_POINT_new 3 . -.Pp -.Fn EC_POINT_add -adds the two points -.Fa a -and -.Fa b -and places the result in -.Fa r . -Similarly -.Fn EC_POINT_dbl -doubles the point -.Fa a -and places the result in -.Fa r . -In both cases it is valid for -.Fa r -to be one of -.Fa a -or -.Fa b . -.Pp -.Fn EC_POINT_invert -calculates the inverse of the supplied point -.Fa a . -The result is placed back in -.Fa a . -.Pp -The function -.Fn EC_POINT_is_at_infinity -tests whether the supplied point is at infinity or not. -.Pp -.Fn EC_POINT_is_on_curve -tests whether the supplied point is on the curve or not. -.Pp -.Fn EC_POINT_cmp -compares the two supplied points and tests whether or not they are -equal. -.Pp -The functions -.Fn EC_POINT_make_affine -and -.Fn EC_POINTs_make_affine -force the internal representation of the -.Vt EC_POINT Ns s -into the affine coordinate system. -In the case of -.Fn EC_POINTs_make_affine , -the value -.Fa num -provides the number of points in the array -.Fa points -to be forced. -.Pp -.Fn EC_POINT_mul -calculates the value -.Pp -.D1 generator * n + q * m -.Pp -and stores the result in -.Fa r . -The value -.Fa n -may be -.Dv NULL , -in which case the result is just -.Pp -.Dl q * m. -.Pp -.Fn EC_POINTs_mul -only supports the values 0 and 1 for -.Fa num . -If it is 1, then -.Fn EC_POINTs_mul -calculates the value -.Pp -.Dl generator * n + q[0] * m[0]. -.Pp -If -.Fa num -is 0 then -.Fa q -and -.Fa m -must be -.Dv NULL , -and the result is just -.Pp -.Dl generator * n . -.Pp -As for -.Fn EC_POINT_mul , -the value -.Fa n -may be -.Dv NULL . -.Pp -The function -.Fn EC_GROUP_precompute_mult -stores multiples of the generator for faster point multiplication, -whilst -.Fn EC_GROUP_have_precompute_mult -tests whether precomputation has already been done. -See -.Xr EC_GROUP_copy 3 -for information about the generator. -.Sh RETURN VALUES -The following functions return 1 on success or 0 on error: -.Fn EC_POINT_add , -.Fn EC_POINT_dbl , -.Fn EC_POINT_invert , -.Fn EC_POINT_make_affine , -.Fn EC_POINTs_make_affine , -.Fn EC_POINTs_make_affine , -.Fn EC_POINT_mul , -.Fn EC_POINTs_mul , -and -.Fn EC_GROUP_precompute_mult . -.Pp -.Fn EC_POINT_is_at_infinity -returns 1 if the point is at infinity or 0 otherwise. -.Pp -.Fn EC_POINT_is_on_curve -returns 1 if the point is on the curve, 0 if not, or -1 on error. -.Pp -.Fn EC_POINT_cmp -returns 1 if the points are not equal, 0 if they are, or -1 on error. -.Pp -.Fn EC_GROUP_have_precompute_mult -returns 1 if a precomputation has been done or 0 if not. -.Sh SEE ALSO -.Xr d2i_ECPKParameters 3 , -.Xr EC_GFp_simple_method 3 , -.Xr EC_GROUP_copy 3 , -.Xr EC_GROUP_new 3 , -.Xr EC_KEY_new 3 , -.Xr EC_POINT_new 3 -.Sh HISTORY -.Fn EC_POINT_add , -.Fn EC_POINT_dbl , -.Fn EC_POINT_invert , -.Fn EC_POINT_is_at_infinity , -.Fn EC_POINT_is_on_curve , -.Fn EC_POINT_cmp , -.Fn EC_POINT_make_affine , -.Fn EC_POINTs_make_affine , -.Fn EC_POINTs_mul , -.Fn EC_POINT_mul , -and -.Fn EC_GROUP_precompute_mult -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn EC_GROUP_have_precompute_mult -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/EC_POINT_new.3 b/src/lib/libcrypto/man/EC_POINT_new.3 deleted file mode 100644 index c70755352d..0000000000 --- a/src/lib/libcrypto/man/EC_POINT_new.3 +++ /dev/null @@ -1,566 +0,0 @@ -.\" $OpenBSD: EC_POINT_new.3,v 1.13 2021/05/13 05:52:28 tb Exp $ -.\" full merge up to: OpenSSL 50db8163 Jul 30 16:56:41 2018 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2013, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 13 2021 $ -.Dt EC_POINT_NEW 3 -.Os -.Sh NAME -.Nm EC_POINT_new , -.Nm EC_POINT_free , -.Nm EC_POINT_clear_free , -.Nm EC_POINT_copy , -.Nm EC_POINT_dup , -.Nm EC_POINT_method_of , -.Nm EC_POINT_set_to_infinity , -.Nm EC_POINT_set_affine_coordinates , -.Nm EC_POINT_set_affine_coordinates_GFp , -.Nm EC_POINT_set_affine_coordinates_GF2m , -.Nm EC_POINT_get_affine_coordinates , -.Nm EC_POINT_get_affine_coordinates_GFp , -.Nm EC_POINT_get_affine_coordinates_GF2m , -.Nm EC_POINT_set_Jprojective_coordinates_GFp , -.Nm EC_POINT_get_Jprojective_coordinates_GFp , -.Nm EC_POINT_set_compressed_coordinates , -.Nm EC_POINT_set_compressed_coordinates_GFp , -.Nm EC_POINT_set_compressed_coordinates_GF2m , -.Nm EC_POINT_point2oct , -.Nm EC_POINT_oct2point , -.Nm EC_POINT_point2bn , -.Nm EC_POINT_bn2point , -.Nm EC_POINT_point2hex , -.Nm EC_POINT_hex2point -.Nd create, destroy, and manipulate EC_POINT objects -.Sh SYNOPSIS -.In openssl/ec.h -.In openssl/bn.h -.Ft EC_POINT * -.Fo EC_POINT_new -.Fa "const EC_GROUP *group" -.Fc -.Ft void -.Fo EC_POINT_free -.Fa "EC_POINT *point" -.Fc -.Ft void -.Fo EC_POINT_clear_free -.Fa "EC_POINT *point" -.Fc -.Ft int -.Fo EC_POINT_copy -.Fa "EC_POINT *dst" -.Fa "const EC_POINT *src" -.Fc -.Ft EC_POINT * -.Fo EC_POINT_dup -.Fa "const EC_POINT *src" -.Fa "const EC_GROUP *group" -.Fc -.Ft const EC_METHOD * -.Fo EC_POINT_method_of -.Fa "const EC_POINT *point" -.Fc -.Ft int -.Fo EC_POINT_set_to_infinity -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *point" -.Fc -.Ft int -.Fo EC_POINT_set_affine_coordinates -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *p" -.Fa "const BIGNUM *x" -.Fa "const BIGNUM *y" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_set_affine_coordinates_GFp -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *p" -.Fa "const BIGNUM *x" -.Fa "const BIGNUM *y" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_set_affine_coordinates_GF2m -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *p" -.Fa "const BIGNUM *x" -.Fa "const BIGNUM *y" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_get_affine_coordinates -.Fa "const EC_GROUP *group" -.Fa "const EC_POINT *p" -.Fa "BIGNUM *x" -.Fa "BIGNUM *y" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_get_affine_coordinates_GFp -.Fa "const EC_GROUP *group" -.Fa "const EC_POINT *p" -.Fa "BIGNUM *x" -.Fa "BIGNUM *y" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_get_affine_coordinates_GF2m -.Fa "const EC_GROUP *group" -.Fa "const EC_POINT *p" -.Fa "BIGNUM *x" -.Fa "BIGNUM *y" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_set_Jprojective_coordinates_GFp -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *p" -.Fa "const BIGNUM *x" -.Fa "const BIGNUM *y" -.Fa "const BIGNUM *z" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_get_Jprojective_coordinates_GFp -.Fa "const EC_GROUP *group" -.Fa "const EC_POINT *p" -.Fa "BIGNUM *x" -.Fa "BIGNUM *y" -.Fa "BIGNUM *z" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_set_compressed_coordinates -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *p" -.Fa "const BIGNUM *x" -.Fa "int y_bit" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_set_compressed_coordinates_GFp -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *p" -.Fa "const BIGNUM *x" -.Fa "int y_bit" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_set_compressed_coordinates_GF2m -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *p" -.Fa "const BIGNUM *x" -.Fa "int y_bit" -.Fa "BN_CTX *ctx" -.Fc -.Ft size_t -.Fo EC_POINT_point2oct -.Fa "const EC_GROUP *group" -.Fa "const EC_POINT *p" -.Fa "point_conversion_form_t form" -.Fa "unsigned char *buf" -.Fa "size_t len" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo EC_POINT_oct2point -.Fa "const EC_GROUP *group" -.Fa "EC_POINT *p" -.Fa "const unsigned char *buf" -.Fa "size_t len" -.Fa "BN_CTX *ctx" -.Fc -.Ft BIGNUM * -.Fo EC_POINT_point2bn -.Fa "const EC_GROUP *" -.Fa "const EC_POINT *" -.Fa "point_conversion_form_t form" -.Fa "BIGNUM *" -.Fa "BN_CTX *" -.Fc -.Ft EC_POINT * -.Fo EC_POINT_bn2point -.Fa "const EC_GROUP *" -.Fa "const BIGNUM *" -.Fa "EC_POINT *" -.Fa "BN_CTX *" -.Fc -.Ft char * -.Fo EC_POINT_point2hex -.Fa "const EC_GROUP *" -.Fa "const EC_POINT *" -.Fa "point_conversion_form_t form" -.Fa "BN_CTX *" -.Fc -.Ft EC_POINT * -.Fo EC_POINT_hex2point -.Fa "const EC_GROUP *" -.Fa "const char *" -.Fa "EC_POINT *" -.Fa "BN_CTX *" -.Fc -.Sh DESCRIPTION -An -.Vt EC_POINT -represents a point on a curve. -A curve is represented by an -.Vt EC_GROUP -object created by the functions described in -.Xr EC_GROUP_new 3 . -.Pp -A new point is constructed by calling the function -.Fn EC_POINT_new -and providing the -.Fa group -object that the point relates to. -.Pp -.Fn EC_POINT_free -frees the memory associated with the -.Vt EC_POINT . -If -.Fa point -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn EC_POINT_clear_free -destroys any sensitive data held within the -.Vt EC_POINT -and then frees its memory. -If -.Fa point -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn EC_POINT_copy -copies the point -.Fa src -into -.Fa dst . -Both -.Fa src -and -.Fa dst -must use the same -.Vt EC_METHOD . -.Pp -.Fn EC_POINT_dup -creates a new -.Vt EC_POINT -object and copies the content from -.Fa src -to the newly created -.Vt EC_POINT -object. -.Pp -.Fn EC_POINT_method_of -obtains the -.Vt EC_METHOD -associated with -.Fa point . -.Pp -A valid point on a curve is the special point at infinity. -A point is set to be at infinity by calling -.Fn EC_POINT_set_to_infinity . -.Pp -The affine coordinates for a point describe a point in terms of its -.Fa x -and -.Fa y -position. -The function -.Fn EC_POINT_set_affine_coordinates -sets the -.Fa x -and -.Fa y -coordinates for the point -.Fa p -defined over the curve given in -.Fa group . -The function -.Fn EC_POINT_get_affine_coordinates -sets -.Fa x -and -.Fa y , -either of which may be -.Dv NULL , -to the corresponding coordinates of -.Fa p . -.Pp -The functions -.Fn EC_POINT_set_affine_coordinates_GFp -and -.Fn EC_POINT_set_affine_coordinates_GF2m -are deprecated synonyms for -.Fn EC_POINT_set_affine_coordinates -and the functions -.Fn EC_POINT_get_affine_coordinates_GFp -and -.Fn EC_POINT_get_affine_coordinates_GF2m -are deprecated synonyms for -.Fn EC_POINT_get_affine_coordinates . -.Pp -As well as the affine coordinates, a point can alternatively be -described in terms of its Jacobian projective coordinates (for Fp -curves only). -Jacobian projective coordinates are expressed as three values -.Fa x , -.Fa y , -and -.Fa z . -Working in this coordinate system provides more efficient point -multiplication operations. -A mapping exists between Jacobian projective coordinates and affine -coordinates. -A Jacobian projective coordinate -.Pq Fa x , y , z -can be written as an affine coordinate as -.Pp -.Dl (x/(z^2), y/(z^3)) . -.Pp -Conversion to Jacobian projective from affine coordinates is simple. -The coordinate -.Pq Fa x , y -is mapped to -.Pq Fa x , y , No 1 . -To set or get the projective coordinates use -.Fn EC_POINT_set_Jprojective_coordinates_GFp -and -.Fn EC_POINT_get_Jprojective_coordinates_GFp , -respectively. -.Pp -Points can also be described in terms of their compressed coordinates. -For a point -.Pq Fa x , y , -for any given value for -.Fa x -such that the point is on the curve, there will only ever be two -possible values for -.Fa y . -Therefore, a point can be set using the -.Fn EC_POINT_set_compressed_coordinates -function where -.Fa x -is the x coordinate and -.Fa y_bit -is a value 0 or 1 to identify which of the two possible values for y -should be used. -.Pp -The functions -.Fn EC_POINT_set_compressed_coordinates_GFp -and -.Fn EC_POINT_set_compressed_coordinates_GF2m -are deprecated synonyms for -.Fn EC_POINT_set_compressed_coordinates . -.Pp -In addition -.Vt EC_POINT Ns s -can be converted to and from various external representations. -Supported representations are octet strings, -.Vt BIGNUM Ns s , -and hexadecimal. -The format of the external representation is described by the -point_conversion_form. -See -.Xr EC_GROUP_copy 3 -for a description of point_conversion_form. -Octet strings are stored in a buffer along with an associated buffer -length. -A point held in a -.Vt BIGNUM -is calculated by converting the point to an octet string and then -converting that octet string into a -.Vt BIGNUM -integer. -Points in hexadecimal format are stored in a NUL terminated character -string where each character is one of the printable values 0-9 or A-F -(or a-f). -.Pp -The functions -.Fn EC_POINT_point2oct , -.Fn EC_POINT_oct2point , -.Fn EC_POINT_point2bn , -.Fn EC_POINT_bn2point , -.Fn EC_POINT_point2hex , -and -.Fn EC_POINT_hex2point -convert from and to -.Vt EC_POINT Ns s -for the formats octet string, -.Vt BIGNUM , -and hexadecimal, respectively. -.Pp -The function -.Fn EC_POINT_point2oct -must be supplied with a -.Fa buf -long enough to store the octet string. -The return value provides the number of octets stored. -Calling the function with a -.Dv NULL -.Fa buf -will not perform the conversion but will still return the required -buffer length. -.Pp -The function -.Fn EC_POINT_point2hex -will allocate sufficient memory to store the hexadecimal string. -It is the caller's responsibility to free this memory with a subsequent -call to -.Xr free 3 . -.Sh RETURN VALUES -.Fn EC_POINT_new -and -.Fn EC_POINT_dup -return the newly allocated -.Vt EC_POINT -or -.Dv NULL -on error. -.Pp -The following functions return 1 on success or 0 on error: -.Fn EC_POINT_copy , -.Fn EC_POINT_set_to_infinity , -.Fn EC_POINT_set_Jprojective_coordinates_GFp , -.Fn EC_POINT_get_Jprojective_coordinates_GFp , -.Fn EC_POINT_set_affine_coordinates , -.Fn EC_POINT_set_affine_coordinates_GFp , -.Fn EC_POINT_set_affine_coordinates_GF2m , -.Fn EC_POINT_get_affine_coordinates , -.Fn EC_POINT_get_affine_coordinates_GFp , -.Fn EC_POINT_get_affine_coordinates_GF2m , -.Fn EC_POINT_set_compressed_coordinates , -.Fn EC_POINT_set_compressed_coordinates_GFp , -.Fn EC_POINT_set_compressed_coordinates_GF2m , -and -.Fn EC_POINT_oct2point . -.Pp -.Fn EC_POINT_method_of -returns the -.Vt EC_METHOD -associated with the supplied -.Vt EC_POINT . -.Pp -.Fn EC_POINT_point2oct -returns the length of the required buffer, or 0 on error. -.Pp -.Fn EC_POINT_point2bn -returns the pointer to the -.Vt BIGNUM -supplied or -.Dv NULL -on error. -.Pp -.Fn EC_POINT_bn2point -returns the pointer to the -.Vt EC_POINT -supplied or -.Dv NULL -on error. -.Pp -.Fn EC_POINT_point2hex -returns a pointer to the hex string or -.Dv NULL -on error. -.Pp -.Fn EC_POINT_hex2point -returns the pointer to the -.Vt EC_POINT -supplied or -.Dv NULL -on error. -.Sh SEE ALSO -.Xr d2i_ECPKParameters 3 , -.Xr EC_GFp_simple_method 3 , -.Xr EC_GROUP_copy 3 , -.Xr EC_GROUP_new 3 , -.Xr EC_KEY_new 3 , -.Xr EC_POINT_add 3 , -.Xr ECDH_compute_key 3 -.Sh HISTORY -.Fn EC_POINT_new , -.Fn EC_POINT_free , -.Fn EC_POINT_clear_free , -.Fn EC_POINT_copy , -.Fn EC_POINT_method_of , -.Fn EC_POINT_set_to_infinity , -.Fn EC_POINT_set_affine_coordinates_GFp , -.Fn EC_POINT_get_affine_coordinates_GFp , -.Fn EC_POINT_set_Jprojective_coordinates_GFp , -.Fn EC_POINT_get_Jprojective_coordinates_GFp , -.Fn EC_POINT_set_compressed_coordinates_GFp , -.Fn EC_POINT_point2oct , -and -.Fn EC_POINT_oct2point -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn EC_POINT_dup , -.Fn EC_POINT_set_affine_coordinates_GF2m , -.Fn EC_POINT_get_affine_coordinates_GF2m , -.Fn EC_POINT_set_compressed_coordinates_GF2m , -.Fn EC_POINT_point2bn , -.Fn EC_POINT_bn2point , -.Fn EC_POINT_point2hex , -and -.Fn EC_POINT_hex2point -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn EC_POINT_set_affine_coordinates , -.Fn EC_POINT_get_affine_coordinates , -and -.Fn EC_POINT_set_compressed_coordinates -first appeared in OpenSSL 1.1.1 and have been available since -.Ox 7.0 . diff --git a/src/lib/libcrypto/man/ENGINE_add.3 b/src/lib/libcrypto/man/ENGINE_add.3 deleted file mode 100644 index 4ae878b4f5..0000000000 --- a/src/lib/libcrypto/man/ENGINE_add.3 +++ /dev/null @@ -1,243 +0,0 @@ -.\" $OpenBSD: ENGINE_add.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_ADD 3 -.Os -.Sh NAME -.Nm ENGINE_add , -.Nm ENGINE_set_id , -.Nm ENGINE_get_id , -.Nm ENGINE_set_name , -.Nm ENGINE_get_name , -.Nm ENGINE_remove , -.Nm ENGINE_cleanup , -.Nm ENGINE_get_first , -.Nm ENGINE_get_last , -.Nm ENGINE_get_next , -.Nm ENGINE_get_prev , -.Nm ENGINE_by_id -.Nd maintain a global list of ENGINE objects -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_add -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_id -.Fa "ENGINE *e" -.Fa "const char *id" -.Fc -.Ft const char * -.Fo ENGINE_get_id -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_name -.Fa "ENGINE *e" -.Fa "const char *name" -.Fc -.Ft const char * -.Fo ENGINE_get_name -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_remove -.Fa "ENGINE *e" -.Fc -.Ft void -.Fn ENGINE_cleanup void -.Ft ENGINE * -.Fn ENGINE_get_first void -.Ft ENGINE * -.Fn ENGINE_get_last void -.Ft ENGINE * -.Fo ENGINE_get_next -.Fa "ENGINE *e" -.Fc -.Ft ENGINE * -.Fo ENGINE_get_prev -.Fa "ENGINE *e" -.Fc -.Ft ENGINE * -.Fo ENGINE_by_id -.Fa "const char *id" -.Fc -.Sh DESCRIPTION -The crypto library maintains a global list of -.Vt ENGINE -objects. -.Pp -.Fn ENGINE_add -appends -.Fa e -to the end of the list -and increments its structural reference count by 1. -A unique identifier and a name of -.Fa e -have to be set with -.Fn ENGINE_set_id -and -.Fn ENGINE_set_name -before calling this function. -.Fn ENGINE_add -fails if the list already contains an -.Vt ENGINE -with the same identifier. -.Pp -.Fn ENGINE_remove -removes -.Fa e -from the list. -If successful, it calls -.Xr ENGINE_free 3 -on -.Fa e . -.Pp -.Fn ENGINE_cleanup -calls -.Xr ENGINE_finish 3 -on all -.Vt ENGINE -objects that were selected as default engines, for example using the -functions documented in the -.Xr ENGINE_set_default 3 -and -.Xr ENGINE_get_default_RSA 3 -manual pages, and it calls -.Fn ENGINE_remove -on all -.Vt ENGINE -objects that were added to the global list with -.Fn ENGINE_add . -Calling this function is required at the end of each program using -.Fn ENGINE_add , -even if no engines are explicitly registered or used. -.Pp -.Fn ENGINE_get_first -and -.Fn ENGINE_get_last -provide access to the first and last -.Vt ENGINE -object on the list, respectively. -Unless the list is empty, they increment the structural reference -count of the retrieved object by 1. -.Pp -.Fn ENGINE_get_next -and -.Fn ENGINE_get_prev -support iteration of the list. -They always call -.Xr ENGINE_free 3 -on -.Fa e . -Unless the end of the list is reached, they increment the structural -reference count of the retrieved object by 1. -.Pp -.Fn ENGINE_by_id -searches the list for an -.Vt ENGINE -object with a matching -.Fa id . -If found, it increments the structural reference count of the -retrieved object by 1. -If -.Dv ENGINE_FLAGS_BY_ID_COPY -was set on -.Fa e -with -.Xr ENGINE_set_flags 3 , -it returns a shallow copy of the object rather than incrementing -the reference count and returning a pointer to the original. -.Sh RETURN VALUES -.Fn ENGINE_add , -.Fn ENGINE_set_id , -.Fn ENGINE_set_name , -and -.Fn ENGINE_remove -return 1 on success or 0 on error. -.Fn ENGINE_set_id -and -.Fn ENGINE_set_name -can only fail if the supplied -.Fa id -or -.Fa name -is -.Dv NULL . -.Pp -.Fn ENGINE_get_id -and -.Fn ENGINE_get_name -return a pointer to an internal string -representing the identifier and the name of -.Fa e , -respectively. -.Pp -.Fn ENGINE_get_first -and -.Fn ENGINE_get_last -return an -.Vt ENGINE -object or -.Dv NULL -if the list is empty. -.Pp -.Fn ENGINE_get_next -and -.Fn ENGINE_get_prev -return an -.Vt ENGINE -object or -.Dv NULL -when the end of the list is reached. -.Pp -.Fn ENGINE_by_id -returns an -.Vt ENGINE -object or -.Dv NULL -if no matching object is found. -.Sh SEE ALSO -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_all_RSA 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -.Fn ENGINE_add , -.Fn ENGINE_set_id , -.Fn ENGINE_get_id , -.Fn ENGINE_set_name , -.Fn ENGINE_get_name , -.Fn ENGINE_remove , -.Fn ENGINE_get_first , -.Fn ENGINE_get_last , -.Fn ENGINE_get_next , -.Fn ENGINE_get_prev , -and -.Fn ENGINE_by_id -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_cleanup -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/ENGINE_ctrl.3 b/src/lib/libcrypto/man/ENGINE_ctrl.3 deleted file mode 100644 index c02e9b5a94..0000000000 --- a/src/lib/libcrypto/man/ENGINE_ctrl.3 +++ /dev/null @@ -1,470 +0,0 @@ -.\" $OpenBSD: ENGINE_ctrl.3,v 1.4 2018/04/19 18:43:58 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 19 2018 $ -.Dt ENGINE_CTRL 3 -.Os -.Sh NAME -.Nm ENGINE_ctrl , -.Nm ENGINE_cmd_is_executable , -.Nm ENGINE_ctrl_cmd , -.Nm ENGINE_ctrl_cmd_string , -.Nm ENGINE_set_ctrl_function , -.Nm ENGINE_get_ctrl_function , -.Nm ENGINE_set_cmd_defns , -.Nm ENGINE_get_cmd_defns -.Nd control commands for ENGINE objects -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_ctrl -.Fa "ENGINE *e" -.Fa "int cmd" -.Fa "long i" -.Fa "void *p" -.Fa "void (*f)(void)" -.Fc -.Ft int -.Fo ENGINE_cmd_is_executable -.Fa "ENGINE *e" -.Fa "int cmd" -.Fc -.Ft int -.Fo ENGINE_ctrl_cmd -.Fa "ENGINE *e" -.Fa "const char *cmd_name" -.Fa "long i" -.Fa "void *p" -.Fa "void (*f)(void)" -.Fa "int cmd_optional" -.Fc -.Ft int -.Fo ENGINE_ctrl_cmd_string -.Fa "ENGINE *e" -.Fa "const char *cmd_name" -.Fa "const char *arg" -.Fa "int cmd_optional" -.Fc -.Ft typedef int -.Fo (*ENGINE_CTRL_FUNC_PTR) -.Fa "ENGINE *e" -.Fa "int cmd" -.Fa "long i" -.Fa "void *p" -.Fa "void (*f)(void)" -.Fc -.Ft int -.Fo ENGINE_set_ctrl_function -.Fa "ENGINE *e" -.Fa "ENGINE_CTRL_FUNC_PTR ctrl_f" -.Fc -.Ft ENGINE_CTRL_FUNC_PTR -.Fo ENGINE_get_ctrl_function -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_cmd_defns -.Fa "ENGINE *e" -.Fa "const ENGINE_CMD_DEFN *defns" -.Fc -.Ft const ENGINE_CMD_DEFN * -.Fo ENGINE_get_cmd_defns -.Fa "const ENGINE *e" -.Fc -.Sh DESCRIPTION -.Fn ENGINE_ctrl -calls the built-in or user-defined -.Fa cmd -for the engine -.Fa e , -passing the arguments -.Fa i -and -.Fa p . -.Pp -User-defined commands can be used before -.Xr ENGINE_init 3 -to provide data required for initialization -or at any time to modify the behaviour of an engine. -.Pp -Most built-in commands operate on user-defined commands installed with -.Fn ENGINE_set_cmd_defns , -either using the -.Fa p -argument to indicate the user-defined command with the command name -.Fa cmd_name -or using the -.Fa i -argument to indicate the user-defined command with the command number -.Fa cmd_num . -The -.Fa cmd -arguments to call the built-in commands are as follows: -.Bl -tag -width Ds -.It Dv ENGINE_CTRL_GET_CMD_FLAGS -Return the -.Fa cmd_flags -of the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs or -the command number does not exist. -A return value of 0 indicates failure if -.Fa e -is -.Dv NULL -or has a reference count of 0, or success if -.Fa e -is valid. -.It Dv ENGINE_CTRL_GET_CMD_FROM_NAME -Return the positive command number -of the user-defined command with the name -.Fa p , -or a number less than or equal to 0 if an error occurs or no -matching name is found. -.It Dv ENGINE_CTRL_GET_DESC_FROM_CMD -Copy the description of the user-defined command with the number -.Fa i -into the buffer -.Fa p -and NUL-terminate it. -It is the reponsability of the caller to make sure that the buffer -.Fa p -is large enough, either by calling -.Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD -first or using knowledge about the array passed to -.Fn ENGINE_set_cmd_defns . -The return value is the number of bytes written -.Em including -the terminating NUL byte, or a number less than or equal to 0 -if an error occurs. -.It Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD -Return the length in bytes -.Em excluding -the terminating NUL byte -of the description of the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs. -A return value of 0 indicates failure if -.Fa e -is -.Dv NULL -or has a reference count of 0, or success if -.Fa e -is valid. -.It Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE -Return the positive command number -of the first user-defined command installed with -.Fn ENGINE_set_cmd_defns -or a number less than or equal to 0 if an error occurs or no -user-defined command has been installed. -.It Dv ENGINE_CTRL_GET_NAME_FROM_CMD -Copy the name of the user-defined command with the number -.Fa i -into the buffer -.Fa p -and NUL-terminate it. -It is the reponsability of the caller to make sure that the buffer -.Fa p -is large enough, either by calling -.Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD -first or using knowledge about the array passed to -.Fn ENGINE_set_cmd_defns . -The return value is the number of bytes written -.Em including -the terminating NUL byte, or a number less than or equal to 0 -if an error occurs. -.It Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD -Return the length in bytes -.Em excluding -the terminating NULL byte -of the name of the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs. -A return value of 0 indicates failure if -.Fa e -is -.Dv NULL -or has a reference count of 0, or success if -.Fa e -is valid. -.It Dv ENGINE_CTRL_GET_NEXT_CMD_TYPE -Return the positive command number of the next user-defined command -after the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs or if -.Fa i -is the last user-defined command. -Together with -.Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE , -this can be used to iterate the user-defined commands installed with -.Fn ENGINE_set_cmd_defns . -.It Dv ENGINE_CTRL_HAS_CTRL_FUNCTION -Return 1 if -.Fa e -has its own -.Fa ctrl_f -installed with -.Fn ENGINE_set_ctrl_function -or 0 otherwise. -.El -.Pp -.Fn ENGINE_ctrl_cmd -translates the -.Fa cmd_name -of a user-defined command to a -.Fa cmd -number and calls -.Fn ENGINE_ctrl -on it. -If -.Fa cmd_optional -is non-zero, lack of a -.Fa ctrl_f -in -.Fa e -and translation failure with -.Dv ENGINE_CTRL_GET_CMD_FROM_NAME -are considered success, and the command has no effect. -Otherwise, these problems cause -.Fn ENGINE_ctrl_cmd -to fail. -.Pp -Neither -.Fn ENGINE_ctrl -nor -.Fn ENGINE_ctrl_cmd -ever call the -.Fa f -callback, but merely pass it on as an argument to the engine-specific -.Fa ctrl_f -control function. -It is up to -.Fa ctrl_f -how to use it, or alternatively to ignore it as well. -.Pp -.Fn ENGINE_ctrl_cmd_string -translates the -.Fa cmd_name -of a user-defined command to a -.Fa cmd -number. -If that command has the -.Dv ENGINE_CMD_FLAG_NO_INPUT -flag set, -.Fa arg -must be -.Dv NULL -and -.Fn ENGINE_ctrl -is called with -.Fa i -set to 0 and -.Fa p -set to -.Dv NULL . -Otherwise, -.Fa arg -must not be -.Dv NULL . -If the command accepts string input, -.Fa i -is set to 0 and -.Fa arg -is passed as the -.Fa p -argument to -.Fn ENGINE_ctrl . -Otherwise, -.Fa arg -is converted with -.Xr strtol 3 -and passed as the -.Fa i -argument to -.Fn ENGINE_ctrl , -setting -.Fa p -to -.Dv NULL . -.Pp -.Fn ENGINE_set_ctrl_function -installs -.Fa ctrl_f -as the engine-specific control function for -.Fa e . -Future calls to -.Fn ENGINE_ctrl -will call that function, passing on their arguments unchanged, if the -.Fa cmd -is not built-in to the library or if the -.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL -flag is set in -.Fa e . -Let the -.Fa ctrl_f -return positive values on success or negative values on failure. -Avoid return values of 0 because they cause dangerous ambiguity. -In particular, -.Fn ENGINE_ctrl_cmd -and -.Fn ENGINE_ctrl_cmd_string -cannot be used with user-defined commands -that may return 0 on success. -.Pp -.Fn ENGINE_set_cmd_defns -install an array of command definitions in -.Fa e . -.Pp -The structure -.Vt ENGINE_CMD_DEFN -has the following fields: -.Bl -tag -width Ds -.It Fa "unsigned int cmd_num" -A positive, unique, monotonically increasing command number. -Avoid using numbers below -.Dv ENGINE_CMD_BASE . -.It Fa "const char *cmd_name" -The unique name of the command. -.It Fa "const char *cmd_desc" -A short description of the command. -.It Fa "unsigned int cmd_flags" -The bitwise OR of zero or more of the following flags: -.Bl -tag -width Ds -.It Dv ENGINE_CMD_FLAG_NUMERIC -The command uses -.Fa i . -.It Dv ENGINE_CMD_FLAG_STRING -The command uses -.Fa p . -.It Dv ENGINE_CMD_FLAG_NO_INPUT -The command neither uses -.Fa i -nor -.Fa p . -.It Dv ENGINE_CMD_FLAG_INTERNAL -This flag has no effect and is only provided for compatibility. -.El -.El -.Pp -The last element of -.Fa defns -does not specify a command, but must have a -.Fa cmd_num -of 0 and a -.Fa cmd_name -of -.Dv NULL -to indicate the end of the array. -.Sh RETURN VALUES -For -.Fn ENGINE_ctrl , -positive return values indicate success and negative return values -indicate failure. -The meaning of a zero return value depends on the particular -.Fa cmd -and may indicate both success and failure, which is pathetic. -.Pp -Regardless of the -.Fa cmd , -.Fn ENGINE_ctrl -returns 0 if -.Fa e -is -.Dv NULL -or has a reference count of 0. -This is quite unfortunate for commands like -.Dv ENGINE_CTRL_GET_CMD_FLAGS -where 0 may indicate success, so make sure -.Fa e -is valid before issuing a control command. -.Pp -For built-in commands except -.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION , -.Fn ENGINE_ctrl -returns \-1 if -.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL -is set but no -.Fa ctrl_f -has been installed with -.Fn ENGINE_set_ctrl_function . -.Pp -For commands that are not built in, -.Fn ENGINE_ctrl -returns 0 if no -.Fa ctrl_f -has been installed with -.Fn ENGINE_set_ctrl_function . -.Pp -.Fn ENGINE_cmd_is_executable -returns 1 if the user-defined -.Fa cmd -is executable and has at least one of the flags -.Dv ENGINE_CMD_FLAG_NUMERIC , -.Dv ENGINE_CMD_FLAG_STRING , -and -.Dv ENGINE_CMD_FLAG_NO_INPUT -set, or 0 otherwise. -.Pp -.Fn ENGINE_ctrl_cmd -and -.Fn ENGINE_ctrl_cmd_string -return 1 on success or 0 on error. -.Pp -.Fn ENGINE_set_ctrl_function -and -.Fn ENGINE_set_cmd_defns -always return 1. -.Pp -.Fn ENGINE_get_ctrl_function -returns a pointer to the function -.Fa ctrl_f -installed with -.Fn ENGINE_set_ctrl_function , -or -.Dv NULL -if none has been installed. -.Pp -.Fn ENGINE_get_cmd_defns -returns the array of command definitions installed in -.Fa e -or -.Dv NULL -if none is installed. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_set_RSA 3 -.Sh HISTORY -.Fn ENGINE_ctrl , -.Fn ENGINE_set_ctrl_function , -and -.Fn ENGINE_get_ctrl_function -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_cmd_is_executable , -.Fn ENGINE_ctrl_cmd , -.Fn ENGINE_ctrl_cmd_string , -.Fn ENGINE_set_cmd_defns , -and -.Fn ENGINE_get_cmd_defns -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/ENGINE_get_default_RSA.3 b/src/lib/libcrypto/man/ENGINE_get_default_RSA.3 deleted file mode 100644 index b04d42c18f..0000000000 --- a/src/lib/libcrypto/man/ENGINE_get_default_RSA.3 +++ /dev/null @@ -1,160 +0,0 @@ -.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_GET_DEFAULT_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_get_default_RSA , -.Nm ENGINE_get_default_DSA , -.Nm ENGINE_get_default_ECDH , -.Nm ENGINE_get_default_ECDSA , -.Nm ENGINE_get_default_DH , -.Nm ENGINE_get_default_RAND , -.Nm ENGINE_get_cipher_engine , -.Nm ENGINE_get_digest_engine , -.Nm ENGINE_set_table_flags , -.Nm ENGINE_get_table_flags -.Nd retrieve the default ENGINE for an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft ENGINE * -.Fn ENGINE_get_default_RSA void -.Ft ENGINE * -.Fn ENGINE_get_default_DSA void -.Ft ENGINE * -.Fn ENGINE_get_default_ECDH void -.Ft ENGINE * -.Fn ENGINE_get_default_ECDSA void -.Ft ENGINE * -.Fn ENGINE_get_default_DH void -.Ft ENGINE * -.Fn ENGINE_get_default_RAND void -.Ft ENGINE * -.Fo ENGINE_get_cipher_engine -.Fa "int nid" -.Fc -.Ft ENGINE * -.Fo ENGINE_get_digest_engine -.Fa "int nid" -.Fc -.Ft void -.Fo ENGINE_set_table_flags -.Fa "unsigned int flags" -.Fc -.Ft unsigned int -.Fn ENGINE_get_table_flags void -.Sh DESCRIPTION -These functions retrieve the current default -.Vt ENGINE -implementing the respective algorithm. -.Pp -If a default engine was previously selected, -.Xr ENGINE_init 3 -is called on it again and it is used. -Otherwise, these functions inspect the engines registered -with the functions documented in -.Xr ENGINE_register_RSA 3 -in the order of the table for the respective algorithm. -If an inspected engine is already successfully initialized, -.Xr ENGINE_init 3 -is called on it again and it is used as the new default. -Otherwise, unless the global flag -.Dv ENGINE_TABLE_FLAG_NOINIT -is set, -.Xr ENGINE_init 3 -is tried on it. -If it succeeds, that engine is used as the new default. -If it fails or if -.Dv ENGINE_TABLE_FLAG_NOINIT -is set, inspection continues with the next engine. -.Pp -The global flag can be set by calling -.Fn ENGINE_set_table_flags -with an argument of -.Dv ENGINE_TABLE_FLAG_NOINIT -or cleared by calling it with an argument of 0. -By default, the flag is not set. -.Pp -While all the other functions operate on exactly one algorithm, -.Fn ENGINE_get_cipher_engine -and -.Fn ENGINE_get_digest_engine -are special in so far as they can handle multiple algorithms, -identified by the given -.Fa nid . -The default engine is remembered separately for each algorithm. -.Pp -Application programs rarely need to call these functions because -they are called automatically when needed, in particular from -.Xr RSA_new 3 , -.Xr DSA_new 3 , -.Fn ECDH_set_method , -.Fn ECDH_compute_key , -.Xr ECDSA_set_method 3 , -.Xr ECDSA_do_sign_ex 3 , -.Xr ECDSA_do_verify 3 , -.Xr DH_new 3 , -.Xr EVP_CipherInit_ex 3 , -and -.Xr EVP_DigestInit_ex 3 . -.Sh RETURN VALUES -These functions return a functional reference to an -.Vt ENGINE -object or -.Dv NULL -on failure, in particular when no engine implementing the algorithm -is available, when -.Xr ENGINE_init 3 -fails for all implementations, -or when insufficient memory is available. -Even when these functions fail, the application may still be able -to use the algorithm in question because the built-in implementation -is used in that case, if one is available. -.Pp -.Fn ENGINE_get_table_flags -returns -.Dv ENGINE_TABLE_FLAG_NOINIT -if the global flag is set or 0 otherwise. -.Sh SEE ALSO -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 -.Sh HISTORY -.Fn ENGINE_get_default_RSA , -.Fn ENGINE_get_default_DSA , -.Fn ENGINE_get_default_DH , -and -.Fn ENGINE_get_default_RAND -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_get_cipher_engine , -.Fn ENGINE_get_digest_engine , -.Fn ENGINE_set_table_flags , -and -.Fn ENGINE_get_table_flags -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_get_default_ECDH -and -.Fn ENGINE_get_default_ECDSA -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ENGINE_init.3 b/src/lib/libcrypto/man/ENGINE_init.3 deleted file mode 100644 index d41d98a2f1..0000000000 --- a/src/lib/libcrypto/man/ENGINE_init.3 +++ /dev/null @@ -1,134 +0,0 @@ -.\" $OpenBSD: ENGINE_init.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_INIT 3 -.Os -.Sh NAME -.Nm ENGINE_init , -.Nm ENGINE_finish , -.Nm ENGINE_set_init_function , -.Nm ENGINE_set_finish_function , -.Nm ENGINE_get_init_function , -.Nm ENGINE_get_finish_function -.Nd initialize ENGINE objects -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_init -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_finish -.Fa "ENGINE *e" -.Fc -.Ft typedef int -.Fo (*ENGINE_GEN_INT_FUNC_PTR) -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_init_function -.Fa "ENGINE *e" -.Fa "ENGINE_GEN_INT_FUNC_PTR init_f" -.Fc -.Ft int -.Fo ENGINE_set_finish_function -.Fa "ENGINE *e" -.Fa "ENGINE_GEN_INT_FUNC_PTR finish_f" -.Fc -.Ft ENGINE_GEN_INT_FUNC_PTR -.Fo ENGINE_get_init_function -.Fa "const ENGINE *e" -.Fc -.Ft ENGINE_GEN_INT_FUNC_PTR -.Fo ENGINE_get_finish_function -.Fa "const ENGINE *e" -.Fc -.Sh DESCRIPTION -.Fn ENGINE_init -initializes -.Fa e -by calling the -.Fa init_f -previously installed with -.Fn ENGINE_set_init_function , -if any. -In case of success, it also increments both the structural -and the functional reference count by 1. -If no -.Fa init_f -was installed, -.Fn ENGINE_init -always succeeds. -Calling -.Fn ENGINE_init -again after it already succeeded always succeeds, but has no effect -except that it increments both the structural and the functional -reference count by 1. -.Pp -.Fn ENGINE_finish -decrements the functional reference count by 1. -When it reaches 0, it calls the -.Fa finish_f -previously installed with -.Fn ENGINE_set_finish_function , -if any. -If no -.Fa finish_f -was installed, -.Fn ENGINE_finish -always succeeds. -Unless -.Fa finish_f -fails, -.Fn ENGINE_finish -also calls -.Xr ENGINE_free 3 . -.Pp -.Fn ENGINE_init -is internally called by the functions documented in the -.Xr ENGINE_get_default_RSA 3 -manual page. -.Sh RETURN VALUES -.Fn ENGINE_init -and -.Fn ENGINE_finish -return 1 on success or 0 on error. -.Pp -.Fn ENGINE_set_init_function -and -.Fn ENGINE_set_finish_function -always return 1. -.Pp -.Fn ENGINE_get_init_function -and -.Fn ENGINE_get_finish_function -return a function pointer to the respective callback, or -.Dv NULL -if none is installed. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 2.9 . diff --git a/src/lib/libcrypto/man/ENGINE_new.3 b/src/lib/libcrypto/man/ENGINE_new.3 deleted file mode 100644 index eaab08d1f9..0000000000 --- a/src/lib/libcrypto/man/ENGINE_new.3 +++ /dev/null @@ -1,190 +0,0 @@ -.\" $OpenBSD: ENGINE_new.3,v 1.5 2021/03/12 05:18:00 jsg Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 12 2021 $ -.Dt ENGINE_NEW 3 -.Os -.Sh NAME -.Nm ENGINE_new , -.Nm ENGINE_up_ref , -.Nm ENGINE_free , -.Nm ENGINE_set_destroy_function , -.Nm ENGINE_get_destroy_function -.Nd create and destroy ENGINE objects -.Sh SYNOPSIS -.In openssl/engine.h -.Ft ENGINE * -.Fn ENGINE_new void -.Ft int -.Fo ENGINE_up_ref -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_free -.Fa "ENGINE *e" -.Fc -.Ft typedef int -.Fo (*ENGINE_GEN_INT_FUNC_PTR) -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_destroy_function -.Fa "ENGINE *e" -.Fa "ENGINE_GEN_INT_FUNC_PTR destroy_f" -.Fc -.Ft ENGINE_GEN_INT_FUNC_PTR -.Fo ENGINE_get_destroy_function -.Fa "const ENGINE *e" -.Fc -.Sh DESCRIPTION -.Vt ENGINE -objects can be used to provide alternative implementations of -cryptographic algorithms, to support additional algorithms, to -support cryptographic hardware, and to switch among alternative -implementations of algorithms at run time. -LibreSSL generally avoids engines and prefers providing -cryptographic functionality in the crypto library itself. -.Pp -.Fn ENGINE_new -allocates and initializes an empty -.Vt ENGINE -object and sets its structural reference count to 1 -and its functional reference count to 0. -For more information about the functional reference count, see the -.Xr ENGINE_init 3 -manual page. -.Pp -Many functions increment the structural reference count by 1 -when successful. -Some of them, including -.Xr ENGINE_get_first 3 , -.Xr ENGINE_get_last 3 , -.Xr ENGINE_get_next 3 , -.Xr ENGINE_get_prev 3 , -and -.Xr ENGINE_by_id 3 , -do so because they return a structural reference to the user. -Other functions, including -.Xr ENGINE_add 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_get_cipher_engine 3 , -.Xr ENGINE_get_digest_engine 3 , -and the -.Xr ENGINE_get_default_RSA 3 -and -.Xr ENGINE_set_default 3 -families of functions -do so when they store a structural reference internally. -.Pp -.Fn ENGINE_up_ref -explicitly increment the structural reference count by 1. -.Pp -.Fn ENGINE_free -decrements the structural reference count by 1, -and if it reaches 0, the optional -.Fa destroy_f -previously installed with -.Fn ENGINE_set_destroy_function -is called, if one is installed, and both the memory used internally by -.Fa e -and -.Fa e -itself are freed. -If -.Fa e -is a -.Dv NULL -pointer, no action occurs. -.Pp -Many functions internally call the equivalent of -.Fn ENGINE_free . -Some of them, including -.Xr ENGINE_get_next 3 -and -.Xr ENGINE_get_prev 3 , -thus invalidate the structural reference passed in by the user. -Other functions, including -.Xr ENGINE_finish 3 , -.Xr ENGINE_remove 3 , -and the -.Xr ENGINE_set_default 3 -family of functions -do so when an internally stored structural reference is no longer needed. -.Pp -.Fn ENGINE_set_destroy_function -installs a callback function that will be called by -.Fn ENGINE_free , -but only when -.Fa e -actually gets destroyed, -not when only its reference count gets decremented. -The value returned from the -.Fa destroy_f -will be ignored. -.Sh RETURN VALUES -.Fn ENGINE_new -returns a structural reference to the new -.Vt ENGINE -object or -.Dv NULL -if an error occurs. -.Pp -.Fn ENGINE_up_ref -returns 0 if -.Fa e -is -.Dv NULL -and 1 otherwise. -.Pp -.Fn ENGINE_free -and -.Fn ENGINE_set_destroy_function -always return 1. -.Pp -.Fn ENGINE_get_destroy_function -returns a function pointer to the callback, or -.Dv NULL -if none is installed. -.Sh SEE ALSO -.Xr crypto 3 , -.Xr ENGINE_add 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_register_all_RSA 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -.Fn ENGINE_new -and -.Fn ENGINE_free -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_set_destroy_function -and -.Fn ENGINE_get_destroy_function -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_up_ref -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.4 . diff --git a/src/lib/libcrypto/man/ENGINE_register_RSA.3 b/src/lib/libcrypto/man/ENGINE_register_RSA.3 deleted file mode 100644 index 5c63729cfc..0000000000 --- a/src/lib/libcrypto/man/ENGINE_register_RSA.3 +++ /dev/null @@ -1,142 +0,0 @@ -.\" $OpenBSD: ENGINE_register_RSA.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_REGISTER_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_register_RSA , -.Nm ENGINE_register_DSA , -.Nm ENGINE_register_ECDH , -.Nm ENGINE_register_ECDSA , -.Nm ENGINE_register_DH , -.Nm ENGINE_register_RAND , -.Nm ENGINE_register_STORE , -.Nm ENGINE_register_ciphers , -.Nm ENGINE_register_digests , -.Nm ENGINE_register_complete -.Nd register an ENGINE as implementing an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_register_RSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_DSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_ECDH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_ECDSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_DH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_RAND -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_STORE -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_ciphers -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_digests -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_complete -.Fa "ENGINE *e" -.Fc -.Sh DESCRIPTION -In addition to the global table described in -.Xr ENGINE_add 3 , -the crypto library maintains several tables containing references to -.Vt ENGINE -objects implementing one specific cryptographic algorithm. -.Pp -The functions listed in the present manual page append -.Fa e -to the end of the table for the respective algorithm. -.Pp -If -.Fa e -does not contain a method for the requested algorithm, -these functions succeed without having any effect. -.Pp -If -.Fa e -is already registered for the given algorithm, -they move it to the end of the respective table. -.Pp -.Fn ENGINE_register_ciphers -and -.Fn ENGINE_register_digests -are special in so far as an engine may implement -more than one cipher or more than one digest. -In that case, -.Fa e -is registered for all the ciphers or digests it implements. -.Pp -.Fn ENGINE_register_complete -registers -.Fa e -for all algorithms it implements by calling all the other functions. -.Sh RETURN VALUES -These functions return 1 on success or 0 on error. -They only fail if insufficient memory is available. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_all_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -.Fn ENGINE_register_RSA , -.Fn ENGINE_register_DSA , -.Fn ENGINE_register_DH , -.Fn ENGINE_register_RAND , -.Fn ENGINE_register_ciphers , -.Fn ENGINE_register_digests , -and -.Fn ENGINE_register_complete -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_register_ECDH , -.Fn ENGINE_register_ECDSA , -and -.Fn ENGINE_register_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Sh BUGS -.Fn ENGINE_register_complete -ignores all errors, even memory allocation failure, and always returns 1. diff --git a/src/lib/libcrypto/man/ENGINE_register_all_RSA.3 b/src/lib/libcrypto/man/ENGINE_register_all_RSA.3 deleted file mode 100644 index 3016eec3d4..0000000000 --- a/src/lib/libcrypto/man/ENGINE_register_all_RSA.3 +++ /dev/null @@ -1,123 +0,0 @@ -.\" $OpenBSD: ENGINE_register_all_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_REGISTER_ALL_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_register_all_RSA , -.Nm ENGINE_register_all_DSA , -.Nm ENGINE_register_all_ECDH , -.Nm ENGINE_register_all_ECDSA , -.Nm ENGINE_register_all_DH , -.Nm ENGINE_register_all_RAND , -.Nm ENGINE_register_all_STORE , -.Nm ENGINE_register_all_ciphers , -.Nm ENGINE_register_all_digests , -.Nm ENGINE_register_all_complete , -.Nm ENGINE_load_builtin_engines , -.Nm ENGINE_load_dynamic -.Nd register all engines as implementing an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft void -.Fn ENGINE_register_all_RSA void -.Ft void -.Fn ENGINE_register_all_DSA void -.Ft void -.Fn ENGINE_register_all_ECDH void -.Ft void -.Fn ENGINE_register_all_ECDSA void -.Ft void -.Fn ENGINE_register_all_DH void -.Ft void -.Fn ENGINE_register_all_RAND void -.Ft void -.Fn ENGINE_register_all_STORE void -.Ft void -.Fn ENGINE_register_all_ciphers void -.Ft void -.Fn ENGINE_register_all_digests void -.Ft int -.Fn ENGINE_register_all_complete void -.Ft void -.Fn ENGINE_load_builtin_engines void -.Ft void -.Fn ENGINE_load_dynamic void -.Sh DESCRIPTION -These functions loop over all the -.Vt ENGINE -objects contained in the global table described in the -.Xr ENGINE_add 3 -manual page. -They register each object for the respective algorithm -by calling the corresponding function described in -.Xr ENGINE_register_RSA 3 . -.Pp -.Fn ENGINE_register_all_complete -calls -.Fn ENGINE_register_complete -in this way, except that it skips those -.Vt ENGINE -objects that have the -.Dv ENGINE_FLAGS_NO_REGISTER_ALL -flag set with -.Xr ENGINE_set_flags 3 . -.Pp -.Fn ENGINE_load_builtin_engines -calls -.Xr OPENSSL_init_crypto 3 -with no options, loads any built-in engines -that are enabled by default, and calls -.Fn ENGINE_register_all_complete . -Currently, LibreSSL does not provide any engines. -.Sy GOST -and -.Sy aesni -support is provided by the crypto library itself -and does not require any engines, not even built-in ones. -.Pp -.Fn ENGINE_load_dynamic -has no effect and is only provided for compatibility. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_flags 3 , -.Xr OPENSSL_config 3 , -.Xr OPENSSL_init_crypto 3 -.Sh HISTORY -.Fn ENGINE_register_all_RSA , -.Fn ENGINE_register_all_DSA , -.Fn ENGINE_register_all_DH , -.Fn ENGINE_register_all_RAND , -.Fn ENGINE_register_all_ciphers , -.Fn ENGINE_register_all_digests , -.Fn ENGINE_register_all_complete , -.Fn ENGINE_load_builtin_engines , -and -.Fn ENGINE_load_dynamic -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_register_all_ECDH , -.Fn ENGINE_register_all_ECDSA , -and -.Fn ENGINE_register_all_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ENGINE_set_RSA.3 b/src/lib/libcrypto/man/ENGINE_set_RSA.3 deleted file mode 100644 index 0859b8f3c4..0000000000 --- a/src/lib/libcrypto/man/ENGINE_set_RSA.3 +++ /dev/null @@ -1,329 +0,0 @@ -.\" $OpenBSD: ENGINE_set_RSA.3,v 1.5 2019/06/06 17:41:43 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt ENGINE_SET_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_set_RSA , -.Nm ENGINE_get_RSA , -.Nm ENGINE_set_DSA , -.Nm ENGINE_get_DSA , -.Nm ENGINE_set_ECDH , -.Nm ENGINE_get_ECDH , -.Nm ENGINE_set_ECDSA , -.Nm ENGINE_get_ECDSA , -.Nm ENGINE_set_DH , -.Nm ENGINE_get_DH , -.Nm ENGINE_set_RAND , -.Nm ENGINE_get_RAND , -.Nm ENGINE_set_STORE , -.Nm ENGINE_get_STORE , -.Nm ENGINE_set_ciphers , -.Nm ENGINE_get_ciphers , -.Nm ENGINE_get_cipher , -.Nm ENGINE_set_digests , -.Nm ENGINE_get_digests , -.Nm ENGINE_get_digest -.Nd install and retrieve function tables of crypto engines -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_set_RSA -.Fa "ENGINE *e" -.Fa "const RSA_METHOD *rsa_meth" -.Fc -.Ft const RSA_METHOD * -.Fo ENGINE_get_RSA -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_DSA -.Fa "ENGINE *e" -.Fa "const DSA_METHOD *dsa_meth" -.Fc -.Ft const DSA_METHOD * -.Fo ENGINE_get_DSA -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_ECDH -.Fa "ENGINE *e" -.Fa "const ECDH_METHOD *dh_meth" -.Fc -.Ft const ECDH_METHOD * -.Fo ENGINE_get_ECDH -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_ECDSA -.Fa "ENGINE *e" -.Fa "const ECDSA_METHOD *dh_meth" -.Fc -.Ft const ECDSA_METHOD * -.Fo ENGINE_get_ECDSA -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_DH -.Fa "ENGINE *e" -.Fa "const DH_METHOD *dh_meth" -.Fc -.Ft const DH_METHOD * -.Fo ENGINE_get_DH -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_RAND -.Fa "ENGINE *e" -.Fa "const RAND_METHOD *rand_meth" -.Fc -.Ft const RAND_METHOD * -.Fo ENGINE_get_RAND -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_STORE -.Fa "ENGINE *e" -.Fa "const STORE_METHOD *rand_meth" -.Fc -.Ft const STORE_METHOD * -.Fo ENGINE_get_STORE -.Fa "const ENGINE *e" -.Fc -.Ft typedef int -.Fo (*ENGINE_CIPHERS_PTR) -.Fa "ENGINE *e" -.Fa "const EVP_CIPHER **impl" -.Fa "const int **nids" -.Fa "int nid" -.Fc -.Ft int -.Fo ENGINE_set_ciphers -.Fa "ENGINE *e" -.Fa "ENGINE_CIPHERS_PTR f" -.Fc -.Ft ENGINE_CIPHERS_PTR -.Fo ENGINE_get_ciphers -.Fa "const ENGINE *e" -.Fc -.Ft const EVP_CIPHER * -.Fo ENGINE_get_cipher -.Fa "ENGINE *e" -.Fa "int nid" -.Fc -.Ft typedef int -.Fo (*ENGINE_DIGESTS_PTR) -.Fa "ENGINE *e" -.Fa "const EVP_MD **impl" -.Fa "const int **nids" -.Fa "int nid" -.Fc -.Ft int -.Fo ENGINE_set_digests -.Fa "ENGINE *e" -.Fa "ENGINE_DIGESTS_PTR f" -.Fc -.Ft ENGINE_DIGESTS_PTR -.Fo ENGINE_get_digests -.Fa "const ENGINE *e" -.Fc -.Ft const EVP_MD * -.Fo ENGINE_get_digest -.Fa "ENGINE *e" -.Fa "int nid" -.Fc -.Sh DESCRIPTION -The -.Fn ENGINE_set_* -functions install a table of function pointers -implementing the respective algorithm in -.Fa e . -Partial information about the various method objects is available from -.Xr RSA_meth_new 3 , -.Xr RSA_get_default_method 3 , -.Xr DSA_meth_new 3 , -.Xr DSA_get_default_method 3 , -.Fn ECDH_get_default_method , -.Xr ECDSA_get_default_method 3 , -.Xr DH_get_default_method 3 , -.Xr RAND_get_rand_method 3 , -.Xr EVP_get_cipherbynid 3 , -and -.Xr EVP_get_digestbynid 3 . -.Vt STORE_METHOD -is an incomplete type, and the pointers to it are not used for anything. -For complete descriptions of these types, -refer to the respective header files. -.Pp -The functions described in the -.Xr ENGINE_register_RSA 3 -and -.Xr ENGINE_set_default 3 -manual pages only have an effect after function pointers -were installed using the functions described here. -.Pp -.Fn ENGINE_set_ciphers -and -.Fn ENGINE_set_digests -are special in so far as the -.Vt ENGINE -structure does not provide fields to store function pointers -implementing ciphers or digests. -Instead, these two functions only install a callback to -retrieve implementations. -Where the pointers to the implementations are stored internally, -how they get initialized, and how the -.Vt ENGINE_CIPHERS_PTR -and -.Vt ENGINE_DIGESTS_PTR -callbacks retrieve them -is up to the implementation of each individual engine. -.Pp -If the -.Vt ENGINE_CIPHERS_PTR -and -.Vt ENGINE_DIGESTS_PTR -callbacks are called with a non-zero -.Fa nid , -they retrieve the implementation of that cipher or digest, -respectively. -In this case, a -.Dv NULL -pointer can be passed as the -.Fa nids -argument. -.Fn ENGINE_get_cipher -and -.Fn ENGINE_get_digest -call the callbacks installed in -.Fa e -in this way. -.Pp -If 0 is passed as the -.Fa nid -argument, an internal pointer -to the array of implementations available in -.Fa e -is returned in -.Pf * Fa impl , -and an internal pointer -to the array of corresponding identifiers in -.Pf * Fa nids . -The return value of the callback indicates -the number of implementations returned. -.Pp -The -.Fn ENGINE_get_* -functions retrieve the previously installed function tables. -They are used when constructing basic cryptographic objects -as shown in the following table: -.Bl -column "ENGINE_get_digestMM" -.It Accessor: Ta Called by: -.It Fn ENGINE_get_RSA Ta Xr RSA_new_method 3 , Xr RSA_new 3 -.It Fn ENGINE_get_DSA Ta Xr DSA_new_method 3 , Xr DSA_new 3 -.It Fn ENGINE_get_ECDH Ta Fn ECDH_set_method , Fn ECDH_compute_key -.It Fn ENGINE_get_ECDSA Ta Xr ECDSA_set_method 3 , Xr ECDSA_sign_setup 3 , -.Xr ECDSA_do_sign_ex 3 , Xr ECDSA_do_verify 3 -.It Fn ENGINE_get_DH Ta Xr DH_new_method 3 , Xr DH_new 3 -.It Fn ENGINE_get_RAND Ta unused -.It Fn ENGINE_get_STORE Ta unused -.It Fn ENGINE_get_cipher Ta Xr EVP_CipherInit_ex 3 -.It Fn ENGINE_get_digest Ta Xr EVP_DigestInit_ex 3 -.El -.Sh RETURN VALUES -The -.Fn ENGINE_set_* -functions return 1 on success or 0 on error. -Currently, they cannot fail. -.Pp -The -.Fn ENGINE_get_* -functions return a method object for the respective algorithm, or -.Dv NULL -if none is installed. -.Pp -.Fn ENGINE_get_ciphers -and -.Fn ENGINE_get_digests -return a function pointer to the respective callback, or -.Dv NULL -if none is installed. -.Pp -.Fn ENGINE_get_cipher -returns an -.Vt EVP_CIPHER -object implementing the cipher -.Fa nid -or -.Dv NULL -if -.Fa e -does not implement that cipher. -.Pp -.Fn ENGINE_get_digest -returns an -.Vt EVP_MD -object implementing the digest -.Fa nid -or -.Dv NULL -if -.Fa e -does not implement that digest. -.Sh SEE ALSO -.Xr DSA_new 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_EncryptInit 3 , -.Xr RSA_new 3 -.Sh HISTORY -.Fn ENGINE_set_RSA , -.Fn ENGINE_get_RSA , -.Fn ENGINE_set_DSA , -.Fn ENGINE_get_DSA , -.Fn ENGINE_set_DH , -.Fn ENGINE_get_DH , -.Fn ENGINE_set_RAND , -.Fn ENGINE_get_RAND , -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_set_ciphers , -.Fn ENGINE_get_ciphers , -.Fn ENGINE_get_cipher , -.Fn ENGINE_set_digests , -.Fn ENGINE_get_digests , -and -.Fn ENGINE_get_digest -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_set_ECDH , -.Fn ENGINE_get_ECDH , -.Fn ENGINE_set_ECDSA , -.Fn ENGINE_get_ECDSA , -.Fn ENGINE_set_STORE , -and -.Fn ENGINE_get_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ENGINE_set_default.3 b/src/lib/libcrypto/man/ENGINE_set_default.3 deleted file mode 100644 index c2655f2b9b..0000000000 --- a/src/lib/libcrypto/man/ENGINE_set_default.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" $OpenBSD: ENGINE_set_default.3,v 1.4 2019/06/03 14:43:15 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 3 2019 $ -.Dt ENGINE 3 -.Os -.Sh NAME -.Nm ENGINE_set_default , -.Nm ENGINE_set_default_string , -.Nm ENGINE_set_default_RSA , -.Nm ENGINE_set_default_DSA , -.Nm ENGINE_set_default_ECDH , -.Nm ENGINE_set_default_ECDSA , -.Nm ENGINE_set_default_DH , -.Nm ENGINE_set_default_RAND , -.Nm ENGINE_set_default_ciphers , -.Nm ENGINE_set_default_digests -.Nd register an ENGINE as the default for an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_set_default_RSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_DSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_ECDH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_ECDSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_DH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_RAND -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_ciphers -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_digests -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default -.Fa "ENGINE *e" -.Fa "unsigned int flags" -.Fc -.Ft int -.Fo ENGINE_set_default_string -.Fa "ENGINE *e" -.Fa "const char *list" -.Fc -.Sh DESCRIPTION -These functions register -.Fa e -as implementing the respective algorithm -like the functions described in the -.Xr ENGINE_register_RSA 3 -manual page do it. -In addition, they call -.Xr ENGINE_init 3 -on -.Fa e -and select -.Fa e -as the default implementation of the respective algorithm to be -returned by the functions described in -.Xr ENGINE_get_default_RSA 3 -in the future. -If another engine was previously selected -as the default implementation of the respective algorithm, -.Xr ENGINE_finish 3 -is called on that previous engine. -.Pp -If -.Fa e -implements more than one cipher or digest, -.Fn ENGINE_set_default_ciphers -and -.Fn ENGINE_set_default_digests -register and select it for all these ciphers and digests, respectively. -.Pp -.Fn ENGINE_set_default -registers -.Fa e -as the default implementation of all algorithms specified by the -.Fa flags -by calling the appropriate ones among the other functions. -Algorithms can be selected by combining any number of the -following constants with bitwise OR: -.Dv ENGINE_METHOD_ALL , -.Dv ENGINE_METHOD_RSA , -.Dv ENGINE_METHOD_DSA , -.Dv ENGINE_METHOD_ECDH , -.Dv ENGINE_METHOD_ECDSA , -.Dv ENGINE_METHOD_DH , -.Dv ENGINE_METHOD_RAND , -.Dv ENGINE_METHOD_CIPHERS , -.Dv ENGINE_METHOD_DIGESTS , -.Dv ENGINE_METHOD_PKEY_METHS , -and -.Dv ENGINE_METHOD_PKEY_ASN1_METHS . -.Pp -.Fn ENGINE_set_default_string -is similar except that it selects the algorithms according to the string -.Fa def_list , -which contains an arbitrary number of comma-separated keywords from -the following list: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS, -DIGESTS, PKEY_CRYPTO, PKEY_ASN1, and PKEY. -PKEY_CRYPTO corresponds to -.Dv ENGINE_METHOD_PKEY_METHS , -PKEY_ASN1 to -.Dv ENGINE_METHOD_PKEY_ASN1_METHS , -and PKEY selects both. -.Sh RETURN VALUES -These functions return 1 on success or 0 on error. -They fail if -.Xr ENGINE_init 3 -fails or if insufficient memory is available. -.Sh SEE ALSO -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -.Fn ENGINE_set_default , -.Fn ENGINE_set_default_RSA , -.Fn ENGINE_set_default_DSA , -.Fn ENGINE_set_default_DH , -and -.Fn ENGINE_set_default_RAND -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_set_default_string , -.Fn ENGINE_set_default_ciphers , -and -.Fn ENGINE_set_default_digests -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_set_default_ECDH -and -.Fn ENGINE_set_default_ECDSA -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Sh CAVEATS -Failure of -.Xr ENGINE_finish 3 -is ignored. -.Sh BUGS -Even when -.Fn ENGINE_set_default -or -.Fn ENGINE_set_default_string -fail, they typically still register -.Fa e -for some algorithms, but usually not for all it could be registered -for by calling the individual functions. diff --git a/src/lib/libcrypto/man/ENGINE_set_flags.3 b/src/lib/libcrypto/man/ENGINE_set_flags.3 deleted file mode 100644 index 33e8f333ce..0000000000 --- a/src/lib/libcrypto/man/ENGINE_set_flags.3 +++ /dev/null @@ -1,92 +0,0 @@ -.\" $OpenBSD: ENGINE_set_flags.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_SET_FLAGS 3 -.Os -.Sh NAME -.Nm ENGINE_set_flags , -.Nm ENGINE_get_flags -.Nd modify the behaviour of an ENGINE object -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_set_flags -.Fa "ENGINE *e" -.Fa "int flags" -.Fc -.Ft int -.Fo ENGINE_get_flags -.Fa "const ENGINE *e" -.Fc -.Sh DESCRIPTION -.Fn ENGINE_set_flags -sets the flags attribute of -.Fa e -to the new -.Fa flags . -The previous state of the flags attribute is overwritten. -Flags that were previously set are cleared -unless they are also present in the new -.Fa flags . -.Pp -The -.Fa flags -argument can be the bitwise OR of zero or more -of the following constants: -.Bl -tag -width Ds -.It Dv ENGINE_FLAGS_BY_ID_COPY -.Xr ENGINE_by_id 3 -returns a shallow copy of the -.Vt ENGINE -object it found rather than incrementing the reference count -and returning a pointer to the original. -.It Dv ENGINE_FLAGS_MANUAL_CMD_CTRL -.Xr ENGINE_ctrl 3 -lets the function installed with -.Xr ENGINE_set_ctrl_function 3 -handle all commands except -.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION , -even the builtin commands. -.It Dv ENGINE_FLAGS_NO_REGISTER_ALL -.Xr ENGINE_register_all_complete 3 -skips -.Fa e . -.El -.Sh RETURN VALUES -.Fn ENGINE_set_flags -always returns 1. -.Pp -.Fn ENGINE_get_flags -returns the -.Fa flags -attribute of -.Fa e . -.Sh SEE ALSO -.Xr ENGINE_by_id 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_all_complete 3 , -.Xr ENGINE_set_RSA 3 -.Sh HISTORY -.Fn ENGINE_set_flags -and -.Fn ENGINE_get_flags -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/ENGINE_unregister_RSA.3 b/src/lib/libcrypto/man/ENGINE_unregister_RSA.3 deleted file mode 100644 index d037306382..0000000000 --- a/src/lib/libcrypto/man/ENGINE_unregister_RSA.3 +++ /dev/null @@ -1,119 +0,0 @@ -.\" $OpenBSD: ENGINE_unregister_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_UNREGISTER_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_unregister_RSA , -.Nm ENGINE_unregister_DSA , -.Nm ENGINE_unregister_ECDH , -.Nm ENGINE_unregister_ECDSA , -.Nm ENGINE_unregister_DH , -.Nm ENGINE_unregister_RAND , -.Nm ENGINE_unregister_STORE , -.Nm ENGINE_unregister_ciphers , -.Nm ENGINE_unregister_digests -.Nd revoke the registration of an ENGINE object -.Sh SYNOPSIS -.In openssl/engine.h -.Ft void -.Fo ENGINE_unregister_RSA -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_DSA -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_ECDH -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_ECDSA -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_DH -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_RAND -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_STORE -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_ciphers -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_digests -.Fa "ENGINE *e" -.Fc -.Sh DESCRIPTION -These functions remove -.Fa e -from the list of -.Vt ENGINE -objects that were previously registered for the respective algorithm -with the functions described in -.Xr ENGINE_register_RSA 3 . -.Pp -If -.Fa e -is currently used as the default engine for the algorithm -as described in the -.Fn ENGINE_set_default 3 -and -.Fn ENGINE_get_default_RSA 3 -manual pages, -.Xr ENGINE_finish 3 -is also called. -.Pp -.Fn ENGINE_unregister_ciphers -and -.Fn ENGINE_unregister_digests -unregister -.Fa e -for all ciphers or digests, respectively. -.Sh SEE ALSO -.Xr ENGINE_cleanup 3 , -.Xr ENGINE_finish 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 -.Sh HISTORY -.Fn ENGINE_unregister_RSA , -.Fn ENGINE_unregister_DSA , -.Fn ENGINE_unregister_DH , -.Fn ENGINE_unregister_RAND , -.Fn ENGINE_unregister_ciphers , -and -.Fn ENGINE_unregister_digests -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_unregister_ECDH , -.Fn ENGINE_unregister_ECDSA , -and -.Fn ENGINE_unregister_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ERR.3 b/src/lib/libcrypto/man/ERR.3 deleted file mode 100644 index 6d42d875a2..0000000000 --- a/src/lib/libcrypto/man/ERR.3 +++ /dev/null @@ -1,215 +0,0 @@ -.\" $OpenBSD: ERR.3,v 1.8 2019/06/10 09:49:48 schwarze Exp $ -.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 -.\" -.\" This file was written by Ulf Moeller and -.\" Dr. Stephen Henson . -.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt ERR 3 -.Os -.Sh NAME -.Nm ERR -.Nd OpenSSL error codes -.Sh SYNOPSIS -.In openssl/err.h -.Sh DESCRIPTION -When a call to the OpenSSL library fails, this is usually signaled by -the return value, and an error code is stored in an error queue -associated with the current thread. -The -.Nm -library provides functions to obtain these error codes and textual error -messages. -The -.Xr ERR_get_error 3 -manpage describes how to access error codes. -.Pp -Error codes contain information about where the error occurred, and what -went wrong. -.Xr ERR_GET_LIB 3 -describes how to extract this information. -A method to obtain human-readable error messages is described in -.Xr ERR_error_string 3 . -.Pp -.Xr ERR_clear_error 3 -can be used to clear the error queue. -.Pp -Note that -.Xr ERR_remove_state 3 -should be used to avoid memory leaks when threads are terminated. -.Sh ADDING NEW ERROR CODES TO OPENSSL -See -.Xr ERR_put_error 3 -if you want to record error codes in the OpenSSL error system from -within your application. -.Pp -The remainder of this section is of interest only if you want to add new -error codes to OpenSSL or add error codes from external libraries. -.Pp -When you are using new function or reason codes, run -.Sy make errors . -The necessary -.Sy #define Ns s -will then automatically be added to the sub-library's header file. -.Ss Adding new libraries -When adding a new sub-library to OpenSSL, assign it a library number -.Dv ERR_LIB_XXX , -define a macro -.Fn XXXerr -(both in -.In openssl/err.h ) , -add its name to -.Va ERR_str_libraries[] -(in -.Pa /usr/src/lib/libcrypto/err/err.c ) , -and add -.Fn ERR_load_XXX_strings -to the -.Fn ERR_load_crypto_strings -function (in -.Sy /usr/src/lib/libcrypto/err/err_all.c ) . -Finally, add an entry -.Pp -.Dl L XXX xxx.h xxx_err.c -.Pp -to -.Sy /usr/src/lib/libcrypto/err/openssl.ec , -and add -.Pa xxx_err.c -to the -.Pa Makefile . -Running -.Sy make errors -will then generate a file -.Pa xxx_err.c , -and add all error codes used in the library to -.Pa xxx.h . -.Pp -Additionally the library include file must have a certain form. -Typically it will initially look like this: -.Bd -literal -offset indent -#ifndef HEADER_XXX_H -#define HEADER_XXX_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* Include files */ - -#include -#include - -/* Macros, structures and function prototypes */ - -/* BEGIN ERROR CODES */ -.Ed -.Pp -The -.Sy BEGIN ERROR CODES -sequence is used by the error code generation script as the point to -place new error codes. -Any text after this point will be overwritten when -.Sy make errors -is run. -The closing #endif etc. will be automatically added by the script. -.Pp -The generated C error code file -.Pa xxx_err.c -will load the header files -.In stdio.h , -.In openssl/err.h -and -.In openssl/xxx.h -so the header file must load any additional header files containing any -definitions it uses. -.Sh USING ERROR CODES IN EXTERNAL LIBRARIES -It is also possible to use OpenSSL's error code scheme in external -libraries. -The library needs to load its own codes and call the OpenSSL error code -insertion script -.Pa mkerr.pl -explicitly to add codes to the header file and generate the C error code -file. -This will normally be done if the external library needs to generate new -ASN.1 structures but it can also be used to add more general purpose -error code handling. -.Sh INTERNALS -The error queues are stored in a hash table with one -.Vt ERR_STATE -entry for each PID. -.Fn ERR_get_state -returns the current thread's -.Vt ERR_STATE . -An -.Vt ERR_STATE -can hold up to -.Dv ERR_NUM_ERRORS -error codes. -When more error codes are added, the old ones are overwritten, on the -assumption that the most recent errors are most important. -.Pp -Error strings are also stored in a hash table. -The hash tables can be obtained by calling -.Fn ERR_get_err_state_table -and -.Fn ERR_get_string_table . -.Sh SEE ALSO -.Xr crypto 3 , -.Xr ERR_asprintf_error_data 3 , -.Xr ERR_clear_error 3 , -.Xr ERR_error_string 3 , -.Xr ERR_get_error 3 , -.Xr ERR_GET_LIB 3 , -.Xr ERR_load_crypto_strings 3 , -.Xr ERR_load_strings 3 , -.Xr ERR_print_errors 3 , -.Xr ERR_put_error 3 , -.Xr ERR_remove_state 3 , -.Xr ERR_set_mark 3 , -.Xr SSL_get_error 3 diff --git a/src/lib/libcrypto/man/ERR_GET_LIB.3 b/src/lib/libcrypto/man/ERR_GET_LIB.3 deleted file mode 100644 index bc14f0e2ac..0000000000 --- a/src/lib/libcrypto/man/ERR_GET_LIB.3 +++ /dev/null @@ -1,126 +0,0 @@ -.\" $OpenBSD: ERR_GET_LIB.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL doc/man3/ERR_GET_LIB.pod 3dfda1a6 Dec 12 11:14:40 2016 -0500 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt ERR_GET_LIB 3 -.Os -.Sh NAME -.Nm ERR_GET_LIB , -.Nm ERR_GET_FUNC , -.Nm ERR_GET_REASON , -.Nm ERR_FATAL_ERROR -.Nd get library, function and reason codes for OpenSSL errors -.Sh SYNOPSIS -.In openssl/err.h -.Ft int -.Fo ERR_GET_LIB -.Fa "unsigned long e" -.Fc -.Ft int -.Fo ERR_GET_FUNC -.Fa "unsigned long e" -.Fc -.Ft int -.Fo ERR_GET_REASON -.Fa "unsigned long e" -.Fc -.Ft int -.Fo ERR_FATAL_ERROR -.Fa "unsigned long e" -.Fc -.Sh DESCRIPTION -The error code returned by -.Xr ERR_get_error 3 -consists of a library number, function code, and reason code. -.Fn ERR_GET_LIB , -.Fn ERR_GET_FUNC , -and -.Fn ERR_GET_REASON -can be used to extract these. -.Pp -The library number and function code describe where the error occurred, -whereas the reason code is the information about what went wrong. -.Pp -Each sub-library of OpenSSL has a unique library number; function and -reason codes are unique within each sub-library. -Note that different libraries may use the same value to signal different -functions and reasons. -.Pp -.Dv ERR_R_* -reason codes such as -.Dv ERR_R_MALLOC_FAILURE -are globally unique. -However, when checking for sub-library specific reason codes, be sure to -also compare the library number. -.Pp -.Fn ERR_FATAL_ERROR -indicates whether a given error code is a fatal error. -.Pp -These functions are implemented as macros. -.Sh RETURN VALUES -.Fn ERR_GET_LIB , -.Fn ERR_GET_FUNC , -and -.Fn ERR_GET_REASON -return the library number, function code, and reason code, respectively. -.Pp -.Fn ERR_FATAL_ERROR -returns non-zero if the error is fatal or 0 otherwise. -.Sh SEE ALSO -.Xr ERR 3 , -.Xr ERR_get_error 3 -.Sh HISTORY -.Fn ERR_GET_LIB , -.Fn ERR_GET_FUNC , -.Fn ERR_GET_REASON , -and -.Fn ERR_FATAL_ERROR -first appeared in SSLeay 0.4.4 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ERR_asprintf_error_data.3 b/src/lib/libcrypto/man/ERR_asprintf_error_data.3 deleted file mode 100644 index 67999e9cb0..0000000000 --- a/src/lib/libcrypto/man/ERR_asprintf_error_data.3 +++ /dev/null @@ -1,55 +0,0 @@ -.\" $OpenBSD: ERR_asprintf_error_data.3,v 1.2 2017/02/21 07:15:21 jmc Exp $ -.\" -.\" Copyright (c) 2017 Bob Beck -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: February 21 2017 $ -.Dt ERR_ASPRINTF_ERROR_DATA 3 -.Os -.Sh NAME -.Nm ERR_asprintf_error_data -.Nd record a LibreSSL error using a formatted string -.Sh SYNOPSIS -.In openssl/err.h -.Ft void -.Fo ERR_asprintf_error_data -.Fa "char * format" -.Fa ... -.Fc -.Sh DESCRIPTION -.Nm -builds a string using -.Xr asprintf 3 -called with the provided -.Ar format -and arguments. -The resulting string is then associated with the error code that was most -recently added. -If -.Xr asprintf 3 -fails, the string "malloc failed" is associated instead. -.Pp -.Nm -is intended to be used instead of the OpenSSL functions -.Xr ERR_add_error_data 3 -and -.Xr ERR_add_error_vdata 3 . -.Sh SEE ALSO -.Xr ERR 3 , -.Xr ERR_put_error 3 , -.Xr printf 3 -.Sh HISTORY -.Nm -appeared in -.Ox 5.6 -and is available in all versions of LibreSSL. diff --git a/src/lib/libcrypto/man/ERR_clear_error.3 b/src/lib/libcrypto/man/ERR_clear_error.3 deleted file mode 100644 index 54f563e166..0000000000 --- a/src/lib/libcrypto/man/ERR_clear_error.3 +++ /dev/null @@ -1,70 +0,0 @@ -.\" $OpenBSD: ERR_clear_error.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt ERR_CLEAR_ERROR 3 -.Os -.Sh NAME -.Nm ERR_clear_error -.Nd clear the OpenSSL error queue -.Sh SYNOPSIS -.In openssl/err.h -.Ft void -.Fn ERR_clear_error void -.Sh DESCRIPTION -.Fn ERR_clear_error -empties the current thread's error queue. -.Sh SEE ALSO -.Xr ERR 3 , -.Xr ERR_get_error 3 -.Sh HISTORY -.Fn ERR_clear_error -first appeared in SSLeay 0.4.4 and has been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ERR_error_string.3 b/src/lib/libcrypto/man/ERR_error_string.3 deleted file mode 100644 index 60f9132859..0000000000 --- a/src/lib/libcrypto/man/ERR_error_string.3 +++ /dev/null @@ -1,176 +0,0 @@ -.\" $OpenBSD: ERR_error_string.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2004 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt ERR_ERROR_STRING 3 -.Os -.Sh NAME -.Nm ERR_error_string , -.Nm ERR_error_string_n , -.Nm ERR_lib_error_string , -.Nm ERR_func_error_string , -.Nm ERR_reason_error_string -.Nd obtain human-readable OpenSSL error messages -.Sh SYNOPSIS -.In openssl/err.h -.Ft char * -.Fo ERR_error_string -.Fa "unsigned long e" -.Fa "char *buf" -.Fc -.Ft void -.Fo ERR_error_string_n -.Fa "unsigned long e" -.Fa "char *buf" -.Fa "size_t len" -.Fc -.Ft const char * -.Fo ERR_lib_error_string -.Fa "unsigned long e" -.Fc -.Ft const char * -.Fo ERR_func_error_string -.Fa "unsigned long e" -.Fc -.Ft const char * -.Fo ERR_reason_error_string -.Fa "unsigned long e" -.Fc -.Sh DESCRIPTION -.Fn ERR_error_string -generates a human-readable string representing the error code -.Fa e -and places it in -.Fa buf . -.Fa buf -must be at least 256 bytes long. -If -.Fa buf -is -.Dv NULL , -the error string is placed in a static buffer. -Note that this function is not thread-safe and does no checks on -the size of the buffer; use -.Fn ERR_error_string_n -instead. -.Pp -.Fn ERR_error_string_n -is a variant of -.Fn ERR_error_string -that writes at most -.Fa len -characters (including the terminating NUL) and truncates the string -if necessary. -For -.Fn ERR_error_string_n , -.Fa buf -may not be -.Dv NULL . -.Pp -The string will have the following format: -.Pp -.Dl error:[error code]:[library name]:[function name]:[reason string] -.Pp -The error code is an 8-digit hexadecimal number. -The library name, the function name, and the reason string are ASCII -text. -.Pp -.Fn ERR_lib_error_string , -.Fn ERR_func_error_string , -and -.Fn ERR_reason_error_string -return the library name, the function name, and the reason string, -respectively. -.Pp -The OpenSSL error strings should be loaded by calling -.Xr ERR_load_crypto_strings 3 -or, for SSL applications, -.Xr SSL_load_error_strings 3 -first. -If there is no text string registered for the given error code, the -error string will contain the numeric code. -.Pp -.Xr ERR_print_errors 3 -can be used to print all error codes currently in the queue. -.Sh RETURN VALUES -.Fn ERR_error_string -returns a pointer to a static buffer containing the string if -.Fa buf -is -.Dv NULL , -or -.Fa buf -otherwise. -.Pp -.Fn ERR_lib_error_string , -.Fn ERR_func_error_string , -and -.Fn ERR_reason_error_string -return the strings, or -.Dv NULL -if none is registered for the error code. -.Sh SEE ALSO -.Xr ERR 3 , -.Xr ERR_get_error 3 , -.Xr ERR_load_crypto_strings 3 , -.Xr ERR_print_errors 3 , -.Xr SSL_load_error_strings 3 -.Sh HISTORY -.Fn ERR_error_string , -.Fn ERR_lib_error_string , -.Fn ERR_func_error_string , -and -.Fn ERR_reason_error_string -first appeared in SSLeay 0.4.4 and have been available since -.Ox 2.4 . -.Pp -.Fn ERR_error_string_n -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . diff --git a/src/lib/libcrypto/man/ERR_get_error.3 b/src/lib/libcrypto/man/ERR_get_error.3 deleted file mode 100644 index f3bcc09cbc..0000000000 --- a/src/lib/libcrypto/man/ERR_get_error.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" $OpenBSD: ERR_get_error.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt ERR_GET_ERROR 3 -.Os -.Sh NAME -.Nm ERR_get_error , -.Nm ERR_peek_error , -.Nm ERR_peek_last_error , -.Nm ERR_get_error_line , -.Nm ERR_peek_error_line , -.Nm ERR_peek_last_error_line , -.Nm ERR_get_error_line_data , -.Nm ERR_peek_error_line_data , -.Nm ERR_peek_last_error_line_data -.Nd obtain OpenSSL error code and data -.Sh SYNOPSIS -.In openssl/err.h -.Ft unsigned long -.Fn ERR_get_error void -.Ft unsigned long -.Fn ERR_peek_error void -.Ft unsigned long -.Fn ERR_peek_last_error void -.Ft unsigned long -.Fo ERR_get_error_line -.Fa "const char **file" -.Fa "int *line" -.Fc -.Ft unsigned long -.Fo ERR_peek_error_line -.Fa "const char **file" -.Fa "int *line" -.Fc -.Ft unsigned long -.Fo ERR_peek_last_error_line -.Fa "const char **file" -.Fa "int *line" -.Fc -.Ft unsigned long -.Fo ERR_get_error_line_data -.Fa "const char **file" -.Fa "int *line" -.Fa "const char **data" -.Fa "int *flags" -.Fc -.Ft unsigned long -.Fo ERR_peek_error_line_data -.Fa "const char **file" -.Fa "int *line" -.Fa "const char **data" -.Fa "int *flags" -.Fc -.Ft unsigned long -.Fo ERR_peek_last_error_line_data -.Fa "const char **file" -.Fa "int *line" -.Fa "const char **data" -.Fa "int *flags" -.Fc -.Sh DESCRIPTION -.Fn ERR_get_error -returns the earliest error code from the thread's error queue and -removes the entry. -This function can be called repeatedly until there are no more error -codes to return. -.Pp -.Fn ERR_peek_error -returns the earliest error code from the thread's error queue without -modifying it. -.Pp -.Fn ERR_peek_last_error -returns the latest error code from the thread's error queue without -modifying it. -.Pp -See -.Xr ERR_GET_LIB 3 -for obtaining information about the location and reason for the error, and -.Xr ERR_error_string 3 -for human-readable error messages. -.Pp -.Fn ERR_get_error_line , -.Fn ERR_peek_error_line , -and -.Fn ERR_peek_last_error_line -are the same as the above, but they additionally store the file name and -line number where the error occurred in -.Pf * Fa file -and -.Pf * Fa line , -unless these are -.Dv NULL . -.Pp -.Fn ERR_get_error_line_data , -.Fn ERR_peek_error_line_data , -and -.Fn ERR_peek_last_error_line_data -store additional data and flags associated with the error code in -.Pf * Fa data -and -.Pf * Fa flags , -unless these are -.Dv NULL . -.Pf * Fa data -contains a string if -.Pf * Fa flags Ns & Ns Dv ERR_TXT_STRING -is true. -.Pp -An application -.Sy MUST NOT -free the -.Pf * Fa data -pointer (or any other pointers returned by these functions) with -.Xr free 3 -as freeing is handled automatically by the error library. -.Sh RETURN VALUES -The error code, or 0 if there is no error in the queue. -.Sh SEE ALSO -.Xr ERR 3 , -.Xr ERR_error_string 3 , -.Xr ERR_GET_LIB 3 -.Sh HISTORY -.Fn ERR_get_error -and -.Fn ERR_peek_error -first appeared in SSLeay 0.4.4. -.Fn ERR_get_error_line -and -.Fn ERR_peek_error_line -first appeared in SSLeay 0.6.0. -.Fn ERR_get_error_line_data -and -.Fn ERR_peek_error_line_data -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn ERR_peek_last_error , -.Fn ERR_peek_last_error_line , -and -.Fn ERR_peek_last_error_line_data -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/ERR_load_crypto_strings.3 b/src/lib/libcrypto/man/ERR_load_crypto_strings.3 deleted file mode 100644 index 4ad12659a5..0000000000 --- a/src/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ /dev/null @@ -1,128 +0,0 @@ -.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.9 2020/06/04 20:06:04 schwarze Exp $ -.\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500 -.\" selective merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 4 2020 $ -.Dt ERR_LOAD_CRYPTO_STRINGS 3 -.Os -.Sh NAME -.Nm ERR_load_crypto_strings , -.Nm ERR_free_strings , -.Nm SSL_load_error_strings -.Nd load and free OpenSSL error strings -.\" The function ERR_load_ERR_strings() is intentionally undocumented -.\" because it is merely a subroutine of ERR_load_crypto_strings(3) -.\" and should not have been made a part of the API. -.\" The same applies to the other ERR_load_*_strings() functions. -.Sh SYNOPSIS -.In openssl/err.h -.Ft void -.Fn ERR_load_crypto_strings void -.Ft void -.Fn ERR_free_strings void -.In openssl/ssl.h -.Ft void -.Fn SSL_load_error_strings void -.Sh DESCRIPTION -These functions are deprecated. -It is never useful for any application program to call any of them explicitly. -The library automatically calls them internally whenever needed. -.Pp -.Fn ERR_load_crypto_strings -registers the error strings for all -.Xr crypto 3 -functions. -.Fn SSL_load_error_strings -does the same, but also registers the -.Xr ssl 3 -error strings. -.Pp -If the error strings were already loaded before, no action occurs. -.Pp -.Fn ERR_free_strings -frees all previously loaded error strings. -.Sh SEE ALSO -.Xr ERR 3 , -.Xr ERR_error_string 3 , -.Xr OPENSSL_config 3 -.Sh HISTORY -.Fn ERR_load_crypto_strings -and -.Fn SSL_load_error_strings -first appeared in SSLeay 0.4.4. -.Fn ERR_free_strings -first appeared in SSLeay 0.5.1. -These functions been available since -.Ox 2.4 . -.Sh BUGS -Even though the error strings are already compiled into the object -code of the library as static strings, these functions store them -again using dynamically allocated memory on the heap. -That may fail if insufficient memory is available, -but these functions do not report such errors. -Instead, they fail silently, possibly having registered none or only -a part of the strings requested. diff --git a/src/lib/libcrypto/man/ERR_load_strings.3 b/src/lib/libcrypto/man/ERR_load_strings.3 deleted file mode 100644 index 44fde08c90..0000000000 --- a/src/lib/libcrypto/man/ERR_load_strings.3 +++ /dev/null @@ -1,117 +0,0 @@ -.\" $OpenBSD: ERR_load_strings.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt ERR_LOAD_STRINGS 3 -.Os -.Sh NAME -.Nm ERR_load_strings , -.Nm ERR_PACK , -.Nm ERR_get_next_error_library -.Nd load arbitrary OpenSSL error strings -.Sh SYNOPSIS -.In openssl/err.h -.Ft void -.Fo ERR_load_strings -.Fa "int lib" -.Fa "ERR_STRING_DATA str[]" -.Fc -.Ft unsigned long -.Fo ERR_PACK -.Fa "int lib" -.Fa "int func" -.Fa "int reason" -.Fc -.Ft int -.Fn ERR_get_next_error_library void -.Sh DESCRIPTION -.Fn ERR_load_strings -registers error strings for library number -.Fa lib . -.Pp -.Fa str -is an array of error string data: -.Bd -literal -offset indent -typedef struct ERR_string_data_st -{ - unsigned long error; - char *string; -} ERR_STRING_DATA; -.Ed -.Pp -The error code is generated from the library number and a function and -reason code: -.Pp -.Dl error = ERR_PACK(lib, func, reason) -.Pp -.Fn ERR_PACK -is a macro. -.Pp -The last entry in the array is -.Brq 0 , Dv NULL . -.Pp -.Fn ERR_get_next_error_library -can be used to assign library numbers to user libraries at runtime. -.Sh RETURN VALUES -.Fn ERR_PACK -returns the error code. -.Fn ERR_get_next_error_library -returns a new library number. -.Sh SEE ALSO -.Xr ERR 3 -.Sh HISTORY -.Fn ERR_load_strings -and -.Fn ERR_PACK -first appeared in SSLeay 0.4.4. -.Fn ERR_get_next_error_library -first appeared in SSLeay 0.9.0. -These functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ERR_print_errors.3 b/src/lib/libcrypto/man/ERR_print_errors.3 deleted file mode 100644 index a5c7c03287..0000000000 --- a/src/lib/libcrypto/man/ERR_print_errors.3 +++ /dev/null @@ -1,122 +0,0 @@ -.\" $OpenBSD: ERR_print_errors.3,v 1.8 2020/03/28 22:40:58 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller , -.\" with additions by Rich Salz . -.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 28 2020 $ -.Dt ERR_PRINT_ERRORS 3 -.Os -.Sh NAME -.Nm ERR_print_errors , -.Nm ERR_print_errors_fp , -.Nm ERR_print_errors_cb -.Nd print OpenSSL error messages -.Sh SYNOPSIS -.In openssl/err.h -.Ft void -.Fo ERR_print_errors -.Fa "BIO *bp" -.Fc -.Ft void -.Fo ERR_print_errors_fp -.Fa "FILE *fp" -.Fc -.Ft void -.Fo ERR_print_errors_cb -.Fa "int (*cb)(const char *str, size_t len, void *u)" -.Fa "void *u" -.Fc -.Sh DESCRIPTION -.Fn ERR_print_errors -is a convenience function that prints the error strings for all errors -that OpenSSL has recorded to -.Fa bp , -thus emptying the error queue. -.Pp -.Fn ERR_print_errors_fp -is the same, except that the output goes to a -.Vt FILE . -.Pp -.Fn ERR_print_errors_cb -is the same, except that the callback function, -.Fa cb , -is called for each error line with the string, length, and userdata -.Fa u -as the callback parameters. -.Pp -The error strings have the following format: -.Bd -literal -[pid]:error:[error code]:[library name]:[function name]:[reason string]: -[file name]:[line]:[optional text message] -.Ed -.Pp -The error code is an 8-digit hexadecimal number. -The library name, the function name, and the reason string are ASCII -text, as is the optional text message if one was set for the -respective error code. -.Pp -If there is no text string registered for the given error code, the -error string will contain the numeric code. -.Sh SEE ALSO -.Xr ERR 3 , -.Xr ERR_error_string 3 , -.Xr ERR_get_error 3 , -.Xr ERR_load_crypto_strings 3 , -.Xr SSL_load_error_strings 3 -.Sh HISTORY -.Fn ERR_print_errors -first appeared in SSLeay 0.4.5. -.Fn ERR_print_errors_fp -first appeared in SSLeay 0.6.0. -Both functions have been available since -.Ox 2.4 . -.Pp -.Fn ERR_print_errors_cb -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/ERR_put_error.3 b/src/lib/libcrypto/man/ERR_put_error.3 deleted file mode 100644 index 142d2eb2bd..0000000000 --- a/src/lib/libcrypto/man/ERR_put_error.3 +++ /dev/null @@ -1,158 +0,0 @@ -.\" $OpenBSD: ERR_put_error.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt ERR_PUT_ERROR 3 -.Os -.Sh NAME -.Nm ERR_put_error , -.Nm ERR_add_error_data , -.Nm ERR_add_error_vdata -.Nd record an OpenSSL error -.Sh SYNOPSIS -.In openssl/err.h -.Ft void -.Fo ERR_put_error -.Fa "int lib" -.Fa "int func" -.Fa "int reason" -.Fa "const char *file" -.Fa "int line" -.Fc -.Ft void -.Fo ERR_add_error_data -.Fa "int num" -.Fa ... -.Fc -.Ft void -.Fo ERR_add_error_vdata -.Fa "int num" -.Fa "va_list arg" -.Fc -.Sh DESCRIPTION -.Fn ERR_put_error -adds an error code to the thread's error queue. -It signals that the error of reason code -.Fa reason -occurred in function -.Fa func -of library -.Fa lib , -in line number -.Fa line -of -.Fa file . -This function is usually called by a macro. -.Pp -.Fn ERR_add_error_data -associates the concatenation of its -.Fa num -string arguments with the error code added last. -.Fn ERR_add_error_vdata -is similar except the argument is a -.Vt va_list . -Use of -.Fn ERR_add_error_data -and -.Fn ERR_add_error_vdata -is deprecated inside of LibreSSL in favour of -.Xr ERR_asprintf_error_data 3 . -.Pp -.Xr ERR_load_strings 3 -can be used to register error strings so that the application can -generate human-readable error messages for the error code. -.Pp -Each sub-library has a specific macro -.Fn XXXerr f r -that is used to report errors. -Its first argument is a function code -.Dv XXX_F_* ; -the second argument is a reason code -.Dv XXX_R_* . -Function codes are derived from the function names -whereas reason codes consist of textual error descriptions. -For example, the function -.Fn ssl23_read -reports a "handshake failure" as follows: -.Pp -.Dl SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); -.Pp -Function and reason codes should consist of upper case characters, -numbers and underscores only. -The error file generation script translates function codes into function -names by looking in the header files for an appropriate function name. -If none is found it just uses the capitalized form such as "SSL23_READ" -in the above example. -.Pp -The trailing section of a reason code (after the "_R_") is translated -into lower case and underscores changed to spaces. -.Pp -Although a library will normally report errors using its own specific -.Fn XXXerr -macro, another library's macro can be used. -This is normally only done when a library wants to include ASN.1 code -which must use the -.Fn ASN1err -macro. -.Sh SEE ALSO -.Xr ERR 3 , -.Xr ERR_asprintf_error_data 3 , -.Xr ERR_load_strings 3 -.Sh HISTORY -.Fn ERR_put_error -first appeared in SSLeay 0.4.4. -.Fn ERR_add_error_data -first appeared in SSLeay 0.9.0. -Both functions have been available since -.Ox 2.4 . -.Pp -.Fn ERR_add_error_vdata -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/ERR_remove_state.3 b/src/lib/libcrypto/man/ERR_remove_state.3 deleted file mode 100644 index bc28f15dea..0000000000 --- a/src/lib/libcrypto/man/ERR_remove_state.3 +++ /dev/null @@ -1,108 +0,0 @@ -.\" $OpenBSD: ERR_remove_state.3,v 1.7 2020/03/28 22:40:58 schwarze Exp $ -.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" This file was written by Ulf Moeller and -.\" Matt Caswell . -.\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 28 2020 $ -.Dt ERR_REMOVE_STATE 3 -.Os -.Sh NAME -.Nm ERR_remove_thread_state , -.Nm ERR_remove_state -.Nd free a thread's OpenSSL error queue -.Sh SYNOPSIS -.In openssl/err.h -.Ft void -.Fo ERR_remove_thread_state -.Fa "const CRYPTO_THREADID *tid" -.Fc -.Pp -Deprecated: -.Pp -.Ft void -.Fo ERR_remove_state -.Fa "unsigned long pid" -.Fc -.Sh DESCRIPTION -.Fn ERR_remove_thread_state -frees the error queue associated with thread -.Fa tid . -If -.Fa tid -is -.Dv NULL , -the current thread will have its error queue removed. -.Pp -Since error queue data structures are allocated automatically for new -threads, they must be freed when threads are terminated in order to -avoid memory leaks. -.Pp -.Fn ERR_remove_state -is deprecated and has been replaced by -.Fn ERR_remove_thread_state . -Since threads in OpenSSL are no longer identified by unsigned long -values, any argument to this function is ignored. -Calling -.Fn ERR_remove_state -is equivalent to -.Fn ERR_remove_thread_state NULL . -.Sh SEE ALSO -.Xr ERR 3 -.Sh HISTORY -.Fn ERR_remove_state -first appeared in SSLeay 0.6.1 and has been available since -.Ox 2.4 . -.Pp -It was deprecated in OpenSSL 1.0.0 and -.Ox 4.9 -when -.Fn ERR_remove_thread_state -was introduced and thread IDs were introduced to identify threads -instead of -.Vt unsigned long . diff --git a/src/lib/libcrypto/man/ERR_set_mark.3 b/src/lib/libcrypto/man/ERR_set_mark.3 deleted file mode 100644 index 2f3486d8c0..0000000000 --- a/src/lib/libcrypto/man/ERR_set_mark.3 +++ /dev/null @@ -1,86 +0,0 @@ -.\" $OpenBSD: ERR_set_mark.3,v 1.4 2018/03/23 00:09:11 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Richard Levitte . -.\" Copyright (c) 2003 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt ERR_SET_MARK 3 -.Os -.Sh NAME -.Nm ERR_set_mark , -.Nm ERR_pop_to_mark -.Nd set marks and pop OpenSSL errors until mark -.Sh SYNOPSIS -.In openssl/err.h -.Ft int -.Fn ERR_set_mark void -.Ft int -.Fn ERR_pop_to_mark void -.Sh DESCRIPTION -.Fn ERR_set_mark -sets a mark on the current topmost error record if there is one. -.Pp -.Fn ERR_pop_to_mark -will pop the top of the error stack until a mark is found. -The mark is then removed. -If there is no mark, the whole stack is removed. -.Sh RETURN VALUES -.Fn ERR_set_mark -returns 0 if the error stack is empty, otherwise 1. -.Pp -.Fn ERR_pop_to_mark -returns 0 if there was no mark in the error stack, which implies that -the stack became empty, otherwise 1. -.Sh SEE ALSO -.Xr ERR 3 -.Sh HISTORY -.Fn ERR_set_mark -and -.Fn ERR_pop_to_mark -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 b/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 deleted file mode 100644 index 4baabbcd99..0000000000 --- a/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 +++ /dev/null @@ -1,117 +0,0 @@ -.\" $OpenBSD: ESS_SIGNING_CERT_new.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt ESS_SIGNING_CERT_NEW 3 -.Os -.Sh NAME -.Nm ESS_SIGNING_CERT_new , -.Nm ESS_SIGNING_CERT_free , -.Nm ESS_CERT_ID_new , -.Nm ESS_CERT_ID_free , -.Nm ESS_ISSUER_SERIAL_new , -.Nm ESS_ISSUER_SERIAL_free -.Nd signing certificates for S/MIME -.Sh SYNOPSIS -.In openssl/ts.h -.Ft ESS_SIGNING_CERT * -.Fn ESS_SIGNING_CERT_new void -.Ft void -.Fn ESS_SIGNING_CERT_free "ESS_SIGNING_CERT *signing_cert" -.Ft ESS_CERT_ID * -.Fn ESS_CERT_ID_new void -.Ft void -.Fn ESS_CERT_ID_free "ESS_CERT_ID *cert_id" -.Ft ESS_ISSUER_SERIAL * -.Fn ESS_ISSUER_SERIAL_new void -.Ft void -.Fn ESS_ISSUER_SERIAL_free "ESS_ISSUER_SERIAL *issuer_serial" -.Sh DESCRIPTION -The signing certificate may be included in the signedAttributes -field of a -.Vt SignerInfo -structure to mitigate simple substitution and re-issue attacks. -.Pp -.Fn ESS_SIGNING_CERT_new -allocates and initializes an empty -.Vt ESS_SIGNING_CERT -object, representing an ASN.1 -.Vt SigningCertificate -structure defined in RFC 2634 section 5.4. -It can hold the certificate used for signing the data, -additional authorization certificates that can be used during -validation, and policies applying to the certificate. -.Fn ESS_SIGNING_CERT_free -frees -.Fa signing_cert . -.Pp -.Fn ESS_CERT_ID_new -allocates and initializes an empty -.Vt ESS_CERT_ID -object, representing an ASN.1 -.Vt ESSCertID -structure defined in RFC 2634 section 5.4.1. -Such objects can be used inside -.Vt ESS_SIGNING_CERT -objects, and each one can hold a SHA1 hash of one certificate. -.Fn ESS_CERT_ID_free -frees -.Fa cert_id . -.Pp -.Fn ESS_ISSUER_SERIAL_new -allocates and initializes an empty -.Vt ESS_ISSUER_SERIAL -object, representing an ASN.1 -.Vt IssuerSerial -structure defined in RFC 2634 section 5.4.1. -It can hold an issuer name and a serial number and can be included in an -.Vt ESS_CERT_ID -object, which is useful for additional authorization certificates, -but redundant for the signing certificate itself. -.Fn ESS_ISSUER_SERIAL_free -frees -.Fa issuer_serial . -.Sh RETURN VALUES -.Fn ESS_SIGNING_CERT_new , -.Fn ESS_CERT_ID_new , -and -.Fn ESS_ISSUER_SERIAL_new -return the new -.Vt ESS_SIGNING_CERT , -.Vt ESS_CERT_ID , -or -.Vt ESS_ISSUER_SERIAL -object, respectively, or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr d2i_ESS_SIGNING_CERT 3 -.Sh STANDARDS -RFC 2634: Enhanced Security Services for S/MIME, -section 5: Signing Certificate Attribute -.Pp -Note that RFC 2634 has been updated by RFC 5035: -Enhanced Security Services (ESS) Update: -Adding CertID Algorithm Agility. -But the current implementation only supports the -Signing Certificate Attribute Definition Version 1 -according to RFC 2634, not the -Signing Certificate Attribute Definition Version 2 -according to RFC 5035. -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 b/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 deleted file mode 100644 index 5c4def1740..0000000000 --- a/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 +++ /dev/null @@ -1,307 +0,0 @@ -.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.9 2019/06/06 01:06:58 schwarze Exp $ -.\" -.\" Copyright (c) 2014, Google Inc. -.\" Parts of the text were written by Adam Langley and David Benjamin. -.\" Copyright (c) 2015 Reyk Floeter -.\" -.\" Permission to use, copy, modify, and/or distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt EVP_AEAD_CTX_INIT 3 -.Os -.Sh NAME -.Nm EVP_AEAD_CTX_init , -.Nm EVP_AEAD_CTX_cleanup , -.Nm EVP_AEAD_CTX_open , -.Nm EVP_AEAD_CTX_seal , -.Nm EVP_AEAD_key_length , -.Nm EVP_AEAD_max_overhead , -.Nm EVP_AEAD_max_tag_len , -.Nm EVP_AEAD_nonce_length , -.Nm EVP_aead_aes_128_gcm , -.Nm EVP_aead_aes_256_gcm , -.Nm EVP_aead_chacha20_poly1305 , -.Nm EVP_aead_xchacha20_poly1305 -.Nd authenticated encryption with additional data -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_AEAD_CTX_init -.Fa "EVP_AEAD_CTX *ctx" -.Fa "const EVP_AEAD *aead" -.Fa "const unsigned char *key" -.Fa "size_t key_len" -.Fa "size_t tag_len" -.Fa "ENGINE *impl" -.Fc -.Ft void -.Fo EVP_AEAD_CTX_cleanup -.Fa "EVP_AEAD_CTX *ctx" -.Fc -.Ft int -.Fo EVP_AEAD_CTX_open -.Fa "const EVP_AEAD_CTX *ctx" -.Fa "unsigned char *out" -.Fa "size_t *out_len" -.Fa "size_t max_out_len" -.Fa "const unsigned char *nonce" -.Fa "size_t nonce_len" -.Fa "const unsigned char *in" -.Fa "size_t in_len" -.Fa "const unsigned char *ad" -.Fa "size_t ad_len" -.Fc -.Ft int -.Fo EVP_AEAD_CTX_seal -.Fa "const EVP_AEAD_CTX *ctx" -.Fa "unsigned char *out" -.Fa "size_t *out_len" -.Fa "size_t max_out_len" -.Fa "const unsigned char *nonce" -.Fa "size_t nonce_len" -.Fa "const unsigned char *in" -.Fa "size_t in_len" -.Fa "const unsigned char *ad" -.Fa "size_t ad_len" -.Fc -.Ft size_t -.Fo EVP_AEAD_key_length -.Fa "const EVP_AEAD *aead" -.Fc -.Ft size_t -.Fo EVP_AEAD_max_overhead -.Fa "const EVP_AEAD *aead" -.Fc -.Ft size_t -.Fo EVP_AEAD_max_tag_len -.Fa "const EVP_AEAD *aead" -.Fc -.Ft size_t -.Fo EVP_AEAD_nonce_length -.Fa "const EVP_AEAD *aead" -.Fc -.Ft const EVP_AEAD * -.Fo EVP_aead_aes_128_gcm -.Fa void -.Fc -.Ft const EVP_AEAD * -.Fo EVP_aead_aes_256_gcm -.Fa void -.Fc -.Ft const EVP_AEAD * -.Fo EVP_aead_chacha20_poly1305 -.Fa void -.Fc -.Ft const EVP_AEAD * -.Fo EVP_aead_xchacha20_poly1305 -.Fa void -.Fc -.Sh DESCRIPTION -AEAD (Authenticated Encryption with Additional Data) couples -confidentiality and integrity in a single primitive. -AEAD algorithms take a key and can then seal and open individual -messages. -Each message has a unique, per-message nonce and, optionally, additional -data which is authenticated but not included in the output. -.Pp -.Fn EVP_AEAD_CTX_init -initializes the context -.Fa ctx -for the given AEAD algorithm -.Fa aead . -The -.Fa impl -argument must be -.Dv NULL -for the default implementation; -other values are currently not supported. -Authentication tags may be truncated by passing a tag length. -A tag length of zero indicates the default tag length should be used. -.Pp -.Fn EVP_AEAD_CTX_cleanup -frees any data allocated for the context -.Fa ctx . -.Pp -.Fn EVP_AEAD_CTX_open -authenticates the input -.Fa in -and optional additional data -.Fa ad , -decrypting the input and writing it as output -.Fa out . -This function may be called (with the same -.Vt EVP_AEAD_CTX ) -concurrently with itself or with -.Fn EVP_AEAD_CTX_seal . -At most the number of input bytes are written as output. -In order to ensure success, -.Fa max_out_len -should be at least the same as the input length -.Fa in_len . -On successful return -.Fa out_len -is set to the actual number of bytes written. -The length of the -.Fa nonce -specified with -.Fa nonce_len -must be equal to the result of EVP_AEAD_nonce_length for this AEAD. -.Fn EVP_AEAD_CTX_open -never results in partial output. -If -.Fa max_out_len -is insufficient, zero will be returned and -.Fa out_len -will be set to zero. -If the input and output are aliased then -.Fa out -must be <= -.Fa in . -.Pp -.Fn EVP_AEAD_CTX_seal -encrypts and authenticates the input and authenticates any additional -data provided in -.Fa ad , -the encrypted input and authentication tag being written as output -.Fa out . -This function may be called (with the same -.Vt EVP_AEAD_CTX ) -concurrently with itself or with -.Fn EVP_AEAD_CTX_open . -At most -.Fa max_out_len -bytes are written as output and, in order to ensure success, this value -should be the -.Fa in_len -plus the result of -.Fn EVP_AEAD_max_overhead . -On successful return, -.Fa out_len -is set to the actual number of bytes written. -The length of the -.Fa nonce -specified with -.Fa nonce_len -must be equal to the result of -.Fn EVP_AEAD_nonce_length -for this AEAD. -.Fn EVP_AEAD_CTX_seal -never results in a partial output. -If -.Fa max_out_len -is insufficient, zero will be returned and -.Fa out_len -will be set to zero. -If the input and output are aliased then -.Fa out -must be <= -.Fa in . -.Pp -.Fn EVP_AEAD_key_length , -.Fn EVP_AEAD_max_overhead , -.Fn EVP_AEAD_max_tag_len , -and -.Fn EVP_AEAD_nonce_length -provide information about the AEAD algorithm -.Fa aead . -.Pp -All cipher algorithms have a fixed key length unless otherwise stated. -The following ciphers are available: -.Bl -tag -width Ds -offset indent -.It Fn EVP_aead_aes_128_gcm -AES-128 in Galois Counter Mode. -.It Fn EVP_aead_aes_256_gcm -AES-256 in Galois Counter Mode. -.It Fn EVP_aead_chacha20_poly1305 -ChaCha20 with a Poly1305 authenticator. -.It Fn EVP_aead_xchacha20_poly1305 -XChaCha20 with a Poly1305 authenticator. -.El -.Pp -Where possible the -.Sy EVP_AEAD -interface to AEAD ciphers should be used in preference to the older -.Sy EVP -variants or to the low level interfaces. -This is because the code then becomes transparent to the AEAD cipher -used and much more flexible. -It is also safer to use as it prevents common mistakes with the native APIs. -.Sh RETURN VALUES -.Fn EVP_AEAD_CTX_init , -.Fn EVP_AEAD_CTX_open , -and -.Fn EVP_AEAD_CTX_seal -return 1 for success or zero for failure. -.Pp -.Fn EVP_AEAD_key_length -returns the length of the key used for this AEAD. -.Pp -.Fn EVP_AEAD_max_overhead -returns the maximum number of additional bytes added by the act of -sealing data with the AEAD. -.Pp -.Fn EVP_AEAD_max_tag_len -returns the maximum tag length when using this AEAD. -This is the largest value that can be passed as a tag length to -.Fn EVP_AEAD_CTX_init . -.Pp -.Fn EVP_AEAD_nonce_length -returns the length of the per-message nonce. -.Sh EXAMPLES -Encrypt a string using ChaCha20-Poly1305: -.Bd -literal -offset indent -const EVP_AEAD *aead = EVP_aead_chacha20_poly1305(); -static const unsigned char nonce[32] = {0}; -size_t buf_len, nonce_len; -EVP_AEAD_CTX ctx; - -EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead), - EVP_AEAD_DEFAULT_TAG_LENGTH, NULL); -nonce_len = EVP_AEAD_nonce_length(aead); - -EVP_AEAD_CTX_seal(&ctx, out, &out_len, BUFSIZE, nonce, - nonce_len, in, in_len, NULL, 0); - -EVP_AEAD_CTX_cleanup(&ctx); -.Ed -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_EncryptInit 3 -.Sh STANDARDS -.Rs -.%A A. Langley -.%A W. Chang -.%D November 2013 -.%R draft-agl-tls-chacha20poly1305-04 -.%T ChaCha20 and Poly1305 based Cipher Suites for TLS -.Re -.Pp -.Rs -.%A Y. Nir -.%A A. Langley -.%D May 2015 -.%R RFC 7539 -.%T ChaCha20 and Poly1305 for IETF Protocols -.Re -.Pp -.Rs -.%A S. Arciszewski -.%D October 2018 -.%R draft-arciszewski-xchacha-02 -.%T XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305 -.Re -.Sh HISTORY -AEAD is based on the implementation by -.An Adam Langley -for Chromium/BoringSSL and first appeared in -.Ox 5.6 . diff --git a/src/lib/libcrypto/man/EVP_BytesToKey.3 b/src/lib/libcrypto/man/EVP_BytesToKey.3 deleted file mode 100644 index 821259a515..0000000000 --- a/src/lib/libcrypto/man/EVP_BytesToKey.3 +++ /dev/null @@ -1,143 +0,0 @@ -.\" $OpenBSD: EVP_BytesToKey.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2001, 2011, 2013, 2014, 2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 7 2019 $ -.Dt EVP_BYTESTOKEY 3 -.Os -.Sh NAME -.Nm EVP_BytesToKey -.Nd password based encryption routine -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_BytesToKey -.Fa "const EVP_CIPHER *type" -.Fa "const EVP_MD *md" -.Fa "const unsigned char *salt" -.Fa "const unsigned char *data" -.Fa "int datal" -.Fa "int count" -.Fa "unsigned char *key" -.Fa "unsigned char *iv" -.Fc -.Sh DESCRIPTION -.Fn EVP_BytesToKey -derives a key and IV from various parameters. -.Fa type -is the cipher to derive the key and IV for. -.Fa md -is the message digest to use. -The -.Fa salt -parameter is used as a salt in the derivation: -it should point to an 8-byte buffer or -.Dv NULL -if no salt is used. -.Fa data -is a buffer containing -.Fa datal -bytes which is used to derive the keying data. -.Fa count -is the iteration count to use. -The derived key and IV will be written to -.Fa key -and -.Fa iv , -respectively. -.Pp -A typical application of this function is to derive keying material for -an encryption algorithm from a password in the -.Fa data -parameter. -.Pp -Increasing the -.Fa count -parameter slows down the algorithm, which makes it harder for an attacker -to perform a brute force attack using a large number of candidate -passwords. -.Pp -If the total key and IV length is less than the digest length and MD5 -is used, then the derivation algorithm is compatible with PKCS#5 v1.5. -Otherwise, a non-standard extension is used to derive the extra data. -.Pp -Newer applications should use more standard algorithms such as PBKDF2 as -defined in PKCS#5v2.1 for key derivation. -.Sh KEY DERIVATION ALGORITHM -The key and IV is derived by concatenating D_1, D_2, etc. until enough -data is available for the key and IV. -D_i is defined recursively as: -.Pp -.Dl D_i = HASH^count(D_(i-1) || data || salt) -.Pp -where || denotes concatenation, D_0 is empty, HASH is the digest -algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) is -HASH(HASH(data)) and so on. -.Pp -The initial bytes are used for the key and the subsequent bytes for the -IV. -.Sh RETURN VALUES -If -.Fa data -is -.Dv NULL , -.Fn EVP_BytesToKey -returns the number of bytes needed to store the derived key. -Otherwise, -.Fn EVP_BytesToKey -returns the size of the derived key in bytes or 0 on error. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_EncryptInit 3 , -.Xr PKCS5_PBKDF2_HMAC 3 -.Sh HISTORY -.Fn EVP_BytesToKey -first appeared in SSLeay 0.5.1 and has been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/EVP_DigestInit.3 b/src/lib/libcrypto/man/EVP_DigestInit.3 deleted file mode 100644 index ca36ece5fb..0000000000 --- a/src/lib/libcrypto/man/EVP_DigestInit.3 +++ /dev/null @@ -1,777 +0,0 @@ -.\" $OpenBSD: EVP_DigestInit.3,v 1.20 2021/01/05 06:51:31 jmc Exp $ -.\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000 -.\" selective merge up to: OpenSSL a95d7574 Jul 2 12:16:38 2017 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson -.\" and Richard Levitte . -.\" Copyright (c) 2000-2004, 2009, 2012-2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: January 5 2021 $ -.Dt EVP_DIGESTINIT 3 -.Os -.Sh NAME -.Nm EVP_MD_CTX_new , -.Nm EVP_MD_CTX_reset , -.Nm EVP_MD_CTX_free , -.Nm EVP_MD_CTX_init , -.Nm EVP_MD_CTX_create , -.Nm EVP_MD_CTX_cleanup , -.Nm EVP_MD_CTX_destroy , -.Nm EVP_MD_CTX_ctrl , -.Nm EVP_DigestInit_ex , -.Nm EVP_DigestUpdate , -.Nm EVP_DigestFinal_ex , -.Nm EVP_Digest , -.Nm EVP_MD_CTX_copy_ex , -.Nm EVP_DigestInit , -.Nm EVP_DigestFinal , -.Nm EVP_MD_CTX_copy , -.Nm EVP_MAX_MD_SIZE , -.Nm EVP_MD_type , -.Nm EVP_MD_pkey_type , -.Nm EVP_MD_size , -.Nm EVP_MD_block_size , -.Nm EVP_MD_CTX_md , -.Nm EVP_MD_CTX_size , -.Nm EVP_MD_CTX_block_size , -.Nm EVP_MD_CTX_type , -.Nm EVP_md_null , -.Nm EVP_md5 , -.Nm EVP_md5_sha1 , -.Nm EVP_sha1 , -.Nm EVP_sha224 , -.Nm EVP_sha256 , -.Nm EVP_sha384 , -.Nm EVP_sha512 , -.Nm EVP_dss , -.Nm EVP_dss1 , -.Nm EVP_ripemd160 , -.Nm EVP_get_digestbyname , -.Nm EVP_get_digestbynid , -.Nm EVP_get_digestbyobj -.Nd EVP digest routines -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_MD_CTX * -.Fn EVP_MD_CTX_new void -.Ft int -.Fo EVP_MD_CTX_reset -.Fa "EVP_MD_CTX *ctx" -.Fc -.Ft void -.Fo EVP_MD_CTX_free -.Fa "EVP_MD_CTX *ctx" -.Fc -.Ft void -.Fo EVP_MD_CTX_init -.Fa "EVP_MD_CTX *ctx" -.Fc -.Ft EVP_MD_CTX * -.Fn EVP_MD_CTX_create void -.Ft int -.Fo EVP_MD_CTX_cleanup -.Fa "EVP_MD_CTX *ctx" -.Fc -.Ft void -.Fo EVP_MD_CTX_destroy -.Fa "EVP_MD_CTX *ctx" -.Fc -.Ft int -.Fo EVP_MD_CTX_ctrl -.Fa "EVP_MD_CTX *ctx" -.Fa "int cmd" -.Fa "int p1" -.Fa "void* p2" -.Fc -.Ft int -.Fo EVP_DigestInit_ex -.Fa "EVP_MD_CTX *ctx" -.Fa "const EVP_MD *type" -.Fa "ENGINE *impl" -.Fc -.Ft int -.Fo EVP_DigestUpdate -.Fa "EVP_MD_CTX *ctx" -.Fa "const void *d" -.Fa "size_t cnt" -.Fc -.Ft int -.Fo EVP_DigestFinal_ex -.Fa "EVP_MD_CTX *ctx" -.Fa "unsigned char *md" -.Fa "unsigned int *s" -.Fc -.Ft int -.Fo EVP_Digest -.Fa "const void *d" -.Fa "size_t cnt" -.Fa "unsigned char *md" -.Fa "unsigned int *s" -.Fa "const EVP_MD *type" -.Fa "ENGINE *impl" -.Fc -.Ft int -.Fo EVP_MD_CTX_copy_ex -.Fa "EVP_MD_CTX *out" -.Fa "const EVP_MD_CTX *in" -.Fc -.Ft int -.Fo EVP_DigestInit -.Fa "EVP_MD_CTX *ctx" -.Fa "const EVP_MD *type" -.Fc -.Ft int -.Fo EVP_DigestFinal -.Fa "EVP_MD_CTX *ctx" -.Fa "unsigned char *md" -.Fa "unsigned int *s" -.Fc -.Ft int -.Fo EVP_MD_CTX_copy -.Fa "EVP_MD_CTX *out" -.Fa "EVP_MD_CTX *in" -.Fc -.Fd #define EVP_MAX_MD_SIZE 64 /* SHA512 */ -.Ft int -.Fo EVP_MD_type -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_MD_pkey_type -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_MD_size -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_MD_block_size -.Fa "const EVP_MD *md" -.Fc -.Ft const EVP_MD * -.Fo EVP_MD_CTX_md -.Fa "const EVP_MD_CTX *ctx" -.Fc -.Ft int -.Fo EVP_MD_CTX_size -.Fa "const EVP_MD *ctx" -.Fc -.Ft int -.Fo EVP_MD_CTX_block_size -.Fa "const EVP_MD *ctx" -.Fc -.Ft int -.Fo EVP_MD_CTX_type -.Fa "const EVP_MD *ctx" -.Fc -.Ft const EVP_MD * -.Fn EVP_md_null void -.Ft const EVP_MD * -.Fn EVP_md5 void -.Ft const EVP_MD * -.Fn EVP_md5_sha1 void -.Ft const EVP_MD * -.Fn EVP_sha1 void -.Ft const EVP_MD * -.Fn EVP_sha224 void -.Ft const EVP_MD * -.Fn EVP_sha256 void -.Ft const EVP_MD * -.Fn EVP_sha384 void -.Ft const EVP_MD * -.Fn EVP_sha512 void -.Ft const EVP_MD * -.Fn EVP_dss void -.Ft const EVP_MD * -.Fn EVP_dss1 void -.Ft const EVP_MD * -.Fn EVP_ripemd160 void -.Ft const EVP_MD * -.Fo EVP_get_digestbyname -.Fa "const char *name" -.Fc -.Ft const EVP_MD * -.Fo EVP_get_digestbynid -.Fa "int type" -.Fc -.Ft const EVP_MD * -.Fo EVP_get_digestbyobj -.Fa "const ASN1_OBJECT *o" -.Fc -.Sh DESCRIPTION -The EVP digest routines are a high level interface to message digests -and should be used instead of the cipher-specific functions. -.Pp -.Fn EVP_MD_CTX_new -allocates a new, empty digest context. -.Pp -.Fn EVP_MD_CTX_reset -cleans up -.Fa ctx -and resets it to the state it had after -.Fn EVP_MD_CTX_new , -such that it can be reused. -It is also suitable for digest contexts on the stack that were -used and are no longer needed. -.Pp -.Fn EVP_MD_CTX_free -cleans up -.Fa ctx -and frees the space allocated to it. -.Pp -.Fn EVP_MD_CTX_init -is a deprecated function to clear a digest context on the stack -before use. -Do not use it on a digest context returned from -.Fn EVP_MD_CTX_new -or one that was already used. -.Pp -.Fn EVP_MD_CTX_create , -.Fn EVP_MD_CTX_cleanup , -and -.Fn EVP_MD_CTX_destroy -are deprecated aliases for -.Fn EVP_MD_CTX_new , -.Fn EVP_MD_CTX_reset , -and -.Fn EVP_MD_CTX_free , -respectively. -.Pp -.Fn EVP_MD_CTX_ctrl -performs digest-specific control actions on the context -.Fa ctx . -.Pp -.Fn EVP_DigestInit_ex -sets up the digest context -.Fa ctx -to use a digest -.Fa type -from -.Vt ENGINE -.Fa impl . -The -.Fa type -will typically be supplied by a function such as -.Fn EVP_sha1 . -If -.Fa impl -is -.Dv NULL , -then the default implementation of digest -.Fa type -is used. -If -.Fa ctx -points to an unused object on the stack, it must be initialized with -.Fn EVP_MD_CTX_init -before calling this function. -.Pp -.Fn EVP_DigestUpdate -hashes -.Fa cnt -bytes of data at -.Fa d -into the digest context -.Fa ctx . -This function can be called several times on the same -.Fa ctx -to hash additional data. -.Pp -.Fn EVP_DigestFinal_ex -retrieves the digest value from -.Fa ctx -and places it in -.Fa md . -If the -.Fa s -parameter is not -.Dv NULL , -then the number of bytes of data written (i.e. the length of the -digest) will be written to the integer at -.Fa s ; -at most -.Dv EVP_MAX_MD_SIZE -bytes will be written. -After calling -.Fn EVP_DigestFinal_ex , -no additional calls to -.Fn EVP_DigestUpdate -can be made, but -.Fn EVP_DigestInit_ex -can be called to initialize a new digest operation. -.Pp -.Fn EVP_Digest -is a simple wrapper function to hash -.Fa cnt -bytes of data at -.Fa d -using the digest -.Fa type -from -.Vt ENGINE -.Fa impl -in a one-shot operation and place the digest value into -.Fa md , -and, unless -.Fa s -is -.Dv NULL , -the length of the digest in bytes into -.Pf * Fa s . -This wrapper uses a temporary digest context and passes its arguments to -.Fn EVP_DigestInit_ex , -.Fn EVP_DigestUpdate , -and -.Fn EVP_DigestFinal_ex -internally. -.Pp -.Fn EVP_MD_CTX_copy_ex -can be used to copy the message digest state from -.Fa in -to -.Fa out . -This is useful if large amounts of data are to be hashed which only -differ in the last few bytes. -If -.Fa out -points to an unused object on the stack, it must be initialized with -.Fn EVP_MD_CTX_init -before calling this function. -.Pp -.Fn EVP_DigestInit -is a deprecated function behaving like -.Fn EVP_DigestInit_ex -except that it always uses the default digest implementation -and that it requires -.Fn EVP_MD_CTX_reset -before it can be used on a context that was already used. -.Pp -.Fn EVP_DigestFinal -is a deprecated function behaving like -.Fn EVP_DigestFinal_ex -except that the digest context -.Fa ctx -is automatically cleaned up after use by calling -.Fn EVP_MD_CTX_reset -internally. -.Pp -.Fn EVP_MD_CTX_copy -is a deprecated function behaving like -.Fn EVP_MD_CTX_copy_ex -except that it requires -.Fn EVP_MD_CTX_reset -before a context that was already used can be passed as -.Fa out . -.Pp -.Fn EVP_MD_size -and -.Fn EVP_MD_CTX_size -return the size of the message digest when passed an -.Vt EVP_MD -or an -.Vt EVP_MD_CTX -structure, i.e. the size of the hash. -.Pp -.Fn EVP_MD_block_size -and -.Fn EVP_MD_CTX_block_size -return the block size of the message digest when passed an -.Vt EVP_MD -or an -.Vt EVP_MD_CTX -structure. -.Pp -.Fn EVP_MD_type -and -.Fn EVP_MD_CTX_type -return the NID of the OBJECT IDENTIFIER representing the given message -digest when passed an -.Vt EVP_MD -structure. -For example -.Fn EVP_MD_type EVP_sha1() -returns -.Dv NID_sha1 . -This function is normally used when setting ASN.1 OIDs. -.Pp -.Fn EVP_MD_pkey_type -returns the NID of the public key signing algorithm associated with this -digest. -For example -.Fn EVP_sha1 -is associated with RSA so this will return -.Dv NID_sha1WithRSAEncryption . -Since digests and signature algorithms are no longer linked this -function is only retained for compatibility reasons. -.Pp -.Fn EVP_md5 , -.Fn EVP_sha1 , -.Fn EVP_sha224 , -.Fn EVP_sha256 , -.Fn EVP_sha384 , -.Fn EVP_sha512 , -and -.Fn EVP_ripemd160 -return -.Vt EVP_MD -structures for the MD5, SHA1, SHA224, SHA256, SHA384, SHA512 and -RIPEMD160 digest algorithms respectively. -.Pp -.Fn EVP_md5_sha1 -returns an -.Vt EVP_MD -structure that provides concatenated MD5 and SHA1 message digests. -.Pp -.Fn EVP_dss -and -.Fn EVP_dss1 -return -.Vt EVP_MD -structures for SHA1 digest algorithms but using DSS (DSA) for the -signature algorithm. -Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and -later; they are however retained for compatibility. -.Pp -.Fn EVP_md_null -is a "null" message digest that does nothing: -i.e. the hash it returns is of zero length. -.Pp -.Fn EVP_get_digestbyname , -.Fn EVP_get_digestbynid , -and -.Fn EVP_get_digestbyobj -return an -.Vt EVP_MD -structure when passed a digest name, a digest NID, or an ASN1_OBJECT -structure respectively. -The digest table must be initialized using, for example, -.Xr OpenSSL_add_all_digests 3 -for these functions to work. -.Pp -.Fn EVP_MD_CTX_size , -.Fn EVP_MD_CTX_block_size , -.Fn EVP_MD_CTX_type , -.Fn EVP_get_digestbynid , -and -.Fn EVP_get_digestbyobj -are implemented as macros. -.Pp -The EVP interface to message digests should almost always be used -in preference to the low level interfaces. -This is because the code then becomes transparent to the digest used and -much more flexible. -.Pp -New applications should use the SHA2 digest algorithms such as SHA256. -The other digest algorithms are still in common use. -.Pp -For most applications the -.Fa impl -parameter to -.Fn EVP_DigestInit_ex -will be set to NULL to use the default digest implementation. -.Pp -The functions -.Fn EVP_DigestInit , -.Fn EVP_DigestFinal , -and -.Fn EVP_MD_CTX_copy -are obsolete but are retained to maintain compatibility with existing -code. -New applications should use -.Fn EVP_DigestInit_ex , -.Fn EVP_DigestFinal_ex , -and -.Fn EVP_MD_CTX_copy_ex -because they can efficiently reuse a digest context instead of -initializing and cleaning it up on each call and allow non-default -implementations of digests to be specified. -.Pp -If digest contexts are not cleaned up after use, memory leaks will occur. -.Sh RETURN VALUES -.Fn EVP_MD_CTX_new -and -.Fn EVP_MD_CTX_create -return the new -.Vt EVP_MD_CTX -object or -.Dv NULL -for failure. -.Pp -.Fn EVP_MD_CTX_reset -and -.Fn EVP_MD_CTX_cleanup -always return 1. -.Pp -.Fn EVP_MD_CTX_ctrl , -.Fn EVP_DigestInit_ex , -.Fn EVP_DigestUpdate , -.Fn EVP_DigestFinal_ex , -.Fn EVP_Digest , -.Fn EVP_MD_CTX_copy_ex , -.Fn EVP_DigestInit , -.Fn EVP_DigestFinal , -and -.Fn EVP_MD_CTX_copy -return 1 for success or 0 for failure. -.Pp -.Fn EVP_MD_type , -.Fn EVP_MD_pkey_type , -and -.Fn EVP_MD_CTX_type -return the NID of the corresponding OBJECT IDENTIFIER or -.Dv NID_undef -if none exists. -.Pp -.Fn EVP_MD_size , -.Fn EVP_MD_block_size , -.Fn EVP_MD_CTX_size , -and -.Fn EVP_MD_CTX_block_size -return the digest or block size in bytes. -.Pp -.Fn EVP_MD_CTX_md -returns the -.Vt EVP_MD -object used by -.Fa ctx , -or -.Dv NULL -if -.Fa ctx -is -.Dv NULL . -.Pp -.Fn EVP_md_null , -.Fn EVP_md5 , -.Fn EVP_md5_sha1 , -.Fn EVP_sha1 , -.Fn EVP_dss , -.Fn EVP_dss1 , -and -.Fn EVP_ripemd160 -return pointers to the corresponding -.Vt EVP_MD -structures. -.Pp -.Fn EVP_get_digestbyname , -.Fn EVP_get_digestbynid , -and -.Fn EVP_get_digestbyobj -return either an -.Vt EVP_MD -structure or -.Dv NULL -if an error occurs. -.Sh EXAMPLES -This example digests the data "Test Message\en" and "Hello World\en", -using the digest name passed on the command line. -.Bd -literal -offset indent -#include -#include - -int -main(int argc, char *argv[]) -{ - EVP_MD_CTX *mdctx; - const EVP_MD *md; - const char mess1[] = "Test Message\en"; - const char mess2[] = "Hello World\en"; - unsigned char md_value[EVP_MAX_MD_SIZE]; - int md_len, i; - - OpenSSL_add_all_digests(); - - if (argc <= 1) { - printf("Usage: mdtest digestname\en"); - exit(1); - } - - md = EVP_get_digestbyname(argv[1]); - if (md == NULL) { - printf("Unknown message digest %s\en", argv[1]); - exit(1); - } - - mdctx = EVP_MD_CTX_new(); - EVP_DigestInit_ex(mdctx, md, NULL); - EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); - EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); - EVP_DigestFinal_ex(mdctx, md_value, &md_len); - EVP_MD_CTX_free(mdctx); - - printf("Digest is: "); - for(i = 0; i < md_len; i++) - printf("%02x", md_value[i]); - printf("\en"); - - return 0; -} -.Ed -.Sh SEE ALSO -.Xr BIO_f_md 3 , -.Xr CMAC_Init 3 , -.Xr evp 3 , -.Xr EVP_BytesToKey 3 , -.Xr EVP_DigestSignInit 3 , -.Xr EVP_DigestVerifyInit 3 , -.Xr EVP_PKEY_CTX_set_signature_md 3 , -.Xr EVP_PKEY_meth_set_signctx 3 , -.Xr EVP_SignInit 3 , -.Xr EVP_sm3 3 , -.Xr EVP_VerifyInit 3 , -.Xr EVP_whirlpool 3 , -.Xr HMAC 3 , -.Xr OCSP_basic_sign 3 , -.Xr OCSP_request_sign 3 , -.Xr PKCS5_PBKDF2_HMAC 3 , -.Xr PKCS7_sign_add_signer 3 , -.Xr X509_ALGOR_set_md 3 , -.Xr X509_digest 3 , -.Xr X509_sign 3 -.Sh HISTORY -.Fn EVP_DigestInit , -.Fn EVP_DigestUpdate , -.Fn EVP_DigestFinal , -.Dv EVP_MAX_MD_SIZE , -.Fn EVP_md5 , -and -.Fn EVP_sha1 -first appeared in SSLeay 0.5.1. -.Fn EVP_dss -and -.Fn EVP_dss1 -first appeared in SSLeay 0.6.0. -.Fn EVP_MD_size -first appeared in SSLeay 0.6.6. -.Fn EVP_MD_CTX_size , -.Fn EVP_MD_CTX_type , -.Fn EVP_md_null , -and -.Fn EVP_get_digestbyname -first appeared in SSLeay 0.8.0. -.Fn EVP_MD_type , -.Fn EVP_MD_pkey_type , -.Fn EVP_get_digestbynid , -and -.Fn EVP_get_digestbyobj -first appeared in SSLeay 0.8.1. -.Fn EVP_MD_block_size , -.Fn EVP_MD_CTX_size , -.Fn EVP_MD_CTX_block_size , -.Fn EVP_rc4_40 , -.Fn EVP_rc2_40_cbc , -and -.Fn EVP_ripemd160 -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn EVP_MD_CTX_copy -first appeared in OpenSSL 0.9.2b and has been available since -.Ox 2.6 . -.Pp -.Fn EVP_MD_CTX_md -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn EVP_MD_CTX_init , -.Fn EVP_MD_CTX_create , -.Fn EVP_MD_CTX_cleanup , -.Fn EVP_MD_CTX_destroy , -.Fn EVP_DigestInit_ex , -.Fn EVP_DigestFinal_ex , -.Fn EVP_Digest , -and -.Fn EVP_MD_CTX_copy_ex -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn EVP_sha224 , -.Fn EVP_sha256 , -.Fn EVP_sha384 , -and -.Fn EVP_sha512 -first appeared in OpenSSL 0.9.7h and 0.9.8a -and have been available since -.Ox 4.0 . -.Pp -.Fn EVP_MD_CTX_ctrl -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 5.7 . -.Pp -.Fn EVP_MD_CTX_new , -.Fn EVP_MD_CTX_reset , -.Fn EVP_MD_CTX_free , -and -.Fn EVP_md5_sha1 -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . -.Pp -The link between digests and signing algorithms was fixed in OpenSSL 1.0 -and later, so now -.Fn EVP_sha1 -can be used with RSA and DSA; there is no need to use -.Fn EVP_dss1 -any more. diff --git a/src/lib/libcrypto/man/EVP_DigestSignInit.3 b/src/lib/libcrypto/man/EVP_DigestSignInit.3 deleted file mode 100644 index 57db4b31d3..0000000000 --- a/src/lib/libcrypto/man/EVP_DigestSignInit.3 +++ /dev/null @@ -1,247 +0,0 @@ -.\" $OpenBSD: EVP_DigestSignInit.3,v 1.11 2021/05/20 14:41:47 tb Exp $ -.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 20 2021 $ -.Dt EVP_DIGESTSIGNINIT 3 -.Os -.Sh NAME -.Nm EVP_DigestSignInit , -.Nm EVP_DigestSignUpdate , -.Nm EVP_DigestSignFinal , -.Nm EVP_DigestSign -.Nd EVP signing functions -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_DigestSignInit -.Fa "EVP_MD_CTX *ctx" -.Fa "EVP_PKEY_CTX **pctx" -.Fa "const EVP_MD *type" -.Fa "ENGINE *e" -.Fa "EVP_PKEY *pkey" -.Fc -.Ft int -.Fo EVP_DigestSignUpdate -.Fa "EVP_MD_CTX *ctx" -.Fa "const void *d" -.Fa "size_t cnt" -.Fc -.Ft int -.Fo EVP_DigestSignFinal -.Fa "EVP_MD_CTX *ctx" -.Fa "unsigned char *sig" -.Fa "size_t *siglen" -.Fc -.Ft int -.Fo EVP_DigestSign -.Fa "EVP_MD_CTX *ctx" -.Fa "unsigned char *sigret" -.Fa "size_t *siglen" -.Fa "const unsigned char *tbs" -.Fa "size_t tbslen" -.Fc -.Sh DESCRIPTION -The EVP signature routines are a high-level interface to digital -signatures. -.Pp -.Fn EVP_DigestSignInit -sets up the signing context -.Fa ctx -to use the digest -.Fa type -from -.Vt ENGINE -.Fa e -and private key -.Fa pkey . -.Fa ctx -must be initialized with -.Xr EVP_MD_CTX_init 3 -before calling this function. -If -.Fa pctx -is not -.Dv NULL , -the -.Vt EVP_PKEY_CTX -of the signing operation will be written to -.Pf * Fa pctx : -this can be used to set alternative signing options. -Any existing value in -.Pf * Fa pctx -will be overwritten. -The -.Vt EVP_PKEY_CTX -value returned must not be freed directly by the application. -It will be freed automatically when the -.Vt EVP_MD_CTX -is freed. -.Pp -.Fn EVP_DigestSignUpdate -hashes -.Fa cnt -bytes of data at -.Fa d -into the signature context -.Fa ctx . -This function can be called several times on the same -.Fa ctx -to include additional data. -This function is currently implemented using a macro. -.Pp -.Fn EVP_DigestSignFinal -signs the data in -.Fa ctx -and places the signature in -.Fa sig . -If -.Fa sig -is -.Dv NULL , -then the maximum size of the output buffer is written to -.Pf * Fa siglen . -If -.Fa sig -is not -.Dv NULL , -then before the call -.Fa siglen -should contain the length of the -.Fa sig -buffer. -If the call is successful, the signature is written to -.Fa sig -and the amount of data written to -.Fa siglen . -.Pp -.Fn EVP_DigestSign -signs -.Fa tbslen -bytes of data at -.Fa tbs -and places the signature in -.Fa sigret -and its length in -.Fa siglen -in a similar way to -.Fn EVP_DigestSignFinal . -.Fn EVP_DigestSign -is a one shot operation which signs a single block of data -with one function call. -For algorithms that support streaming it is equivalent to calling -.Fn EVP_DigestSignUpdate -and -.Fn EVP_DigestSignFinal . -.\" For algorithms which do not support streaming -.\" (e.g. PureEdDSA) -.\" it is the only way to sign data. -.Pp -The EVP interface to digital signatures should almost always be -used in preference to the low-level interfaces. -This is because the code then becomes transparent to the algorithm used -and much more flexible. -.Pp -In previous versions of OpenSSL, there was a link between message digest -types and public key algorithms. -This meant that "clone" digests such as -.Xr EVP_dss1 3 -needed to be used to sign using SHA1 and DSA. -This is no longer necessary and the use of clone digest is now -discouraged. -.Pp -The call to -.Fn EVP_DigestSignFinal -internally finalizes a copy of the digest context. -This means that -.Fn EVP_DigestSignUpdate -and -.Fn EVP_DigestSignFinal -can be called later to digest and sign additional data. -.Pp -Since only a copy of the digest context is ever finalized, the context -must be cleaned up after use by calling -.Xr EVP_MD_CTX_free 3 , -or a memory leak will occur. -.Pp -The use of -.Xr EVP_PKEY_size 3 -with these functions is discouraged because some signature operations -may have a signature length which depends on the parameters set. -As a result, -.Xr EVP_PKEY_size 3 -would have to return a value which indicates the maximum possible -signature for any set of parameters. -.Sh RETURN VALUES -.Fn EVP_DigestSignInit , -.Fn EVP_DigestSignUpdate , -.Fn EVP_DigestSignFinal , -and -.Fn EVP_DigestSign -return 1 for success and 0 for failure. -.Pp -The error codes can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_DigestVerifyInit 3 , -.Xr EVP_PKEY_meth_set_signctx 3 -.Sh HISTORY -.Fn EVP_DigestSignInit , -.Fn EVP_DigestSignUpdate , -and -.Fn EVP_DigestSignFinal -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Pp -.Fn EVP_DigestSign -first appeared in OpenSSL 1.1.1 and has been available since -.Ox 7.0 . diff --git a/src/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/src/lib/libcrypto/man/EVP_DigestVerifyInit.3 deleted file mode 100644 index 0b3fa13921..0000000000 --- a/src/lib/libcrypto/man/EVP_DigestVerifyInit.3 +++ /dev/null @@ -1,227 +0,0 @@ -.\" $OpenBSD: EVP_DigestVerifyInit.3,v 1.13 2021/05/20 14:41:47 tb Exp $ -.\" OpenSSL fb552ac6 Sep 30 23:43:01 2009 +0000 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2014, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 20 2021 $ -.Dt EVP_DIGESTVERIFYINIT 3 -.Os -.Sh NAME -.Nm EVP_DigestVerifyInit , -.Nm EVP_DigestVerifyUpdate , -.Nm EVP_DigestVerifyFinal , -.Nm EVP_DigestVerify -.Nd EVP signature verification functions -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_DigestVerifyInit -.Fa "EVP_MD_CTX *ctx" -.Fa "EVP_PKEY_CTX **pctx" -.Fa "const EVP_MD *type" -.Fa "ENGINE *e" -.Fa "EVP_PKEY *pkey" -.Fc -.Ft int -.Fo EVP_DigestVerifyUpdate -.Fa "EVP_MD_CTX *ctx" -.Fa "const void *d" -.Fa "size_t cnt" -.Fc -.Ft int -.Fo EVP_DigestVerifyFinal -.Fa "EVP_MD_CTX *ctx" -.Fa "const unsigned char *sig" -.Fa "size_t siglen" -.Fc -.Ft int -.Fo EVP_DigestVerify -.Fa "EVP_MD_CTX *ctx" -.Fa "const unsigned char *sig" -.Fa "size_t siglen" -.Fa "const unsigned char *tbs" -.Fa "size_t *tbslen" -.Fc -.Sh DESCRIPTION -The EVP signature routines are a high-level interface to digital -signatures. -.Pp -.Fn EVP_DigestVerifyInit -sets up verification context -.Fa ctx -to use digest -.Fa type -from -.Vt ENGINE -.Fa e -and public key -.Fa pkey . -.Fa ctx -must be initialized with -.Xr EVP_MD_CTX_init 3 -before calling this function. -If -.Fa pctx -is not -.Dv NULL , -the -.Vt EVP_PKEY_CTX -of the verification operation will be written to -.Pf * Fa pctx : -this can be used to set alternative verification options. -Any existing value in -.Pf * .Fa pctx -is overwritten. -The -.Vt EVP_PKEY_CTX -value returned must not be freed directly by the application. -It will be freed automatically when the -.Vt EVP_MD_CTX -is freed. -.Pp -.Fn EVP_DigestVerifyUpdate -hashes -.Fa cnt -bytes of data at -.Fa d -into the verification context -.Fa ctx . -This function can be called several times on the same -.Fa ctx -to include additional data. -This function is currently implemented using a macro. -.Pp -.Fn EVP_DigestVerifyFinal -verifies the data in -.Fa ctx -against the signature in -.Fa sig -of length -.Fa siglen . -.Pp -.Fn EVP_DigestVerify -verifies -.Fa tbslen -bytes at -.Fa tbs -against the signature in -.Fa sig -of length -.Fa siglen . -.Fn EVP_DigestVerify -is a one shot operation which verifies a single block of data -in one function call. -For algorithms that support streaming it is equivalent to calling -.Fn EVP_DigestVerifyUpdate -and -.Fn EVP_DigestVerifyFinal . -.\" For algorithms which do not support streaming -.\" (e.g. PureEdDSA) -.\" it is the only way to verify data. -.Pp -The EVP interface to digital signatures should almost always be -used in preference to the low level interfaces. -This is because the code then becomes transparent to the algorithm used -and much more flexible. -.Pp -In previous versions of OpenSSL, there was a link between message digest -types and public key algorithms. -This meant that "clone" digests such as -.Xr EVP_dss1 3 -needed to be used to sign using SHA1 and DSA. -This is no longer necessary and the use of clone digest is now -discouraged. -.Pp -The call to -.Fn EVP_DigestVerifyFinal -internally finalizes a copy of the digest context. -This means that -.Xr EVP_VerifyUpdate 3 -and -.Xr EVP_VerifyFinal 3 -can be called later to digest and verify additional data. -.Pp -Since only a copy of the digest context is ever finalized, the context -must be cleaned up after use by calling -.Xr EVP_MD_CTX_free 3 -or a memory leak will occur. -.Sh RETURN VALUES -.Fn EVP_DigestVerifyInit -and -.Fn EVP_DigestVerifyUpdate -return 1 for success and 0 for failure. -.Pp -.Fn EVP_DigestVerifyFinal -and -.Fn EVP_DigestVerify -return 1 for success; any other value indicates failure. -A return value of 0 indicates that the signature did not verify -successfully (that is, the signature did not match the original -data or the signature had an invalid form), while other values -indicate a more serious error (and sometimes also indicate an invalid -signature form). -.Pp -The error codes can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_DigestSignInit 3 , -.Xr EVP_PKEY_meth_set_verifyctx 3 -.Sh HISTORY -.Fn EVP_DigestVerifyInit , -.Fn EVP_DigestVerifyUpdate , -and -.Fn EVP_DigestVerifyFinal -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Pp -.Fn EVP_DigestVerify -first appeared in OpenSSL 1.1.1 and has been available since -.Ox 7.0 . diff --git a/src/lib/libcrypto/man/EVP_EncodeInit.3 b/src/lib/libcrypto/man/EVP_EncodeInit.3 deleted file mode 100644 index da79af84cf..0000000000 --- a/src/lib/libcrypto/man/EVP_EncodeInit.3 +++ /dev/null @@ -1,334 +0,0 @@ -.\" $OpenBSD: EVP_EncodeInit.3,v 1.7 2019/06/06 01:06:58 schwarze Exp $ -.\" full merge up to: OpenSSL f430ba31 Jun 19 19:39:01 2016 +0200 -.\" selective merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file was written by Matt Caswell . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt EVP_ENCODEINIT 3 -.Os -.Sh NAME -.Nm EVP_ENCODE_CTX_new , -.Nm EVP_ENCODE_CTX_free , -.Nm EVP_EncodeInit , -.Nm EVP_EncodeUpdate , -.Nm EVP_EncodeFinal , -.Nm EVP_EncodeBlock , -.Nm EVP_DecodeInit , -.Nm EVP_DecodeUpdate , -.Nm EVP_DecodeFinal , -.Nm EVP_DecodeBlock -.Nd EVP base64 encode/decode routines -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_ENCODE_CTX * -.Fn EVP_ENCODE_CTX_new void -.Ft void -.Fo EVP_ENCODE_CTX_free -.Fa "EVP_ENCODE_CTX *ctx" -.Fc -.Ft void -.Fo EVP_EncodeInit -.Fa "EVP_ENCODE_CTX *ctx" -.Fc -.Ft int -.Fo EVP_EncodeUpdate -.Fa "EVP_ENCODE_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fa "const unsigned char *in" -.Fa "int inl" -.Fc -.Ft void -.Fo EVP_EncodeFinal -.Fa "EVP_ENCODE_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fc -.Ft int -.Fo EVP_EncodeBlock -.Fa "unsigned char *t" -.Fa "const unsigned char *f" -.Fa "int n" -.Fc -.Ft void -.Fo EVP_DecodeInit -.Fa "EVP_ENCODE_CTX *ctx" -.Fc -.Ft int -.Fo EVP_DecodeUpdate -.Fa "EVP_ENCODE_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fa "const unsigned char *in" -.Fa "int inl" -.Fc -.Ft int -.Fo EVP_DecodeFinal -.Fa "EVP_ENCODE_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fc -.Ft int -.Fo EVP_DecodeBlock -.Fa "unsigned char *t" -.Fa "const unsigned char *f" -.Fa "int n" -.Fc -.Sh DESCRIPTION -The EVP encode routines provide a high level interface to base64 -encoding and decoding. -Base64 encoding converts binary data into a printable form that uses -the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. -For every 3 bytes of binary data provided, 4 bytes of base64-encoded -data will be produced, plus some occasional newlines. -If the input data length is not a multiple of 3, then the output data -will be padded at the end using the "=" character. -.Pp -.Fn EVP_ENCODE_CTX_new -allocates, initializes and returns a context to be used for the encode -and decode functions. -.Pp -.Fn EVP_ENCODE_CTX_free -frees -.Fa ctx . -.Pp -Encoding of binary data is performed in blocks of 48 input bytes (or -less for the final block). -For each 48-byte input block encoded, 64 bytes of base64 data is output, -plus an additional newline character, i.e. 65 bytes in total. -The final block, which may be less than 48 bytes, will output 4 bytes -for every 3 bytes of input. -If the data length is not divisible by 3, then a full 4 bytes is still -output for the final 1 or 2 bytes of input. -Similarly a newline character will also be output. -.Pp -.Fn EVP_EncodeInit -initialises -.Fa ctx -for the start of a new encoding operation. -.Pp -.Fn EVP_EncodeUpdate -encodes -.Fa inl -bytes of data found in the buffer pointed to by -.Fa in . -The output is stored in the buffer -.Fa out -and the number of bytes output is stored in -.Pf * Fa outl . -It is the caller's responsibility to ensure that the buffer at -.Fa out -is sufficiently large to accommodate the output data. -Only full blocks of data (48 bytes) will be immediately processed and -output by this function. -Any remainder is held in the -.Fa ctx -object and will be processed by a subsequent call to -.Fn EVP_EncodeUpdate -or -.Fn EVP_EncodeFinal . -To calculate the required size of the output buffer, add together the -value of -.Fa inl -with the amount of unprocessed data held in -.Fa ctx -and divide the result by 48 (ignore any remainder). -This gives the number of blocks of data that will be processed. -Ensure the output buffer contains 65 bytes of storage for each block, -plus an additional byte for a NUL terminator. -.Fn EVP_EncodeUpdate -may be called repeatedly to process large amounts of input data. -In the event of an error , -.Fn EVP_EncodeUpdate -will set -.Pf * Fa outl -to 0 and return 0. -On success 1 will be returned. -.Pp -.Fn EVP_EncodeFinal -must be called at the end of an encoding operation. -It will process any partial block of data remaining in the -.Fa ctx -object. -The output data will be stored in -.Fa out -and the length of the data written will be stored in -.Pf * Fa outl . -It is the caller's responsibility to ensure that -.Fa out -is sufficiently large to accommodate the output data, which will -never be more than 65 bytes plus an additional NUL terminator, i.e. -66 bytes in total. -.Pp -.Fn EVP_EncodeBlock -encodes a full block of input data in -.Fa f -and of length -.Fa n -and stores it in -.Fa t . -For every 3 bytes of input provided, 4 bytes of output data will be -produced. -If -.Sy n -is not divisible by 3, then the block is encoded as a final block -of data and the output is padded such that it is always divisible -by 4. -Additionally a NUL terminator character will be added. -For example, if 16 bytes of input data are provided, then 24 bytes -of encoded data is created plus 1 byte for a NUL terminator, -i.e. 25 bytes in total. -The length of the data generated -.Em without -the NUL terminator is returned from the function. -.Pp -.Fn EVP_DecodeInit -initialises -.Fa ctx -for the start of a new decoding operation. -.Pp -.Fn EVP_DecodeUpdate -decodes -.Fa inl -characters of data found in the buffer pointed to by -.Fa in . -The output is stored in the buffer -.Fa out -and the number of bytes output is stored in -.Pf * Fa outl . -It is the caller's responsibility to ensure that the buffer at -.Fa out -is sufficiently large to accommodate the output data. -This function will attempt to decode as much data as possible in 4-byte -chunks. -Any whitespace, newline or carriage return characters are ignored. -Any partial chunk of unprocessed data (1, 2 or 3 bytes) that remains at -the end will be held in the -.Fa ctx -object and processed by a subsequent call to -.Fn EVP_DecodeUpdate . -If any illegal base64 characters are encountered or if the base64 -padding character "=" is encountered in the middle of the data, -then the function returns -1 to indicate an error. -A return value of 0 or 1 indicates successful processing of the data. -A return value of 0 additionally indicates that the last input data -characters processed included the base64 padding character "=" and -therefore no more non-padding character data is expected to be -processed. -For every 4 valid base64 bytes processed \(em ignoring whitespace, -carriage returns and line feeds \(em 3 bytes of binary output data -will be produced, or less at the end of the data where the padding -character "=" has been used. -.Pp -.Fn EVP_DecodeFinal -must be called at the end of a decoding operation. -If there is any unprocessed data still in -.Fa ctx , -then the input data must not have been a multiple of 4 and therefore an -error has occurred. -The function will return -1 in this case. -Otherwise the function returns 1 on success. -.Pp -.Fn EVP_DecodeBlock -will decode the block of -.Fa n -characters of base64 data contained in -.Fa f -and store the result in -.Fa t . -Any leading whitespace will be trimmed as will any trailing whitespace, -newlines, carriage returns or EOF characters. -After such trimming the length of the data in -.Fa f -must be divisible by 4. -For every 4 input bytes, exactly 3 output bytes will be produced. -The output will be padded with 0 bits if necessary to ensure that the -output is always 3 bytes for every 4 input bytes. -This function will return the length of the data decoded or -1 on error. -.Sh RETURN VALUES -.Fn EVP_ENCODE_CTX_new -returns a pointer to the newly allocated -.Vt EVP_ENCODE_CTX -object or -.Dv NULL -on error. -.Pp -.Fn EVP_EncodeUpdate -returns 0 on error or 1 on success. -.Pp -.Fn EVP_EncodeBlock -returns the number of bytes encoded excluding the NUL terminator. -.Pp -.Fn EVP_DecodeUpdate -returns -1 on error and 0 or 1 on success. -If 0 is returned, then no more non-padding base64 characters are -expected. -.Pp -.Fn EVP_DecodeFinal -returns -1 on error or 1 on success. -.Pp -.Fn EVP_DecodeBlock -returns the length of the data decoded or -1 on error. -.Sh SEE ALSO -.Xr BIO_f_base64 3 , -.Xr evp 3 -.Sh HISTORY -The -.Fn EVP_Encode* -and -.Fn EVP_Decode* -functions first appeared in SSLeay 0.5.1 -and have been available since -.Ox 2.4 . -.Pp -.Fn EVP_ENCODE_CTX_new -and -.Fn EVP_ENCODE_CTX_free -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.5 . diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3 deleted file mode 100644 index bcfe236038..0000000000 --- a/src/lib/libcrypto/man/EVP_EncryptInit.3 +++ /dev/null @@ -1,1385 +0,0 @@ -.\" $OpenBSD: EVP_EncryptInit.3,v 1.41 2021/01/05 06:51:31 jmc Exp $ -.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 -.\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod -.\" 7c6d372a Nov 20 13:20:01 2018 +0000 -.\" selective merge up to: OpenSSL 16cfc2c9 Mar 8 22:30:28 2018 +0100 -.\" EVP_chacha20.pod 8fa4d95e Oct 21 11:59:09 2017 +0900 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson -.\" and Richard Levitte . -.\" Copyright (c) 2000-2002, 2005, 2012-2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: January 5 2021 $ -.Dt EVP_ENCRYPTINIT 3 -.Os -.Sh NAME -.Nm EVP_CIPHER_CTX_new , -.Nm EVP_CIPHER_CTX_reset , -.Nm EVP_CIPHER_CTX_cleanup , -.Nm EVP_CIPHER_CTX_init , -.Nm EVP_CIPHER_CTX_free , -.Nm EVP_EncryptInit_ex , -.Nm EVP_EncryptUpdate , -.Nm EVP_EncryptFinal_ex , -.Nm EVP_DecryptInit_ex , -.Nm EVP_DecryptUpdate , -.Nm EVP_DecryptFinal_ex , -.Nm EVP_CipherInit_ex , -.Nm EVP_CipherUpdate , -.Nm EVP_CipherFinal_ex , -.Nm EVP_EncryptInit , -.Nm EVP_EncryptFinal , -.Nm EVP_DecryptInit , -.Nm EVP_DecryptFinal , -.Nm EVP_CipherInit , -.Nm EVP_CipherFinal , -.Nm EVP_Cipher , -.Nm EVP_CIPHER_CTX_set_flags , -.Nm EVP_CIPHER_CTX_clear_flags , -.Nm EVP_CIPHER_CTX_test_flags , -.Nm EVP_CIPHER_CTX_set_padding , -.Nm EVP_CIPHER_CTX_set_key_length , -.Nm EVP_CIPHER_CTX_ctrl , -.Nm EVP_CIPHER_CTX_rand_key , -.Nm EVP_get_cipherbyname , -.Nm EVP_get_cipherbynid , -.Nm EVP_get_cipherbyobj , -.Nm EVP_CIPHER_nid , -.Nm EVP_CIPHER_block_size , -.Nm EVP_CIPHER_key_length , -.Nm EVP_CIPHER_iv_length , -.Nm EVP_CIPHER_flags , -.Nm EVP_CIPHER_mode , -.Nm EVP_CIPHER_type , -.Nm EVP_CIPHER_CTX_cipher , -.Nm EVP_CIPHER_CTX_nid , -.Nm EVP_CIPHER_CTX_block_size , -.Nm EVP_CIPHER_CTX_key_length , -.Nm EVP_CIPHER_CTX_iv_length , -.Nm EVP_CIPHER_CTX_get_iv , -.Nm EVP_CIPHER_CTX_set_iv , -.Nm EVP_CIPHER_CTX_get_app_data , -.Nm EVP_CIPHER_CTX_set_app_data , -.Nm EVP_CIPHER_CTX_type , -.Nm EVP_CIPHER_CTX_flags , -.Nm EVP_CIPHER_CTX_mode , -.Nm EVP_CIPHER_param_to_asn1 , -.Nm EVP_CIPHER_asn1_to_param , -.Nm EVP_enc_null , -.Nm EVP_idea_cbc , -.Nm EVP_idea_ecb , -.Nm EVP_idea_cfb64 , -.Nm EVP_idea_cfb , -.Nm EVP_idea_ofb , -.Nm EVP_rc2_cbc , -.Nm EVP_rc2_ecb , -.Nm EVP_rc2_cfb64 , -.Nm EVP_rc2_cfb , -.Nm EVP_rc2_ofb , -.Nm EVP_rc2_40_cbc , -.Nm EVP_rc2_64_cbc , -.Nm EVP_bf_cbc , -.Nm EVP_bf_ecb , -.Nm EVP_bf_cfb64 , -.Nm EVP_bf_cfb , -.Nm EVP_bf_ofb , -.Nm EVP_cast5_cbc , -.Nm EVP_cast5_ecb , -.Nm EVP_cast5_cfb64 , -.Nm EVP_cast5_cfb , -.Nm EVP_cast5_ofb , -.Nm EVP_chacha20 -.Nd EVP cipher routines -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_CIPHER_CTX * -.Fn EVP_CIPHER_CTX_new void -.Ft int -.Fo EVP_CIPHER_CTX_reset -.Fa "EVP_CIPHER_CTX *ctx" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_cleanup -.Fa "EVP_CIPHER_CTX *ctx" -.Fc -.Ft void -.Fo EVP_CIPHER_CTX_init -.Fa "EVP_CIPHER_CTX *ctx" -.Fc -.Ft void -.Fo EVP_CIPHER_CTX_free -.Fa "EVP_CIPHER_CTX *ctx" -.Fc -.Ft int -.Fo EVP_EncryptInit_ex -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "const EVP_CIPHER *type" -.Fa "ENGINE *impl" -.Fa "const unsigned char *key" -.Fa "const unsigned char *iv" -.Fc -.Ft int -.Fo EVP_EncryptUpdate -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fa "const unsigned char *in" -.Fa "int inl" -.Fc -.Ft int -.Fo EVP_EncryptFinal_ex -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fc -.Ft int -.Fo EVP_DecryptInit_ex -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "const EVP_CIPHER *type" -.Fa "ENGINE *impl" -.Fa "const unsigned char *key" -.Fa "const unsigned char *iv" -.Fc -.Ft int -.Fo EVP_DecryptUpdate -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fa "const unsigned char *in" -.Fa "int inl" -.Fc -.Ft int -.Fo EVP_DecryptFinal_ex -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *outm" -.Fa "int *outl" -.Fc -.Ft int -.Fo EVP_CipherInit_ex -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "const EVP_CIPHER *type" -.Fa "ENGINE *impl" -.Fa "const unsigned char *key" -.Fa "const unsigned char *iv" -.Fa "int enc" -.Fc -.Ft int -.Fo EVP_CipherUpdate -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fa "const unsigned char *in" -.Fa "int inl" -.Fc -.Ft int -.Fo EVP_CipherFinal_ex -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *outm" -.Fa "int *outl" -.Fc -.Ft int -.Fo EVP_EncryptInit -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "const EVP_CIPHER *type" -.Fa "const unsigned char *key" -.Fa "const unsigned char *iv" -.Fc -.Ft int -.Fo EVP_EncryptFinal -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fc -.Ft int -.Fo EVP_DecryptInit -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "const EVP_CIPHER *type" -.Fa "const unsigned char *key" -.Fa "const unsigned char *iv" -.Fc -.Ft int -.Fo EVP_DecryptFinal -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *outm" -.Fa "int *outl" -.Fc -.Ft int -.Fo EVP_CipherInit -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "const EVP_CIPHER *type" -.Fa "const unsigned char *key" -.Fa "const unsigned char *iv" -.Fa "int enc" -.Fc -.Ft int -.Fo EVP_CipherFinal -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *outm" -.Fa "int *outl" -.Fc -.Ft int -.Fo EVP_Cipher -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "const unsigned char *in" -.Fa "unsigned int inl" -.Fc -.Ft void -.Fo EVP_CIPHER_CTX_set_flags -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "int flags" -.Fc -.Ft void -.Fo EVP_CIPHER_CTX_clear_flags -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "int flags" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_test_flags -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "int flags" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_set_padding -.Fa "EVP_CIPHER_CTX *x" -.Fa "int padding" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_set_key_length -.Fa "EVP_CIPHER_CTX *x" -.Fa "int keylen" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_ctrl -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "int type" -.Fa "int arg" -.Fa "void *ptr" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_rand_key -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *key" -.Fc -.Ft const EVP_CIPHER * -.Fo EVP_get_cipherbyname -.Fa "const char *name" -.Fc -.Ft const EVP_CIPHER * -.Fo EVP_get_cipherbynid -.Fa "int nid" -.Fc -.Ft const EVP_CIPHER * -.Fo EVP_get_cipherbyobj -.Fa "const ASN1_OBJECT *a" -.Fc -.Ft int -.Fo EVP_CIPHER_nid -.Fa "const EVP_CIPHER *e" -.Fc -.Ft int -.Fo EVP_CIPHER_block_size -.Fa "const EVP_CIPHER *e" -.Fc -.Ft int -.Fo EVP_CIPHER_key_length -.Fa "const EVP_CIPHER *e" -.Fc -.Ft int -.Fo EVP_CIPHER_iv_length -.Fa "const EVP_CIPHER *e" -.Fc -.Ft unsigned long -.Fo EVP_CIPHER_flags -.Fa "const EVP_CIPHER *e" -.Fc -.Ft unsigned long -.Fo EVP_CIPHER_mode -.Fa "const EVP_CIPHER *e" -.Fc -.Ft int -.Fo EVP_CIPHER_type -.Fa "const EVP_CIPHER *ctx" -.Fc -.Ft const EVP_CIPHER * -.Fo EVP_CIPHER_CTX_cipher -.Fa "const EVP_CIPHER_CTX *ctx" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_nid -.Fa "const EVP_CIPHER_CTX *ctx" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_block_size -.Fa "const EVP_CIPHER_CTX *ctx" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_key_length -.Fa "const EVP_CIPHER_CTX *ctx" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_iv_length -.Fa "const EVP_CIPHER_CTX *ctx" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_get_iv -.Fa "const EVP_CIPHER_CTX *ctx" -.Fa "u_char *iv" -.Fa "size_t len" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_set_iv -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "const u_char *iv" -.Fa "size_t len" -.Fc -.Ft void * -.Fo EVP_CIPHER_CTX_get_app_data -.Fa "const EVP_CIPHER_CTX *ctx" -.Fc -.Ft void -.Fo EVP_CIPHER_CTX_set_app_data -.Fa "const EVP_CIPHER_CTX *ctx" -.Fa "void *data" -.Fc -.Ft int -.Fo EVP_CIPHER_CTX_type -.Fa "const EVP_CIPHER_CTX *ctx" -.Fc -.Ft unsigned long -.Fo EVP_CIPHER_CTX_flags -.Fa "const EVP_CIPHER_CTX *ctx" -.Fc -.Ft unsigned long -.Fo EVP_CIPHER_CTX_mode -.Fa "const EVP_CIPHER_CTX *ctx" -.Fc -.Ft int -.Fo EVP_CIPHER_param_to_asn1 -.Fa "EVP_CIPHER_CTX *c" -.Fa "ASN1_TYPE *type" -.Fc -.Ft int -.Fo EVP_CIPHER_asn1_to_param -.Fa "EVP_CIPHER_CTX *c" -.Fa "ASN1_TYPE *type" -.Fc -.Sh DESCRIPTION -The EVP cipher routines are a high level interface to certain symmetric -ciphers. -.Pp -.Fn EVP_CIPHER_CTX_new -creates a new, empty cipher context. -.Pp -.Fn EVP_CIPHER_CTX_reset -clears all information from -.Fa ctx -and frees all allocated memory associated with it, except the -.Fa ctx -object itself, such that it can be reused for another series of calls to -.Fn EVP_CipherInit , -.Fn EVP_CipherUpdate , -and -.Fn EVP_CipherFinal . -It is also suitable for cipher contexts on the stack that were used -and are no longer needed. -.Fn EVP_CIPHER_CTX_cleanup -is a deprecated alias for -.Fn EVP_CIPHER_CTX_reset . -.Pp -.Fn EVP_CIPHER_CTX_init -is a deprecated function to clear a cipher context on the stack -before use. -Do not use it on a cipher context returned from -.Fn EVP_CIPHER_CTX_new -or one that was already used. -.Pp -.Fn EVP_CIPHER_CTX_free -clears all information from -.Fa ctx -and frees all allocated memory associated with it, including -.Fa ctx -itself. -This function should be called after all operations using a cipher -are complete, so sensitive information does not remain in memory. -If -.Fa ctx -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn EVP_EncryptInit_ex -sets up the cipher context -.Fa ctx -for encryption with cipher -.Fa type -from -.Vt ENGINE -.Fa impl . -If -.Fa ctx -points to an unused object on the stack, it must be initialized with -.Fn EVP_MD_CTX_init -before calling this function. -.Fa type -is normally supplied by a function such as -.Xr EVP_aes_256_cbc 3 . -If -.Fa impl -is -.Dv NULL , -then the default implementation is used. -.Fa key -is the symmetric key to use and -.Fa iv -is the IV to use (if necessary). -The actual number of bytes used for the -key and IV depends on the cipher. -It is possible to set all parameters to -.Dv NULL -except -.Fa type -in an initial call and supply the remaining parameters in subsequent -calls, all of which have -.Fa type -set to -.Dv NULL . -This is done when the default cipher parameters are not appropriate. -.Pp -.Fn EVP_EncryptUpdate -encrypts -.Fa inl -bytes from the buffer -.Fa in -and writes the encrypted version to -.Fa out . -This function can be called multiple times to encrypt successive blocks -of data. -The amount of data written depends on the block alignment of the -encrypted data: as a result the amount of data written may be anything -from zero bytes to (inl + cipher_block_size - 1) so -.Fa out -should contain sufficient room. -The actual number of bytes written is placed in -.Fa outl . -.Pp -If padding is enabled (the default) then -.Fn EVP_EncryptFinal_ex -encrypts the "final" data, that is any data that remains in a partial -block. -It uses NOTES (aka PKCS padding). -The encrypted final data is written to -.Fa out -which should have sufficient space for one cipher block. -The number of bytes written is placed in -.Fa outl . -After this function is called the encryption operation is finished and -no further calls to -.Fn EVP_EncryptUpdate -should be made. -.Pp -If padding is disabled then -.Fn EVP_EncryptFinal_ex -will not encrypt any more data and it will return an error if any data -remains in a partial block: that is if the total data length is not a -multiple of the block size. -.Pp -.Fn EVP_DecryptInit_ex , -.Fn EVP_DecryptUpdate , -and -.Fn EVP_DecryptFinal_ex -are the corresponding decryption operations. -.Fn EVP_DecryptFinal -will return an error code if padding is enabled and the final block is -not correctly formatted. -The parameters and restrictions are identical to the encryption -operations except that if padding is enabled the decrypted data buffer -.Fa out -passed to -.Fn EVP_DecryptUpdate -should have sufficient room for (inl + cipher_block_size) bytes -unless the cipher block size is 1 in which case -.Fa inl -bytes is sufficient. -.Pp -.Fn EVP_CipherInit_ex , -.Fn EVP_CipherUpdate , -and -.Fn EVP_CipherFinal_ex -are functions that can be used for decryption or encryption. -The operation performed depends on the value of the -.Fa enc -parameter. -It should be set to 1 for encryption, 0 for decryption and -1 to leave -the value unchanged (the actual value of -.Fa enc -being supplied in a previous call). -.Pp -.Fn EVP_EncryptInit , -.Fn EVP_DecryptInit , -and -.Fn EVP_CipherInit -are deprecated functions behaving like -.Fn EVP_EncryptInit_ex , -.Fn EVP_DecryptInit_ex , -and -.Fn EVP_CipherInit_ex -except that they always use the default cipher implementation -and that they require -.Fn EVP_CIPHER_CTX_reset -before they can be used on a context that was already used. -.Pp -.Fn EVP_EncryptFinal , -.Fn EVP_DecryptFinal , -and -.Fn EVP_CipherFinal -are identical to -.Fn EVP_EncryptFinal_ex , -.Fn EVP_DecryptFinal_ex , -and -.Fn EVP_CipherFinal_ex . -In previous releases of OpenSSL, they also used to clean up the -.Fa ctx , -but this is no longer done and -.Fn EVP_CIPHER_CTX_reset -or -.Fn EVP_CIPHER_CTX_free -must be called to free any context resources. -.Pp -.Fn EVP_Cipher -encrypts or decrypts aligned blocks of data -whose lengths match the cipher block size. -It requires that the previous encryption or decryption operation -using the same -.Fa ctx , -if there was any, ended exactly on a block boundary and that -.Fa inl -is an integer multiple of the cipher block size. -If either of these conditions is violated, -.Fn EVP_Cipher -silently produces incorrect results. -For that reason, using the function -.Fn EVP_CipherUpdate -instead is strongly recommended. -The latter can safely handle partial blocks, and even if -.Fa inl -actually is a multiple of the cipher block size for all calls, -the overhead incurred by using -.Fn EVP_CipherUpdate -is minimal. -.Pp -.Fn EVP_get_cipherbyname , -.Fn EVP_get_cipherbynid , -and -.Fn EVP_get_cipherbyobj -return an -.Vt EVP_CIPHER -structure when passed a cipher name, a NID or an -.Vt ASN1_OBJECT -structure. -.Pp -.Fn EVP_CIPHER_nid -and -.Fn EVP_CIPHER_CTX_nid -return the NID of a cipher when passed an -.Vt EVP_CIPHER -or -.Vt EVP_CIPHER_CTX -structure. -The actual NID value is an internal value which may not have a -corresponding OBJECT IDENTIFIER. -.Pp -.Fn EVP_CIPHER_CTX_set_flags -enables the given -.Fa flags -in -.Fa ctx . -.Fn EVP_CIPHER_CTX_clear_flags -disables the given -.Fa flags -in -.Fa ctx . -.Fn EVP_CIPHER_CTX_test_flags -checks whether any of the given -.Fa flags -are currently set in -.Fa ctx , -returning the subset of the -.Fa flags -that are set, or 0 if none of them are set. -Currently, the only supported cipher context flag is -.Dv EVP_CIPHER_CTX_FLAG_WRAP_ALLOW ; -see -.Xr EVP_aes_128_wrap 3 -for details. -.Pp -.Fn EVP_CIPHER_CTX_set_padding -enables or disables padding. -This function should be called after the context is set up for -encryption or decryption with -.Fn EVP_EncryptInit_ex , -.Fn EVP_DecryptInit_ex , -or -.Fn EVP_CipherInit_ex . -By default encryption operations are padded using standard block padding -and the padding is checked and removed when decrypting. -If the -.Fa padding -parameter is zero, then no padding is performed, the total amount of data -encrypted or decrypted must then be a multiple of the block size or an -error will occur. -.Pp -.Fn EVP_CIPHER_key_length -and -.Fn EVP_CIPHER_CTX_key_length -return the key length of a cipher when passed an -.Vt EVP_CIPHER -or -.Vt EVP_CIPHER_CTX -structure. -The constant -.Dv EVP_MAX_KEY_LENGTH -is the maximum key length for all ciphers. -Note: although -.Fn EVP_CIPHER_key_length -is fixed for a given cipher, the value of -.Fn EVP_CIPHER_CTX_key_length -may be different for variable key length ciphers. -.Pp -.Fn EVP_CIPHER_CTX_set_key_length -sets the key length of the cipher ctx. -If the cipher is a fixed length cipher, then attempting to set the key -length to any value other than the fixed value is an error. -.Pp -.Fn EVP_CIPHER_iv_length -and -.Fn EVP_CIPHER_CTX_iv_length -return the IV length of a cipher when passed an -.Vt EVP_CIPHER -or -.Vt EVP_CIPHER_CTX . -It will return zero if the cipher does not use an IV. -The constant -.Dv EVP_MAX_IV_LENGTH -is the maximum IV length for all ciphers. -.Pp -.Fn EVP_CIPHER_CTX_get_iv -and -.Fn EVP_CIPHER_CTX_set_iv -will respectively retrieve and set the IV for an -.Vt EVP_CIPHER_CTX . -In both cases, the specified IV length must exactly equal the expected -IV length for the context as returned by -.Fn EVP_CIPHER_CTX_iv_length . -.Pp -.Fn EVP_CIPHER_block_size -and -.Fn EVP_CIPHER_CTX_block_size -return the block size of a cipher when passed an -.Vt EVP_CIPHER -or -.Vt EVP_CIPHER_CTX -structure. -The constant -.Dv EVP_MAX_BLOCK_LENGTH -is also the maximum block length for all ciphers. -.Pp -.Fn EVP_CIPHER_type -and -.Fn EVP_CIPHER_CTX_type -return the type of the passed cipher or context. -This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it -ignores the cipher parameters and 40-bit RC2 and 128-bit RC2 have the -same NID. -If the cipher does not have an object identifier or does not -have ASN.1 support this function will return -.Dv NID_undef . -.Pp -.Fn EVP_CIPHER_CTX_cipher -returns the -.Vt EVP_CIPHER -structure when passed an -.Vt EVP_CIPHER_CTX -structure. -.Pp -.Fn EVP_CIPHER_mode -and -.Fn EVP_CIPHER_CTX_mode -return the block cipher mode: -.Dv EVP_CIPH_ECB_MODE , -.Dv EVP_CIPH_CBC_MODE , -.Dv EVP_CIPH_CFB_MODE , -.Dv EVP_CIPH_OFB_MODE , -.Dv EVP_CIPH_CTR_MODE , -or -.Dv EVP_CIPH_XTS_MODE . -If the cipher is a stream cipher then -.Dv EVP_CIPH_STREAM_CIPHER -is returned. -.Pp -.Fn EVP_CIPHER_param_to_asn1 -sets the ASN.1 -.Vt AlgorithmIdentifier -parameter based on the passed cipher. -This will typically include any parameters and an IV. -The cipher IV (if any) must be set when this call is made. -This call should be made before the cipher is actually "used" (before any -.Fn EVP_EncryptUpdate -or -.Fn EVP_DecryptUpdate -calls, for example). -This function may fail if the cipher does not have any ASN.1 support. -.Pp -.Fn EVP_CIPHER_asn1_to_param -sets the cipher parameters based on an ASN.1 -.Vt AlgorithmIdentifier -parameter. -The precise effect depends on the cipher. -In the case of RC2, for example, it will set the IV and effective -key length. -This function should be called after the base cipher type is set but -before the key is set. -For example -.Fn EVP_CipherInit -will be called with the IV and key set to -.Dv NULL , -.Fn EVP_CIPHER_asn1_to_param -will be called and finally -.Fn EVP_CipherInit -again with all parameters except the key set to -.Dv NULL . -It is possible for this function to fail if the cipher does not -have any ASN.1 support or the parameters cannot be set (for example -the RC2 effective key length is not supported). -.Pp -.Fn EVP_CIPHER_CTX_ctrl -allows various cipher specific parameters to be determined and set. -Currently only the RC2 effective key length can be set. -.Pp -.Fn EVP_CIPHER_CTX_rand_key -generates a random key of the appropriate length based on the cipher -context. -The -.Vt EVP_CIPHER -can provide its own random key generation routine to support keys -of a specific form. -The -.Fa key -argument must point to a buffer at least as big as the value returned by -.Fn EVP_CIPHER_CTX_key_length . -.Pp -Where possible the EVP interface to symmetric ciphers should be -used in preference to the low level interfaces. -This is because the code then becomes transparent to the cipher used and -much more flexible. -.Pp -PKCS padding works by adding n padding bytes of value n to make the -total length of the encrypted data a multiple of the block size. -Padding is always added so if the data is already a multiple of the -block size n will equal the block size. -For example if the block size is 8 and 11 bytes are to be encrypted then -5 padding bytes of value 5 will be added. -.Pp -When decrypting the final block is checked to see if it has the correct -form. -.Pp -Although the decryption operation can produce an error if padding is -enabled, it is not a strong test that the input data or key is correct. -A random block has better than 1 in 256 chance of being of the correct -format and problems with the input data earlier on will not produce a -final decrypt error. -.Pp -If padding is disabled then the decryption operation will always succeed -if the total amount of data decrypted is a multiple of the block size. -.Pp -The functions -.Fn EVP_EncryptInit , -.Fn EVP_EncryptFinal , -.Fn EVP_DecryptInit , -.Fn EVP_CipherInit , -and -.Fn EVP_CipherFinal -are obsolete but are retained for compatibility with existing code. -New code should use -.Fn EVP_EncryptInit_ex , -.Fn EVP_EncryptFinal_ex , -.Fn EVP_DecryptInit_ex , -.Fn EVP_DecryptFinal_ex , -.Fn EVP_CipherInit_ex , -and -.Fn EVP_CipherFinal_ex -because they can reuse an existing context without allocating and -freeing it up on each call. -.Pp -.Fn EVP_get_cipherbynid -and -.Fn EVP_get_cipherbyobj -are implemented as macros. -.Sh RETURN VALUES -.Fn EVP_CIPHER_CTX_new -returns a pointer to a newly created -.Vt EVP_CIPHER_CTX -for success or -.Dv NULL -for failure. -.Pp -.Fn EVP_CIPHER_CTX_reset , -.Fn EVP_CIPHER_CTX_cleanup , -.Fn EVP_CIPHER_CTX_get_iv , -.Fn EVP_CIPHER_CTX_set_iv , -.Fn EVP_EncryptInit_ex , -.Fn EVP_EncryptUpdate , -.Fn EVP_EncryptFinal_ex , -.Fn EVP_DecryptInit_ex , -.Fn EVP_DecryptUpdate , -.Fn EVP_DecryptFinal_ex , -.Fn EVP_CipherInit_ex , -.Fn EVP_CipherUpdate , -.Fn EVP_CipherFinal_ex , -.Fn EVP_EncryptInit , -.Fn EVP_EncryptFinal , -.Fn EVP_DecryptInit , -.Fn EVP_DecryptFinal , -.Fn EVP_CipherInit , -.Fn EVP_CipherFinal , -.Fn EVP_Cipher , -.Fn EVP_CIPHER_CTX_set_key_length , -and -.Fn EVP_CIPHER_CTX_rand_key -return 1 for success or 0 for failure. -.Pp -.Fn EVP_CIPHER_CTX_set_padding -always returns 1. -.Pp -.Fn EVP_get_cipherbyname , -.Fn EVP_get_cipherbynid , -and -.Fn EVP_get_cipherbyobj -return an -.Vt EVP_CIPHER -structure or -.Dv NULL -on error. -.Pp -.Fn EVP_CIPHER_nid -and -.Fn EVP_CIPHER_CTX_nid -return a NID. -.Pp -.Fn EVP_CIPHER_block_size -and -.Fn EVP_CIPHER_CTX_block_size -return the block size. -.Pp -.Fn EVP_CIPHER_key_length -and -.Fn EVP_CIPHER_CTX_key_length -return the key length. -.Pp -.Fn EVP_CIPHER_iv_length -and -.Fn EVP_CIPHER_CTX_iv_length -return the IV length or zero if the cipher does not use an IV. -.Pp -.Fn EVP_CIPHER_type -and -.Fn EVP_CIPHER_CTX_type -return the NID of the cipher's OBJECT IDENTIFIER or -.Dv NID_undef -if it has no defined OBJECT IDENTIFIER. -.Pp -.Fn EVP_CIPHER_CTX_cipher -returns an -.Vt EVP_CIPHER -structure. -.Pp -.Fn EVP_CIPHER_param_to_asn1 -and -.Fn EVP_CIPHER_asn1_to_param -return greater than zero for success and zero or a negative number -for failure. -.Sh CIPHER LISTING -All algorithms have a fixed key length unless otherwise stated. -.Bl -tag -width Ds -.It Fn EVP_enc_null -Null cipher: does nothing. -.It Xo -.Fn EVP_idea_cbc , -.Fn EVP_idea_ecb , -.Fn EVP_idea_cfb64 , -.Fn EVP_idea_ofb -.Xc -IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. -.Fn EVP_idea_cfb -is an alias for -.Fn EVP_idea_cfb64 , -implemented as a macro. -.It Xo -.Fn EVP_rc2_cbc , -.Fn EVP_rc2_ecb , -.Fn EVP_rc2_cfb64 , -.Fn EVP_rc2_ofb -.Xc -RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. -This is a variable key length cipher with an additional parameter called -"effective key bits" or "effective key length". -By default both are set to 128 bits. -.Fn EVP_rc2_cfb -is an alias for -.Fn EVP_rc2_cfb64 , -implemented as a macro. -.It Xo -.Fn EVP_rc2_40_cbc , -.Fn EVP_rc2_64_cbc -.Xc -RC2 algorithm in CBC mode with a default key length and effective key -length of 40 and 64 bits. -These are obsolete and new code should use -.Fn EVP_rc2_cbc , -.Fn EVP_CIPHER_CTX_set_key_length , -and -.Fn EVP_CIPHER_CTX_ctrl -to set the key length and effective key length. -.It Xo -.Fn EVP_bf_cbc , -.Fn EVP_bf_ecb , -.Fn EVP_bf_cfb64 , -.Fn EVP_bf_ofb -.Xc -Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes -respectively. -This is a variable key length cipher. -.Fn EVP_bf_cfb -is an alias for -.Fn EVP_bf_cfb64 , -implemented as a macro. -.It Xo -.Fn EVP_cast5_cbc , -.Fn EVP_cast5_ecb , -.Fn EVP_cast5_cfb64 , -.Fn EVP_cast5_ofb -.Xc -CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. -This is a variable key length cipher. -.Fn EVP_cast5_cfb -is an alias for -.Fn EVP_cast5_cfb64 , -implemented as a macro. -.It Fn EVP_chacha20 -The ChaCha20 stream cipher. -The key length is 256 bits. -The first 32 bits of the 128-bit IV are used as a counter, -and the remaining 96 bits as a nonce. -.El -.Pp -See also -.Xr EVP_aes_128_cbc 3 , -.Xr EVP_camellia_128_cbc 3 , -.Xr EVP_des_cbc 3 , -.Xr EVP_rc4 3 , -and -.Xr EVP_sm4_cbc 3 . -.Ss GCM mode -For GCM mode ciphers, the behaviour of the EVP interface -is subtly altered and several additional ctrl operations are -supported. -.Pp -To specify any additional authenticated data (AAD), a call to -.Fn EVP_CipherUpdate , -.Fn EVP_EncryptUpdate , -or -.Fn EVP_DecryptUpdate -should be made with the output parameter out set to -.Dv NULL . -.Pp -When decrypting, the return value of -.Fn EVP_DecryptFinal -or -.Fn EVP_CipherFinal -indicates if the operation was successful. -If it does not indicate success, the authentication operation has -failed and any output data MUST NOT be used as it is corrupted. -.Pp -The following ctrls are supported in GCM mode: -.Bl -tag -width Ds -.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_IVLEN ivlen NULL -Sets the IV length: this call can only be made before specifying an IV. -If not called, a default IV length is used. -For GCM AES the default is 12, i.e. 96 bits. -.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_GET_TAG taglen tag -Writes -.Fa taglen -bytes of the tag value to the buffer indicated by -.Fa tag . -This call can only be made when encrypting data and after all data has -been processed, e.g. after an -.Fn EVP_EncryptFinal -call. -.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_TAG taglen tag -Sets the expected tag to -.Fa taglen -bytes from -.Fa tag . -This call is only legal when decrypting data and must be made before -any data is processed, e.g. before any -.Fa EVP_DecryptUpdate -call. -.El -.Ss CCM mode -The behaviour of CCM mode ciphers is similar to GCM mode, but with -a few additional requirements and different ctrl values. -.Pp -Like GCM mode any additional authenticated data (AAD) is passed -by calling -.Fn EVP_CipherUpdate , -.Fn EVP_EncryptUpdate , -or -.Fn EVP_DecryptUpdate -with the output parameter out set to -.Dv NULL . -Additionally, the total -plaintext or ciphertext length MUST be passed to -.Fn EVP_CipherUpdate , -.Fn EVP_EncryptUpdate , -or -.Fn EVP_DecryptUpdate -with the output and input -parameters -.Pq Fa in No and Fa out -set to -.Dv NULL -and the length passed in the -.Fa inl -parameter. -.Pp -The following ctrls are supported in CCM mode: -.Bl -tag -width Ds -.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_TAG taglen tag -This call is made to set the expected CCM tag value when decrypting or -the length of the tag (with the -.Fa tag -parameter set to -.Dv NULL ) -when encrypting. -The tag length is often referred to as M. -If not set, a default value is used (12 for AES). -.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_L ivlen NULL -Sets the CCM L value. -If not set, a default is used (8 for AES). -.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_IVLEN ivlen NULL -Sets the CCM nonce (IV) length: this call can only be made before -specifying a nonce value. -The nonce length is given by 15 - L so it is 7 by default for AES. -.El -.Sh EXAMPLES -Encrypt a string using blowfish: -.Bd -literal -offset 3n -int -do_crypt(char *outfile) -{ - unsigned char outbuf[1024]; - int outlen, tmplen; - /* - * Bogus key and IV: we'd normally set these from - * another source. - */ - unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; - unsigned char iv[] = {1,2,3,4,5,6,7,8}; - const char intext[] = "Some Crypto Text"; - EVP_CIPHER_CTX *ctx; - FILE *out; - - ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, key, iv); - - if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, - strlen(intext))) { - /* Error */ - EVP_CIPHER_CTX_free(ctx); - return 0; - } - /* - * Buffer passed to EVP_EncryptFinal() must be after data just - * encrypted to avoid overwriting it. - */ - if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { - /* Error */ - EVP_CIPHER_CTX_free(ctx); - return 0; - } - outlen += tmplen; - EVP_CIPHER_CTX_free(ctx); - /* - * Need binary mode for fopen because encrypted data is - * binary data. Also cannot use strlen() on it because - * it won't be NUL terminated and may contain embedded - * NULs. - */ - out = fopen(outfile, "wb"); - if (out == NULL) { - /* Error */ - return 0; - } - fwrite(outbuf, 1, outlen, out); - fclose(out); - return 1; -} -.Ed -.Pp -The ciphertext from the above example can be decrypted using the -.Xr openssl 1 -utility with the command line: -.Bd -literal -offset indent -openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \e - -iv 0102030405060708 -d -.Ed -.Pp -General encryption, decryption function example using FILE I/O and AES128 -with a 128-bit key: -.Bd -literal -int -do_crypt(FILE *in, FILE *out, int do_encrypt) -{ - /* Allow enough space in output buffer for additional block */ - unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; - int inlen, outlen; - EVP_CIPHER_CTX *ctx; - - /* - * Bogus key and IV: we'd normally set these from - * another source. - */ - unsigned char key[] = "0123456789abcdeF"; - unsigned char iv[] = "1234567887654321"; - - ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, - do_encrypt); - EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt); - - for (;;) { - inlen = fread(inbuf, 1, 1024, in); - if (inlen <= 0) - break; - if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, - inlen)) { - /* Error */ - EVP_CIPHER_CTX_free(ctx); - return 0; - } - fwrite(outbuf, 1, outlen, out); - } - if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) { - /* Error */ - EVP_CIPHER_CTX_free(ctx); - return 0; - } - fwrite(outbuf, 1, outlen, out); - - EVP_CIPHER_CTX_free(ctx); - return 1; -} -.Ed -.Sh SEE ALSO -.Xr BIO_f_cipher 3 , -.Xr evp 3 , -.Xr EVP_AEAD_CTX_init 3 , -.Xr EVP_aes_128_cbc 3 , -.Xr EVP_camellia_128_cbc 3 , -.Xr EVP_des_cbc 3 , -.Xr EVP_OpenInit 3 , -.Xr EVP_rc4 3 , -.Xr EVP_SealInit 3 , -.Xr EVP_sm4_cbc 3 -.Sh HISTORY -.Fn EVP_EncryptInit , -.Fn EVP_EncryptUpdate , -.Fn EVP_EncryptFinal , -.Fn EVP_DecryptInit , -.Fn EVP_DecryptUpdate , -.Fn EVP_DecryptFinal , -.Fn EVP_CipherInit , -.Fn EVP_CipherUpdate , -.Fn EVP_CipherFinal , -.Fn EVP_get_cipherbyname , -.Fn EVP_idea_cbc , -.Fn EVP_idea_ecb , -.Fn EVP_idea_cfb , -and -.Fn EVP_idea_ofb -first appeared in SSLeay 0.5.1. -.Fn EVP_rc2_cbc , -.Fn EVP_rc2_ecb , -.Fn EVP_rc2_cfb , -and -.Fn EVP_rc2_ofb -first appeared in SSLeay 0.5.2. -.Fn EVP_Cipher , -.Fn EVP_CIPHER_block_size , -.Fn EVP_CIPHER_key_length , -.Fn EVP_CIPHER_iv_length , -.Fn EVP_CIPHER_type , -.Fn EVP_CIPHER_CTX_block_size , -.Fn EVP_CIPHER_CTX_key_length , -.Fn EVP_CIPHER_CTX_iv_length , -and -.Fn EVP_CIPHER_CTX_type -first appeared in SSLeay 0.6.5. -.Fn EVP_bf_cbc , -.Fn EVP_bf_ecb , -.Fn EVP_bf_cfb , -and -.Fn EVP_bf_ofb -first appeared in SSLeay 0.6.6. -.Fn EVP_CIPHER_CTX_cleanup , -.Fn EVP_get_cipherbyobj , -.Fn EVP_CIPHER_nid , -.Fn EVP_CIPHER_CTX_cipher , -.Fn EVP_CIPHER_CTX_nid , -.Fn EVP_CIPHER_CTX_get_app_data , -.Fn EVP_CIPHER_CTX_set_app_data , -and -.Fn EVP_enc_null -first appeared in SSLeay 0.8.0. -.Fn EVP_get_cipherbynid -first appeared in SSLeay 0.8.1. -.Fn EVP_CIPHER_CTX_init , -.Fn EVP_CIPHER_param_to_asn1 , -and -.Fn EVP_CIPHER_asn1_to_param -first appeared in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn EVP_rc2_40_cbc -and -.Fn EVP_rc2_64_cbc -first appeared in SSL_eay 0.9.1. -.Fn EVP_CIPHER_CTX_type -first appeared in OpenSSL 0.9.3. -These functions have been available since -.Ox 2.6 . -.Pp -.Fn EVP_CIPHER_CTX_set_key_length , -.Fn EVP_CIPHER_CTX_ctrl , -.Fn EVP_CIPHER_flags , -.Fn EVP_CIPHER_mode , -.Fn EVP_CIPHER_CTX_flags , -and -.Fn EVP_CIPHER_CTX_mode -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . -.Pp -.Fn EVP_EncryptInit_ex , -.Fn EVP_EncryptFinal_ex , -.Fn EVP_DecryptInit_ex , -.Fn EVP_DecryptFinal_ex , -.Fn EVP_CipherInit_ex , -.Fn EVP_CipherFinal_ex , -and -.Fn EVP_CIPHER_CTX_set_padding -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn EVP_bf_cfb64 , -.Fn EVP_cast5_cfb64 , -.Fn EVP_idea_cfb64 , -and -.Fn EVP_rc2_cfb64 -first appeared in OpenSSL 0.9.7e and have been available since -.Ox 3.8 . -.Pp -.Fn EVP_CIPHER_CTX_rand_key -first appeared in OpenSSL 0.9.8. -.Fn EVP_CIPHER_CTX_new -and -.Fn EVP_CIPHER_CTX_free -first appeared in OpenSSL 0.9.8b. -These functions have been available since -.Ox 4.5 . -.Pp -.Fn EVP_CIPHER_CTX_reset -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . -.Pp -.Fn EVP_CIPHER_CTX_get_iv -and -.Fn EVP_CIPHER_CTX_set_iv -first appeared in LibreSSL 2.8.1 and has been available since -.Ox 6.4 . -.Sh BUGS -.Dv EVP_MAX_KEY_LENGTH -and -.Dv EVP_MAX_IV_LENGTH -only refer to the internal ciphers with default key lengths. -If custom ciphers exceed these values the results are unpredictable. -This is because it has become standard practice to define a generic key -as a fixed unsigned char array containing -.Dv EVP_MAX_KEY_LENGTH -bytes. -.Pp -The ASN.1 code is incomplete (and sometimes inaccurate). -It has only been tested for certain common S/MIME ciphers -(RC2, DES, triple DES) in CBC mode. diff --git a/src/lib/libcrypto/man/EVP_OpenInit.3 b/src/lib/libcrypto/man/EVP_OpenInit.3 deleted file mode 100644 index 766d178cbd..0000000000 --- a/src/lib/libcrypto/man/EVP_OpenInit.3 +++ /dev/null @@ -1,154 +0,0 @@ -.\" $OpenBSD: EVP_OpenInit.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 7 2019 $ -.Dt EVP_OPENINIT 3 -.Os -.Sh NAME -.Nm EVP_OpenInit , -.Nm EVP_OpenUpdate , -.Nm EVP_OpenFinal -.Nd EVP envelope decryption -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_OpenInit -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "EVP_CIPHER *type" -.Fa "unsigned char *ek" -.Fa "int ekl" -.Fa "unsigned char *iv" -.Fa "EVP_PKEY *priv" -.Fc -.Ft int -.Fo EVP_OpenUpdate -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fa "unsigned char *in" -.Fa "int inl" -.Fc -.Ft int -.Fo EVP_OpenFinal -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fc -.Sh DESCRIPTION -The EVP envelope routines are a high level interface to envelope -decryption. -They decrypt a public key encrypted symmetric key and then decrypt data -using it. -.Pp -.Fn EVP_OpenInit -initializes a cipher context -.Fa ctx -for decryption with cipher -.Fa type . -It decrypts the encrypted symmetric key of length -.Fa ekl -bytes passed in the -.Fa ek -parameter using the private key -.Fa priv . -The IV is supplied in the -.Fa iv -parameter. -.Pp -.Fn EVP_OpenUpdate -and -.Fn EVP_OpenFinal -have exactly the same properties as the -.Xr EVP_DecryptUpdate 3 -and -.Xr EVP_DecryptFinal 3 -routines. -.Pp -It is possible to call -.Fn EVP_OpenInit -twice in the same way as -.Xr EVP_DecryptInit 3 . -The first call should have -.Fa priv -set to -.Dv NULL -and (after setting any cipher parameters) it should be -called again with -.Fa type -set to -.Dv NULL . -.Pp -If the cipher passed in the -.Fa type -parameter is a variable length cipher then the key length will be set to -the value of the recovered key length. -If the cipher is a fixed length cipher then the recovered key length -must match the fixed cipher length. -.Sh RETURN VALUES -.Fn EVP_OpenInit -returns 0 on error or a non-zero integer (actually the recovered secret -key size) if successful. -.Pp -.Fn EVP_OpenUpdate -returns 1 for success or 0 for failure. -.Pp -.Fn EVP_OpenFinal -returns 0 if the decrypt failed or 1 for success. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_EncryptInit 3 , -.Xr EVP_SealInit 3 -.Sh HISTORY -.Fn EVP_OpenInit , -.Fn EVP_OpenUpdate , -and -.Fn EVP_OpenFinal -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 deleted file mode 100644 index 7714cb0558..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ /dev/null @@ -1,466 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.22 2019/11/01 13:53:25 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" Parts were split out into RSA_pkey_ctx_ctrl(3). -.\" -.\" This file was written by Dr. Stephen Henson -.\" and Antoine Salon . -.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 1 2019 $ -.Dt EVP_PKEY_CTX_CTRL 3 -.Os -.Sh NAME -.Nm EVP_PKEY_CTX_ctrl , -.Nm EVP_PKEY_CTX_ctrl_str , -.Nm EVP_PKEY_CTX_set_signature_md , -.Nm EVP_PKEY_CTX_get_signature_md , -.Nm EVP_PKEY_CTX_set_dsa_paramgen_bits , -.Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len , -.Nm EVP_PKEY_CTX_set_dh_paramgen_generator , -.Nm EVP_PKEY_CTX_set_ec_paramgen_curve_nid , -.Nm EVP_PKEY_CTX_set_ec_param_enc , -.Nm EVP_PKEY_CTX_set_ecdh_cofactor_mode , -.Nm EVP_PKEY_CTX_get_ecdh_cofactor_mode , -.Nm EVP_PKEY_CTX_set_ecdh_kdf_type , -.Nm EVP_PKEY_CTX_get_ecdh_kdf_type , -.Nm EVP_PKEY_CTX_set_ecdh_kdf_md , -.Nm EVP_PKEY_CTX_get_ecdh_kdf_md , -.Nm EVP_PKEY_CTX_set_ecdh_kdf_outlen , -.Nm EVP_PKEY_CTX_get_ecdh_kdf_outlen , -.Nm EVP_PKEY_CTX_set0_ecdh_kdf_ukm , -.Nm EVP_PKEY_CTX_get0_ecdh_kdf_ukm , -.Nm EVP_PKEY_CTX_set1_id , -.Nm EVP_PKEY_CTX_get1_id , -.Nm EVP_PKEY_CTX_get1_id_len -.Nd algorithm specific control operations -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_CTX_ctrl -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int keytype" -.Fa "int optype" -.Fa "int cmd" -.Fa "int p1" -.Fa "void *p2" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_ctrl_str -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const char *type" -.Fa "const char *value" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_signature_md -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get_signature_md -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const EVP_MD **pmd" -.Fc -.In openssl/dsa.h -.Ft int -.Fo EVP_PKEY_CTX_set_dsa_paramgen_bits -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int nbits" -.Fc -.In openssl/dh.h -.Ft int -.Fo EVP_PKEY_CTX_set_dh_paramgen_prime_len -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int len" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_dh_paramgen_generator -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int gen" -.Fc -.In openssl/ec.h -.Ft int -.Fo EVP_PKEY_CTX_set_ec_paramgen_curve_nid -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int nid" -.Fc -.Fa int -.Fo EVP_PKEY_CTX_set_ec_param_enc -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int param_enc" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_ecdh_cofactor_mode -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int cofactor_mode" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get_ecdh_cofactor_mode -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_ecdh_kdf_type -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int kdf" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get_ecdh_kdf_type -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_ecdh_kdf_md -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get_ecdh_kdf_md -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const EVP_MD **pmd" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_ecdh_kdf_outlen -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int len" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get_ecdh_kdf_outlen -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int *plen" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set0_ecdh_kdf_ukm -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *ukm" -.Fa "int len" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get0_ecdh_kdf_ukm -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char **pukm" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set1_id -.Fa "EVP_PKEY_CTX *ctx" -.Fa "void *id" -.Fa "size_t id_len" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get1_id -.Fa "EVP_PKEY_CTX *ctx" -.Fa "void *id" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get1_id_len -.Fa "EVP_PKEY_CTX *ctx" -.Fa "size_t *pid_len" -.Fc -.Sh DESCRIPTION -The function -.Fn EVP_PKEY_CTX_ctrl -sends a control operation to the context -.Fa ctx . -The key type used must match -.Fa keytype -if it is not -1. -The parameter -.Fa optype -is a mask indicating which operations the control can be applied to. -The control command is indicated in -.Fa cmd -and any additional arguments in -.Fa p1 -and -.Fa p2 . -.Pp -Applications will not normally call -.Fn EVP_PKEY_CTX_ctrl -directly but will instead call one of the algorithm specific macros -described below and in -.Xr RSA_pkey_ctx_ctrl 3 . -.Pp -The function -.Fn EVP_PKEY_CTX_ctrl_str -allows an application to send an algorithm specific control operation to -a context -.Fa ctx -in string form. -This is intended to be used for options specified on the command line or -in text files. -The commands supported are documented in the -.Xr openssl 1 -utility command line pages for the option -.Fl pkeyopt -which is supported by the -.Cm pkeyutl , -.Cm genpkey , -and -.Cm req -commands. -.Pp -All the remaining "functions" are implemented as macros. -.Pp -The -.Fn EVP_PKEY_CTX_set_signature_md -and -.Fn EVP_PKEY_CTX_get_signature_md -macros set and get the message digest type used in a signature. -They can be used with the RSA, DSA, and ECDSA algorithms. -If the key is of the type -.Dv EVP_PKEY_RSA_PSS -and has usage restrictions, an error occurs if an attempt is made -to set the digest to anything other than the restricted value. -.Ss DSA parameters -The macro -.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits -sets the number of bits used for DSA parameter generation to -.Fa nbits . -If not specified, 1024 is used. -.Ss DH parameters -The macro -.Fn EVP_PKEY_CTX_set_dh_paramgen_prime_len -sets the length of the DH prime parameter -.Fa len -for DH parameter generation. -It only accepts lengths greater than or equal to 256. -If this macro is not called, then 1024 is used. -.Pp -The -.Fn EVP_PKEY_CTX_set_dh_paramgen_generator -macro sets DH generator to -.Fa gen -for DH parameter generation. -If not specified, 2 is used. -.Ss EC parameters -The -.Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid -macro sets the EC curve for EC parameter generation to -.Fa nid . -For EC parameter generation, this macro must be called or an error occurs -because there is no default curve. -.Pp -The -.Fn EVP_PKEY_CTX_set_ec_param_enc -macro sets the EC parameter encoding to -.Fa param_enc -when generating EC parameters or an EC key. -The encoding can be set to 0 for explicit parameters or to -.Dv OPENSSL_EC_NAMED_CURVE -to use named curve form. -.Ss ECDH parameters -The -.Fn EVP_PKEY_CTX_set_ecdh_cofactor_mode -macro sets the cofactor mode to -.Fa cofactor_mode -for ECDH key derivation. -Possible values are 1 to enable cofactor key derivation, 0 to disable -it, or -1 to clear the stored cofactor mode and fall back to the -private key cofactor mode. -.Pp -The -.Fn EVP_PKEY_CTX_get_ecdh_cofactor_mode -macro returns the cofactor mode for -.Fa ctx -used for ECDH key derivation. -Possible return values are 1 when cofactor key derivation is enabled -or 0 otherwise. -.Ss ECDH key derivation function parameters -The -.Fn EVP_PKEY_CTX_set_ecdh_kdf_type -macro sets the key derivation function type to -.Fa kdf -for ECDH key derivation. -Possible values are -.Dv EVP_PKEY_ECDH_KDF_NONE -or -.Dv EVP_PKEY_ECDH_KDF_X9_63 -which uses the key derivation specified in X9.63. -When using key derivation, the -.Fa kdf_md -and -.Fa kdf_outlen -parameters must also be specified. -.Pp -The -.Fn EVP_PKEY_CTX_get_ecdh_kdf_type -macro returns the key derivation function type for -.Fa ctx -used for ECDH key derivation. -Possible return values are -.Dv EVP_PKEY_ECDH_KDF_NONE -or -.Dv EVP_PKEY_ECDH_KDF_X9_63 . -.Pp -The -.Fn EVP_PKEY_CTX_set_ecdh_kdf_md -macro sets the key derivation function message digest to -.Fa md -for ECDH key derivation. -Note that X9.63 specifies that this digest should be SHA1, -but OpenSSL tolerates other digests. -.Pp -The -.Fn EVP_PKEY_CTX_get_ecdh_kdf_md -macro gets the key derivation function message digest for -.Fa ctx -used for ECDH key derivation. -.Pp -The -.Fn EVP_PKEY_CTX_set_ecdh_kdf_outlen -macro sets the key derivation function output length to -.Fa len -for ECDH key derivation. -.Pp -The -.Fn EVP_PKEY_CTX_get_ecdh_kdf_outlen -macro gets the key derivation function output length for -.Fa ctx -used for ECDH key derivation. -.Pp -The -.Fn EVP_PKEY_CTX_set0_ecdh_kdf_ukm -macro sets the user key material to -.Fa ukm -for ECDH key derivation. -This parameter is optional and corresponds to the shared info -in X9.63 terms. -The library takes ownership of the user key material, so the caller -should not free the original memory pointed to by -.Fa ukm . -.Pp -The -.Fn EVP_PKEY_CTX_get0_ecdh_kdf_ukm -macro gets the user key material for -.Fa ctx . -The return value is the user key material length. -The resulting pointer is owned by the library and should not be -freed by the caller. -.Ss Other parameters -The -.Fn EVP_PKEY_CTX_set1_id , -.Fn EVP_PKEY_CTX_get1_id , -and -.Fn EVP_PKEY_CTX_get1_id_len -macros manipulate a special identifier field used for some specific -signature algorithms such as SM2. -The -.Fn EVP_PKEY_set1_id -macro sets the ID to a copy of -.Fa id -with the length -.Fa id_len . -The caller can safely free the original memory pointed to by -.Fa id . -The -.Fn EVP_PKEY_CTX_get1_id_len -macro returns the length of the ID set via a previous call to -.Fn EVP_PKEY_set1_id . -That length is typically used to allocate memory for a subsequent call to -.Fn EVP_PKEY_CTX_get1_id , -which copies the previously set ID into -.Pf * Fa id . -The caller is responsible for allocating sufficient memory for -.Fa id -before calling -.Fn EVP_PKEY_CTX_get1_id . -.Sh RETURN VALUES -.Fn EVP_PKEY_CTX_ctrl -and its macros return a positive value for success and 0 or a negative -value for failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh SEE ALSO -.Xr DH_new 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_decrypt 3 , -.Xr EVP_PKEY_derive 3 , -.Xr EVP_PKEY_encrypt 3 , -.Xr EVP_PKEY_get_default_digest_nid 3 , -.Xr EVP_PKEY_keygen 3 , -.Xr EVP_PKEY_meth_set_ctrl 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 , -.Xr EVP_PKEY_verify_recover 3 , -.Xr RSA_pkey_ctx_ctrl 3 -.Sh HISTORY -The functions -.Fn EVP_PKEY_CTX_ctrl , -.Fn EVP_PKEY_CTX_ctrl_str , -.Fn EVP_PKEY_CTX_set_signature_md , -.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits , -.Fn EVP_PKEY_CTX_set_dh_paramgen_prime_len , -.Fn EVP_PKEY_CTX_set_dh_paramgen_generator , -and -.Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Pp -The functions -.Fn EVP_PKEY_CTX_get_signature_md , -.Fn EVP_PKEY_CTX_set_ec_param_enc , -.Fn EVP_PKEY_CTX_set_ecdh_cofactor_mode , -.Fn EVP_PKEY_CTX_get_ecdh_cofactor_mode , -.Fn EVP_PKEY_CTX_set_ecdh_kdf_type , -.Fn EVP_PKEY_CTX_get_ecdh_kdf_type , -.Fn EVP_PKEY_CTX_set_ecdh_kdf_md , -.Fn EVP_PKEY_CTX_get_ecdh_kdf_md , -.Fn EVP_PKEY_CTX_set_ecdh_kdf_outlen , -.Fn EVP_PKEY_CTX_get_ecdh_kdf_outlen , -.Fn EVP_PKEY_CTX_set0_ecdh_kdf_ukm , -and -.Fn EVP_PKEY_CTX_get0_ecdh_kdf_ukm -first appeared in OpenSSL 1.0.2 and have been available since -.Ox 6.6 . -.Pp -The functions -.Fn EVP_PKEY_CTX_set1_id , -.Fn EVP_PKEY_CTX_get1_id , -and -.Fn EVP_PKEY_CTX_get1_id_len -first appeared in OpenSSL 1.1.1 and have been available since -.Ox 6.6 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_new.3 deleted file mode 100644 index 8f6a0a6513..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_CTX_new.3 +++ /dev/null @@ -1,185 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.11 2020/06/24 19:55:55 schwarze Exp $ -.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019, 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt EVP_PKEY_CTX_NEW 3 -.Os -.Sh NAME -.Nm EVP_PKEY_CTX_new , -.Nm EVP_PKEY_CTX_new_id , -.Nm EVP_PKEY_CTX_dup , -.Nm EVP_PKEY_CTX_free -.Nd public key algorithm context functions -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_PKEY_CTX * -.Fo EVP_PKEY_CTX_new -.Fa "EVP_PKEY *pkey" -.Fa "ENGINE *e" -.Fc -.Ft EVP_PKEY_CTX * -.Fo EVP_PKEY_CTX_new_id -.Fa "int id" -.Fa "ENGINE *e" -.Fc -.Ft EVP_PKEY_CTX * -.Fo EVP_PKEY_CTX_dup -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft void -.Fo EVP_PKEY_CTX_free -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Sh DESCRIPTION -The -.Fn EVP_PKEY_CTX_new -function allocates a public key algorithm context using the algorithm -specified in -.Fa pkey -and using -.Fa e -unless it is -.Dv NULL . -If -.Fa pkey -is associated with an engine, that engine is used and -.Fa e -is ignored. -.Pp -The -.Fn EVP_PKEY_CTX_new_id -function allocates a public key algorithm context using the algorithm -specified by -.Fa id -and using -.Fa e -unless it is -.Dv NULL . -It is normally used when no -.Vt EVP_PKEY -structure is associated with the operations, for example during -parameter generation of key generation for some algorithms. -The -.Fa id -argument can be any of the constants that -.Xr EVP_PKEY_base_id 3 -and -.Xr EVP_PKEY_id 3 -may return. -.Pp -.Fn EVP_PKEY_CTX_dup -duplicates the context -.Fa ctx . -.Pp -.Fn EVP_PKEY_CTX_free -frees up the context -.Fa ctx . -If -.Fa ctx -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -.Fn EVP_PKEY_CTX_new , -.Fn EVP_PKEY_CTX_new_id , -and -.Fn EVP_PKEY_CTX_dup -return either the newly allocated -.Vt EVP_PKEY_CTX -structure or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr EVP_DigestSignInit 3 , -.Xr EVP_DigestVerifyInit 3 , -.Xr EVP_PKEY_base_id 3 , -.Xr EVP_PKEY_CTX_ctrl 3 , -.Xr EVP_PKEY_decrypt 3 , -.Xr EVP_PKEY_derive 3 , -.Xr EVP_PKEY_encrypt 3 , -.Xr EVP_PKEY_keygen 3 , -.Xr EVP_PKEY_meth_set_init 3 , -.Xr EVP_PKEY_new 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 , -.Xr EVP_PKEY_verify_recover 3 , -.Xr RSA_pkey_ctx_ctrl 3 , -.Xr X25519 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . -.Sh CAVEATS -The -.Vt EVP_PKEY_CTX -structure is an opaque public key algorithm context used by the OpenSSL -high level public key API. -Contexts -.Sy MUST NOT -be shared between threads. -It is not permissible to use the same context simultaneously in two -threads. diff --git a/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 deleted file mode 100644 index c14420ba5d..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.5 2020/06/24 19:55:54 schwarze Exp $ -.\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Richard Levitte . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt EVP_PKEY_ASN1_GET_COUNT 3 -.Os -.Sh NAME -.Nm EVP_PKEY_asn1_get_count , -.Nm EVP_PKEY_asn1_get0 , -.Nm EVP_PKEY_get0_asn1 , -.Nm EVP_PKEY_asn1_find , -.Nm EVP_PKEY_asn1_find_str , -.Nm EVP_PKEY_asn1_get0_info -.Nd enumerate public key ASN.1 methods -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fn EVP_PKEY_asn1_get_count void -.Ft const EVP_PKEY_ASN1_METHOD * -.Fo EVP_PKEY_asn1_get0 -.Fa "int idx" -.Fc -.Ft const EVP_PKEY_ASN1_METHOD * -.Fo EVP_PKEY_get0_asn1 -.Fa "const EVP_PKEY *pkey" -.Fc -.Ft const EVP_PKEY_ASN1_METHOD * -.Fo EVP_PKEY_asn1_find -.Fa "ENGINE **pe" -.Fa "int type" -.Fc -.Ft const EVP_PKEY_ASN1_METHOD * -.Fo EVP_PKEY_asn1_find_str -.Fa "ENGINE **pe" -.Fa "const char *str" -.Fa "int len" -.Fc -.Ft int -.Fo EVP_PKEY_asn1_get0_info -.Fa "int *ppkey_id" -.Fa "int *pkey_base_id" -.Fa "int *ppkey_flags" -.Fa "const char **pinfo" -.Fa "const char **ppem_str" -.Fa "const EVP_PKEY_ASN1_METHOD *ameth" -.Fc -.Sh DESCRIPTION -.Fn EVP_PKEY_asn1_get_count -returns the number of public key ASN.1 methods available. -It includes standard methods and any methods added by the application. -.Pp -.Fn EVP_PKEY_asn1_get0 -returns the public key ASN.1 method -.Fa idx . -The value of -.Fa idx -must be in the range from zero to -.Fn EVP_PKEY_asn1_get_count -\- 1. -.Pp -.Fn EVP_PKEY_asn1_find -looks up the method with NID -.Fa type , -which can be any of the values that -.Xr EVP_PKEY_base_id 3 -and -.Xr EVP_PKEY_id 3 -may return. -If -.Fa pe -is not -.Dv NULL , -it first looks for an engine implementing a method for the NID -.Fa type . -If one is found, -.Pf * Fa pe -is set to that engine and the method from that engine is returned instead. -.Pp -.Fn EVP_PKEY_asn1_find_str -looks up the method with PEM type string -.Fa str . -The PEM type strings supported by default are listed in the -.Xr EVP_PKEY_base_id 3 -manual page. -Just like -.Fn EVP_PKEY_asn1_find , -if -.Fa pe -is not -.Dv NULL , -methods from engines are preferred. -.Pp -.Fn EVP_PKEY_asn1_get0_info -retrieves the public key ID as returned by -.Xr EVP_PKEY_id 3 , -the base public key ID as returned by -.Xr EVP_PKEY_base_id 3 -.Pq both NIDs , -any flags, the method description, -and the PEM type string associated with -.Fa ameth . -.Pp -.Fn EVP_PKEY_asn1_get_count , -.Fn EVP_PKEY_asn1_get0 , -.Fn EVP_PKEY_asn1_find -and -.Fn EVP_PKEY_asn1_find_str -are not thread safe, but as long as all -.Vt EVP_PKEY_ASN1_METHOD -objects are added before the application gets threaded, using them is -safe. -See -.Xr EVP_PKEY_asn1_add0 3 . -.Sh RETURN VALUES -.Fn EVP_PKEY_asn1_get_count -returns the number of available public key methods. -.Pp -.Fn EVP_PKEY_asn1_get0 -returns a public key method or -.Dv NULL -if -.Fa idx -is out of range. -.Pp -.Fn EVP_PKEY_get0_asn1 -returns the public key method used by -.Fa pkey . -.Pp -.Fn EVP_PKEY_asn1_get0_info -returns 1 on success or 0 on failure. -.Sh SEE ALSO -.Xr EVP_PKEY_asn1_new 3 , -.Xr EVP_PKEY_base_id 3 , -.Xr EVP_PKEY_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3 b/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3 deleted file mode 100644 index 5d915d0183..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3 +++ /dev/null @@ -1,463 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.5 2019/09/01 09:10:09 schwarze Exp $ -.\" selective merge up to: -.\" OpenSSL man3/EVP_PKEY_ASN1_METHOD b0004708 Nov 1 00:45:24 2017 +0800 -.\" -.\" This file was written by Richard Levitte -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 1 2019 $ -.Dt EVP_PKEY_ASN1_METHOD 3 -.Os -.Sh NAME -.Nm EVP_PKEY_asn1_new , -.Nm EVP_PKEY_asn1_copy , -.Nm EVP_PKEY_asn1_free , -.Nm EVP_PKEY_asn1_add0 , -.Nm EVP_PKEY_asn1_add_alias , -.Nm EVP_PKEY_asn1_set_public , -.Nm EVP_PKEY_asn1_set_private , -.Nm EVP_PKEY_asn1_set_param , -.Nm EVP_PKEY_asn1_set_free , -.Nm EVP_PKEY_asn1_set_ctrl -.Nd manipulating and registering an EVP_PKEY_ASN1_METHOD structure -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_PKEY_ASN1_METHOD * -.Fo EVP_PKEY_asn1_new -.Fa "int id" -.Fa "int flags" -.Fa "const char *pem_str" -.Fa "const char *info" -.Fc -.Ft void -.Fo EVP_PKEY_asn1_copy -.Fa "EVP_PKEY_ASN1_METHOD *dst" -.Fa "const EVP_PKEY_ASN1_METHOD *src" -.Fc -.Ft void -.Fo EVP_PKEY_asn1_free -.Fa "EVP_PKEY_ASN1_METHOD *ameth" -.Fc -.Ft int -.Fo EVP_PKEY_asn1_add0 -.Fa "const EVP_PKEY_ASN1_METHOD *ameth" -.Fc -.Ft int -.Fo EVP_PKEY_asn1_add_alias -.Fa "int to" -.Fa "int from" -.Fc -.Ft void -.Fo EVP_PKEY_asn1_set_public -.Fa "EVP_PKEY_ASN1_METHOD *ameth" -.Fa "int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub)" -.Fa "int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk)" -.Fa "int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b)" -.Fa "int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,\ - ASN1_PCTX *pctx)" -.Fa "int (*pkey_size)(const EVP_PKEY *pk)" -.Fa "int (*pkey_bits)(const EVP_PKEY *pk)" -.Fc -.Ft void -.Fo EVP_PKEY_asn1_set_private -.Fa "EVP_PKEY_ASN1_METHOD *ameth" -.Fa "int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf)" -.Fa "int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)" -.Fa "int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,\ - ASN1_PCTX *pctx)" -.Fc -.Ft void -.Fo EVP_PKEY_asn1_set_param -.Fa "EVP_PKEY_ASN1_METHOD *ameth" -.Fa "int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,\ - int derlen)" -.Fa "int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder)" -.Fa "int (*param_missing)(const EVP_PKEY *pk)" -.Fa "int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from)" -.Fa "int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b)" -.Fa "int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,\ - ASN1_PCTX *pctx)" -.Fc -.Ft void -.Fo EVP_PKEY_asn1_set_free -.Fa "EVP_PKEY_ASN1_METHOD *ameth" -.Fa "void (*pkey_free)(EVP_PKEY *pkey)" -.Fc -.Ft void -.Fo EVP_PKEY_asn1_set_ctrl -.Fa "EVP_PKEY_ASN1_METHOD *ameth" -.Fa "int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)" -.Fc -.Sh DESCRIPTION -.Vt EVP_PKEY_ASN1_METHOD -is a structure which holds a set of ASN.1 conversion, printing and -information methods for a specific public key algorithm. -.Pp -There are two places where the -.Vt EVP_PKEY_ASN1_METHOD -objects are stored: one is a built-in array representing the standard -methods for different algorithms, and the other one is a stack of -user-defined application-specific methods, which can be manipulated by -using -.Fn EVP_PKEY_asn1_add0 . -.Ss Methods -The methods are the underlying implementations of a particular public -key algorithm present by the -.Vt EVP_PKEY -object. -.Bd -unfilled -.Ft int Fo (*pub_decode) -.Fa "EVP_PKEY *pk" -.Fa "X509_PUBKEY *pub" -.Fc -.Ft int Fo (*pub_encode) -.Fa "X509_PUBKEY *pub" -.Fa "const EVP_PKEY *pk" -.Fc -.Ft int Fo (*pub_cmp) -.Fa "const EVP_PKEY *a" -.Fa "const EVP_PKEY *b" -.Fc -.Ft int Fo (*pub_print) -.Fa "BIO *out" -.Fa "const EVP_PKEY *pkey" -.Fa "int indent" -.Fa "ASN1_PCTX *pctx" -.Fc -.Ed -.Pp -The -.Fn pub_decode -and -.Fn pub_encode -methods are called to decode and encode -.Vt X509_PUBKEY -ASN.1 parameters to and from -.Fa pk . -They must return 0 on error and 1 on success. -They are called by -.Xr X509_PUBKEY_get 3 -and -.Xr X509_PUBKEY_set 3 . -.Pp -The -.Fn pub_cmp -method is called when two public keys are compared. -It must return 1 when the keys are equal and 0 otherwise. -It is called by -.Xr EVP_PKEY_cmp 3 . -.Pp -The -.Fn pub_print -method is called to print a public key in humanly readable text to -.Fa out , -indented -.Fa indent -spaces. -It must return 0 on error and 1 on success. -It is called by -.Xr EVP_PKEY_print_public 3 . -.Bd -unfilled -.Ft int Fo (*priv_decode) -.Fa "EVP_PKEY *pk" -.Fa "const PKCS8_PRIV_KEY_INFO *p8inf" -.Fc -.Ft int Fo (*priv_encode) -.Fa "PKCS8_PRIV_KEY_INFO *p8" -.Fa "const EVP_PKEY *pk" -.Fc -.Ft int Fo (*priv_print) -.Fa "BIO *out" -.Fa "const EVP_PKEY *pkey" -.Fa "int indent" -.Fa "ASN1_PCTX *pctx" -.Fc -.Ed -.Pp -The -.Fn priv_decode -and -.Fn priv_encode -methods are called to decode and encode -.Vt PKCS8_PRIV_KEY_INFO -form private key to and from -.Fa pk . -They must return 0 on error, 1 on success. -They are called by -.Fn EVP_PKCS82PKEY -and -.Fn EVP_PKEY2PKCS8 . -.Pp -The -.Fn priv_print -method is called to print a private key in humanly readable text to -.Fa out , -indented -.Fa indent -spaces. -It must return 0 on error and 1 on success. -It is called by -.Xr EVP_PKEY_print_private 3 . -.Bd -unfilled -.Ft int Fn (*pkey_size) "const EVP_PKEY *pk" -.Ft int Fn (*pkey_bits) "const EVP_PKEY *pk"; -.Ed -.Pp -The -.Fn pkey_size -method returns the key size in bytes. -It is called by -.Xr EVP_PKEY_size 3 . -.Pp -The -.Fn pkey_bits -method returns the key size in bits. -It is called by -.Xr EVP_PKEY_bits 3 . -.Bd -unfilled -.Ft int Fo (*param_decode) -.Fa "EVP_PKEY *pkey" -.Fa "const unsigned char **pder" -.Fa "int derlen" -.Fc -.Ft int Fo (*param_encode) -.Fa "const EVP_PKEY *pkey" -.Fa "unsigned char **pder" -.Fc -.Ft int Fo (*param_missing) -.Fa "const EVP_PKEY *pk" -.Fc -.Ft int Fo (*param_copy) -.Fa "EVP_PKEY *to" -.Fa "const EVP_PKEY *from" -.Fc -.Ft int Fo (*param_cmp) -.Fa "const EVP_PKEY *a" -.Fa "const EVP_PKEY *b" -.Fc -.Ft int Fo (*param_print) -.Fa "BIO *out" -.Fa "const EVP_PKEY *pkey" -.Fa "int indent" -.Fa "ASN1_PCTX *pctx" -.Fc -.Ed -.Pp -The -.Fn param_decode -and -.Fn param_encode -methods are called to decode and encode DER formatted parameters to and from -.Fa pk . -They must return 0 on error and 1 on success. -They are called by -.Fn PEM_read_bio_Parameters . -.Pp -The -.Fn param_missing -method returns 0 if a key parameter is missing or otherwise 1. -It is called by -.Xr EVP_PKEY_missing_parameters 3 . -.Pp -The -.Fn param_copy -method copies key parameters from -.Fa from -to -.Fa to . -It must return 0 on error and 1 on success. -It is called by -.Xr EVP_PKEY_copy_parameters 3 . -.Pp -The -.Fn param_cmp -method compares the parameters of the keys -.Fa a -and -.Fa b . -It must return 1 when the keys are equal, 0 when not equal, and a -negative number on error. -It is called by -.Xr EVP_PKEY_cmp_parameters 3 . -.Pp -The -.Fn param_print -method prints the private key parameters in humanly readable text to -.Fa out , -indented -.Fa indent -spaces. -It must return 0 on error and 1 on success. -It is called by -.Xr EVP_PKEY_print_params 3 . -.Bd -unfilled -.Ft void Fn (*pkey_free) "EVP_PKEY *pkey" -.Ed -.Pp -The -.Fn pkey_free -method helps freeing the internals of -.Fa pkey . -It is called by -.Xr EVP_PKEY_free 3 , -.Xr EVP_PKEY_set_type 3 , -.Fn EVP_PKEY_set_type_str , -and -.Xr EVP_PKEY_assign 3 . -.Bd -unfilled -.Ft int Fo (*pkey_ctrl) -.Fa "EVP_PKEY *pkey" -.Fa "int op" -.Fa "long arg1" -.Fa "void *arg2" -.Fc -.Ed -.Pp -The -.Fn pkey_ctrl -method adds extra algorithm specific control. -It is called by -.Xr EVP_PKEY_get_default_digest_nid 3 , -.Fn PKCS7_SIGNER_INFO_set , -.Fn PKCS7_RECIP_INFO_set , -and other functions. -.Ss Functions -.Fn EVP_PKEY_asn1_new -creates and returns a new -.Vt EVP_PKEY_ASN1_METHOD -object, and associates the given -.Fa id , -.Fa flags , -.Fa pem_str -and -.Fa info . -.Fa id -is a NID, -.Fa pem_str -is the PEM type string, -.Fa info -is a descriptive string. -If -.Dv ASN1_PKEY_SIGPARAM_NULL -is set in -.Fa flags , -the signature algorithm parameters are given the type -.Dv V_ASN1_NULL -by default, otherwise they will be given the type -.Dv V_ASN1_UNDEF -(i.e. the parameter is omitted). -See -.Xr X509_ALGOR_set0 3 -for more information. -.Pp -.Fn EVP_PKEY_asn1_copy -copies an -.Vt EVP_PKEY_ASN1_METHOD -object from -.Fa src -to -.Fa dst . -This function is not thread safe, it is recommended to only use this when -initializing the application. -.Pp -.Fn EVP_PKEY_asn1_free -frees an existing -.Vt EVP_PKEY_ASN1_METHOD -pointed by -.Fa ameth . -.Pp -.Fn EVP_PKEY_asn1_add0 -adds -.Fa ameth -to the user defined stack of methods unless another -.Vt EVP_PKEY_ASN1_METHOD -with the same NID is already there. -This function is not thread safe, it is recommended to only use this when -initializing the application. -.Pp -.Fn EVP_PKEY_asn1_add_alias -creates an alias with the NID -.Fa to -for the -.Vt EVP_PKEY_ASN1_METHOD -with NID -.Fa from -unless another -.Vt EVP_PKEY_ASN1_METHOD -with the same NID is already added. -This function is not thread safe, it's recommended to only use this when -initializing the application. -.Pp -.Fn EVP_PKEY_asn1_set_public , -.Fn EVP_PKEY_asn1_set_private , -.Fn EVP_PKEY_asn1_set_param , -.Fn EVP_PKEY_asn1_set_free , -and -.Fn EVP_PKEY_asn1_set_ctrl -set the diverse methods of the given -.Vt EVP_PKEY_ASN1_METHOD -object. -.Sh RETURN VALUES -.Fn EVP_PKEY_asn1_new -returns a pointer to an -.Vt EVP_PKEY_ASN1_METHOD -object or -.Dv NULL -on error. -.Pp -.Fn EVP_PKEY_asn1_add0 -and -.Fn EVP_PKEY_asn1_add_alias -return 0 on error or 1 on success. -.Sh SEE ALSO -.Xr EVP_PKEY_asn1_get_count 3 , -.Xr EVP_PKEY_new 3 , -.Xr X509_PUBKEY_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_cmp.3 b/src/lib/libcrypto/man/EVP_PKEY_cmp.3 deleted file mode 100644 index 5226ec58fa..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_cmp.3 +++ /dev/null @@ -1,160 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.10 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2013, 2014, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt EVP_PKEY_CMP 3 -.Os -.Sh NAME -.Nm EVP_PKEY_missing_parameters , -.Nm EVP_PKEY_copy_parameters , -.Nm EVP_PKEY_cmp_parameters , -.Nm EVP_PKEY_cmp -.Nd public key parameter and comparison functions -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_missing_parameters -.Fa "const EVP_PKEY *pkey" -.Fc -.Ft int -.Fo EVP_PKEY_copy_parameters -.Fa "EVP_PKEY *to" -.Fa "const EVP_PKEY *from" -.Fc -.Ft int -.Fo EVP_PKEY_cmp_parameters -.Fa "const EVP_PKEY *a" -.Fa "const EVP_PKEY *b" -.Fc -.Ft int -.Fo EVP_PKEY_cmp -.Fa "const EVP_PKEY *a" -.Fa "const EVP_PKEY *b" -.Fc -.Sh DESCRIPTION -The function -.Fn EVP_PKEY_missing_parameters -returns 1 if the public key parameters of -.Fa pkey -are missing and 0 if they are present or the algorithm doesn't use -parameters. -.Pp -The function -.Fn EVP_PKEY_copy_parameters -copies the parameters from key -.Fa from -to key -.Fa to . -An error is returned if the parameters are missing in -.Fa from . -.Pp -The function -.Fn EVP_PKEY_cmp_parameters -compares the parameters of keys -.Fa a -and -.Fa b . -.Pp -The function -.Fn EVP_PKEY_cmp -compares the public key components and parameters (if present) of keys -.Fa a -and -.Fa b . -.Pp -The main purpose of the functions -.Fn EVP_PKEY_missing_parameters -and -.Fn EVP_PKEY_copy_parameters -is to handle public keys in certificates where the parameters are -sometimes omitted from a public key if they are inherited from the CA -that signed it. -.Pp -Since OpenSSL private keys contain public key components too, the -function -.Fn EVP_PKEY_cmp -can also be used to determine if a private key matches a public key. -.Sh RETURN VALUES -The function -.Fn EVP_PKEY_missing_parameters -returns 1 if the public key parameters of -.Fa pkey -are missing and 0 if they are present or the algorithm doesn't use -parameters. -.Pp -The function -.Fn EVP_PKEY_copy_parameters -returns 1 for success and 0 for failure. -.Pp -The functions -.Fn EVP_PKEY_cmp_parameters -and -.Fn EVP_PKEY_cmp -return 1 if the keys match, 0 if they don't match, -1 if the key types -are different and -2 if the operation is not supported. -.Sh SEE ALSO -.Xr EVP_PKEY_asn1_set_public 3 , -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_keygen 3 , -.Xr EVP_PKEY_new 3 -.Sh HISTORY -.Fn EVP_PKEY_missing_parameters -and -.Fn EVP_PKEY_copy_parameters -first appeared in SSLeay 0.8.0. -.Fn EVP_PKEY_cmp_parameters -first appeared in SSLeay 0.9.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn EVP_PKEY_cmp -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3 deleted file mode 100644 index cdae726c42..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_decrypt.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ -.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt EVP_PKEY_DECRYPT 3 -.Os -.Sh NAME -.Nm EVP_PKEY_decrypt_init , -.Nm EVP_PKEY_decrypt -.Nd decrypt using a public key algorithm -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_decrypt_init -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_decrypt -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *out" -.Fa "size_t *outlen" -.Fa "const unsigned char *in" -.Fa "size_t inlen" -.Fc -.Sh DESCRIPTION -The -.Fn EVP_PKEY_decrypt_init -function initializes a public key algorithm context using key -.Fa ctx->pkey -for a decryption operation. -.Pp -The -.Fn EVP_PKEY_decrypt -function performs a public key decryption operation using -.Fa ctx . -The data to be decrypted is specified using the -.Fa in -and -.Fa inlen -parameters. -If -.Fa out -is -.Dv NULL -then the maximum size of the output buffer is written to the -.Fa outlen -parameter. -If -.Fa out -is not -.Dv NULL -then before the call the -.Fa outlen -parameter should contain the length of the -.Fa out -buffer. -If the call is successful the decrypted data is written to -.Fa out -and the amount of data written to -.Fa outlen . -.Pp -After the call to -.Fn EVP_PKEY_decrypt_init , -algorithm specific control operations can be performed to set any -appropriate parameters for the operation. -.Pp -The function -.Fn EVP_PKEY_decrypt -can be called more than once on the same context if several operations -are performed using the same parameters. -.Sh RETURN VALUES -.Fn EVP_PKEY_decrypt_init -and -.Fn EVP_PKEY_decrypt -return 1 for success and 0 or a negative value for failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh EXAMPLES -Decrypt data using OAEP (for RSA keys): -.Bd -literal -offset indent -#include -#include - -EVP_PKEY_CTX *ctx; -ENGINE *eng; -unsigned char *out, *in; -size_t outlen, inlen; -EVP_PKEY *key; - -/* - * Assumes that key, eng, in, and inlen are already set up - * and that key is an RSA private key. - */ -ctx = EVP_PKEY_CTX_new(key, eng); -if (!ctx) - /* Error occurred */ -if (EVP_PKEY_decrypt_init(ctx) <= 0) - /* Error */ -if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) - /* Error */ - -/* Determine buffer length */ -if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) - /* Error */ - -out = malloc(outlen); - -if (!out) - /* malloc failure */ - -if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) - /* Error */ - -/* Decrypted data is outlen bytes written to buffer out */ -.Ed -.Sh SEE ALSO -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_derive 3 , -.Xr EVP_PKEY_encrypt 3 , -.Xr EVP_PKEY_meth_set_decrypt 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 , -.Xr EVP_PKEY_verify_recover 3 -.Sh HISTORY -.Fn EVP_PKEY_decrypt_init -and -.Fn EVP_PKEY_decrypt -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_derive.3 b/src/lib/libcrypto/man/EVP_PKEY_derive.3 deleted file mode 100644 index 574b6b9b9d..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_derive.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_derive.3,v 1.8 2018/03/23 04:34:23 schwarze Exp $ -.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt EVP_PKEY_DERIVE 3 -.Os -.Sh NAME -.Nm EVP_PKEY_derive_init , -.Nm EVP_PKEY_derive_set_peer , -.Nm EVP_PKEY_derive -.Nd derive public key algorithm shared secret -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_derive_init -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_derive_set_peer -.Fa "EVP_PKEY_CTX *ctx" -.Fa "EVP_PKEY *peer" -.Fc -.Ft int -.Fo EVP_PKEY_derive -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *key" -.Fa "size_t *keylen" -.Fc -.Sh DESCRIPTION -The -.Fn EVP_PKEY_derive_init -function initializes a public key algorithm context using key -.Fa ctx->pkey -for shared secret derivation. -.Pp -The -.Fn EVP_PKEY_derive_set_peer -function sets the peer key: this will normally be a public key. -.Pp -The -.Fn EVP_PKEY_derive -function derives a shared secret using -.Fa ctx . -If -.Fa key -is -.Dv NULL , -then the maximum size of the output buffer is written to the -.Fa keylen -parameter. -If -.Fa key -is not -.Dv NULL -then before the call the -.Fa keylen -parameter should contain the length of the -.Fa key -buffer. -If the call is successful, the shared secret is written to -.Fa key -and the amount of data written to -.Fa keylen . -.Pp -After the call to -.Fn EVP_PKEY_derive_init , -algorithm specific control operations can be performed to set any -appropriate parameters for the operation. -.Pp -The function -.Fn EVP_PKEY_derive -can be called more than once on the same context if several operations -are performed using the same parameters. -.Sh RETURN VALUES -.Fn EVP_PKEY_derive_init -and -.Fn EVP_PKEY_derive -return 1 for success and 0 or a negative value for failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh EXAMPLES -Derive shared secret (for example DH or EC keys): -.Bd -literal -offset indent -#include -#include - -EVP_PKEY_CTX *ctx; -ENGINE *eng; -unsigned char *skey; -size_t skeylen; -EVP_PKEY *pkey, *peerkey; - -/* Assumes that pkey, eng, and peerkey have already been set up. */ -ctx = EVP_PKEY_CTX_new(pkey, eng); -if (!ctx) - /* Error occurred */ -if (EVP_PKEY_derive_init(ctx) <= 0) - /* Error */ -if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) - /* Error */ - -/* Determine buffer length */ -if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) - /* Error */ - -skey = malloc(skeylen); - -if (!skey) - /* malloc failure */ - -if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) - /* Error */ - -/* Shared secret is skey bytes written to buffer skey */ -.Ed -.Sh SEE ALSO -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_decrypt 3 , -.Xr EVP_PKEY_encrypt 3 , -.Xr EVP_PKEY_meth_set_derive 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 , -.Xr EVP_PKEY_verify_recover 3 , -.Xr X25519 3 -.Sh HISTORY -.Fn EVP_PKEY_derive_init , -.Fn EVP_PKEY_derive_set_peer , -and -.Fn EVP_PKEY_derive -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_encrypt.3 deleted file mode 100644 index a627c2abb6..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_encrypt.3 +++ /dev/null @@ -1,184 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_encrypt.3,v 1.6 2018/03/23 04:34:23 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2013, 2014, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt EVP_PKEY_ENCRYPT 3 -.Os -.Sh NAME -.Nm EVP_PKEY_encrypt_init , -.Nm EVP_PKEY_encrypt -.Nd encrypt using a public key algorithm -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_encrypt_init -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_encrypt -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *out" -.Fa "size_t *outlen" -.Fa "const unsigned char *in" -.Fa "size_t inlen" -.Fc -.Sh DESCRIPTION -The -.Fn EVP_PKEY_encrypt_init -function initializes a public key algorithm context using key -.Fa ctx->pkey -for an encryption operation. -.Pp -The -.Fn EVP_PKEY_encrypt -function performs a public key encryption operation using -.Fa ctx . -The data to be encrypted is specified using the -.Fa in -and -.Fa inlen -parameters. -If -.Fa out -is -.Dv NULL , -then the maximum size of the output buffer is written to the -.Fa outlen -parameter. -If -.Fa out -is not -.Dv NULL , -then before the call the -.Fa outlen -parameter should contain the length of the -.Fa out -buffer. -If the call is successful the encrypted data is written to -.Fa out -and the amount of data written to -.Fa outlen . -.Pp -After the call to -.Fn EVP_PKEY_encrypt_init , -algorithm specific control operations can be performed to set any -appropriate parameters for the operation. -.Pp -The function -.Fn EVP_PKEY_encrypt -can be called more than once on the same context if several operations -are performed using the same parameters. -.Sh RETURN VALUES -.Fn EVP_PKEY_encrypt_init -and -.Fn EVP_PKEY_encrypt -return 1 for success and 0 or a negative value for failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh EXAMPLES -Encrypt data using OAEP (for RSA keys). -See also -.Xr PEM_read_PUBKEY 3 -and -.Xr d2i_X509 3 -for means to load a public key. -You may also simply set -.Ql eng = NULL; -to start with the default OpenSSL RSA implementation: -.Bd -literal -offset indent -#include -#include -#include - -EVP_PKEY_CTX *ctx; -ENGINE *eng; -unsigned char *out, *in; -size_t outlen, inlen; -EVP_PKEY *key; -/* NB: assumes eng, key in, inlen are already set up - * and that key is an RSA public key - */ -ctx = EVP_PKEY_CTX_new(key, eng); -if (!ctx) - /* Error occurred */ -if (EVP_PKEY_encrypt_init(ctx) <= 0) - /* Error */ -if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) - /* Error */ - -/* Determine buffer length */ -if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) - /* Error */ - -out = malloc(outlen); - -if (!out) - /* malloc failure */ - -if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) - /* Error */ - -/* Encrypted data is outlen bytes written to buffer out */ -.Ed -.Sh SEE ALSO -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_decrypt 3 , -.Xr EVP_PKEY_derive 3 , -.Xr EVP_PKEY_meth_set_encrypt 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 , -.Xr EVP_PKEY_verify_recover 3 -.Sh HISTORY -.Fn EVP_PKEY_encrypt_init -and -.Fn EVP_PKEY_encrypt -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 b/src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 deleted file mode 100644 index 11d0914bed..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 +++ /dev/null @@ -1,94 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 -.Os -.Sh NAME -.Nm EVP_PKEY_get_default_digest_nid -.Nd get default signature digest -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_get_default_digest_nid -.Fa "EVP_PKEY *pkey" -.Fa "int *pnid" -.Fc -.Sh DESCRIPTION -The -.Fn EVP_PKEY_get_default_digest_nid -function sets -.Fa pnid -to the default message digest NID for the public key signature -operations associated with key -.Fa pkey . -.Pp -For all current standard OpenSSL public key algorithms, SHA1 is returned. -.Sh RETURN VALUES -The -.Fn EVP_PKEY_get_default_digest_nid -function returns 1 if the message digest is advisory (that is other -digests can be used) and 2 if it is mandatory (other digests cannot be -used). -It returns 0 or a negative value for failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh SEE ALSO -.Xr EVP_PKEY_asn1_set_ctrl 3 , -.Xr EVP_PKEY_CTX_ctrl 3 , -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_new 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 , -.Xr EVP_PKEY_verify_recover 3 -.Sh HISTORY -.Fn EVP_PKEY_get_default_digest_nid -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_keygen.3 b/src/lib/libcrypto/man/EVP_PKEY_keygen.3 deleted file mode 100644 index 6173a1c438..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_keygen.3 +++ /dev/null @@ -1,295 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.9 2018/03/23 04:34:23 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2013, 2015, 2016, 2018 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt EVP_PKEY_KEYGEN 3 -.Os -.Sh NAME -.Nm EVP_PKEY_keygen_init , -.Nm EVP_PKEY_keygen , -.Nm EVP_PKEY_paramgen_init , -.Nm EVP_PKEY_paramgen , -.Nm EVP_PKEY_gen_cb , -.Nm EVP_PKEY_CTX_set_cb , -.Nm EVP_PKEY_CTX_get_cb , -.Nm EVP_PKEY_CTX_get_keygen_info , -.Nm EVP_PKEY_CTX_set_app_data , -.Nm EVP_PKEY_CTX_get_app_data -.Nd key and parameter generation functions -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_keygen_init -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_keygen -.Fa "EVP_PKEY_CTX *ctx" -.Fa "EVP_PKEY **ppkey" -.Fc -.Ft int -.Fo EVP_PKEY_paramgen_init -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_paramgen -.Fa "EVP_PKEY_CTX *ctx" -.Fa "EVP_PKEY **ppkey" -.Fc -.Ft typedef int -.Fo EVP_PKEY_gen_cb -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft void -.Fo EVP_PKEY_CTX_set_cb -.Fa "EVP_PKEY_CTX *ctx" -.Fa "EVP_PKEY_gen_cb *cb" -.Fc -.Ft EVP_PKEY_gen_cb * -.Fo EVP_PKEY_CTX_get_cb -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get_keygen_info -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int idx" -.Fc -.Ft void -.Fo EVP_PKEY_CTX_set_app_data -.Fa "EVP_PKEY_CTX *ctx" -.Fa "void *data" -.Fc -.Ft void * -.Fo EVP_PKEY_CTX_get_app_data -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Sh DESCRIPTION -The -.Fn EVP_PKEY_keygen_init -function initializes a public key algorithm context using key -.Fa ctx->pkey -for a key generation operation. -.Pp -The -.Fn EVP_PKEY_keygen -function performs a key generation operation. -The generated key is written to -.Fa ppkey . -.Pp -The functions -.Fn EVP_PKEY_paramgen_init -and -.Fn EVP_PKEY_paramgen -are similar except parameters are generated. -.Pp -The function -.Fn EVP_PKEY_CTX_set_cb -sets the key or parameter generation callback to -.Fa cb . -The function -.Fn EVP_PKEY_CTX_get_cb -returns the key or parameter generation callback. -.Pp -The function -.Fn EVP_PKEY_CTX_get_keygen_info -returns parameters associated with the generation operation. -If -.Fa idx -is -1, the total number of parameters available is returned. -Any non-negative value returns the value of that parameter. -.Fn EVP_PKEY_CTX_get_keygen_info -with a non-negative value for -.Fa idx -should only be called within the generation callback. -.Pp -If the callback returns 0, then the key generation operation is aborted -and an error occurs. -This might occur during a time consuming operation where a user clicks -on a "cancel" button. -.Pp -The functions -.Fn EVP_PKEY_CTX_set_app_data -and -.Fn EVP_PKEY_CTX_get_app_data -set and retrieve an opaque pointer. -This can be used to set some application defined value which can be -retrieved in the callback: for example a handle which is used to update -a "progress dialog". -.Pp -After the call to -.Fn EVP_PKEY_keygen_init -or -.Fn EVP_PKEY_paramgen_init , -algorithm specific control operations can be performed to set any -appropriate parameters for the operation. -.Pp -The functions -.Fn EVP_PKEY_keygen -and -.Fn EVP_PKEY_paramgen -can be called more than once on the same context if several operations -are performed using the same parameters. -.Pp -The meaning of the parameters passed to the callback will depend on the -algorithm and the specific implementation of the algorithm. -Some might not give any useful information at all during key or -parameter generation. -Others might not even call the callback. -.Pp -The operation performed by key or parameter generation depends on the -algorithm used. -In some cases (e.g. EC with a supplied named curve) the "generation" -option merely sets the appropriate fields in an -.Vt EVP_PKEY -structure. -.Pp -In OpenSSL, an -.Vt EVP_PKEY -structure containing a private key also contains the public key -components and parameters (if any). -An OpenSSL private key is equivalent to what some libraries call a "key -pair". -A private key can be used in functions which require the use of a public -key or parameters. -.Sh RETURN VALUES -.Fn EVP_PKEY_keygen_init , -.Fn EVP_PKEY_paramgen_init , -.Fn EVP_PKEY_keygen , -and -.Fn EVP_PKEY_paramgen -return 1 for success and 0 or a negative value for failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh EXAMPLES -Generate a 2048-bit RSA key: -.Bd -literal -offset indent -#include -#include - -EVP_PKEY_CTX *ctx; -EVP_PKEY *pkey = NULL; - -ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); -if (!ctx) - /* Error occurred */ -if (EVP_PKEY_keygen_init(ctx) <= 0) - /* Error */ -if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) - /* Error */ - -/* Generate key */ -if (EVP_PKEY_keygen(ctx, &pkey) <= 0) - /* Error */ -.Ed -.Pp -Generate a key from a set of parameters: -.Bd -literal -offset indent -#include -#include - -EVP_PKEY_CTX *ctx; -ENGINE *eng; -EVP_PKEY *pkey = NULL, *param; - -/* Assumes that param and eng are already set up. */ -ctx = EVP_PKEY_CTX_new(param, eng); -if (!ctx) - /* Error occurred */ -if (EVP_PKEY_keygen_init(ctx) <= 0) - /* Error */ - -/* Generate key */ -if (EVP_PKEY_keygen(ctx, &pkey) <= 0) - /* Error */ -.Ed -.Pp -Example of generation callback for OpenSSL public key implementations: -.Bd -literal -offset indent -/* Application data is a BIO to output status to */ - -EVP_PKEY_CTX_set_app_data(ctx, status_bio); - -static int -genpkey_cb(EVP_PKEY_CTX *ctx) -{ - char c = '*'; - BIO *b = EVP_PKEY_CTX_get_app_data(ctx); - int p; - - p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\en'; - BIO_write(b, &c, 1); - (void)BIO_flush(b); - return 1; -} -.Ed -.Sh SEE ALSO -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_decrypt 3 , -.Xr EVP_PKEY_derive 3 , -.Xr EVP_PKEY_encrypt 3 , -.Xr EVP_PKEY_meth_set_keygen 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 , -.Xr EVP_PKEY_verify_recover 3 , -.Xr X25519 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_meth_get0_info.3 b/src/lib/libcrypto/man/EVP_PKEY_meth_get0_info.3 deleted file mode 100644 index acfb035bbe..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_meth_get0_info.3 +++ /dev/null @@ -1,78 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_meth_get0_info.3,v 1.3 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL EVP_PKEY_meth_get_count.pod 6a2da303 Aug 9 11:25:19 2017 -0400 -.\" OpenSSL EVP_PKEY_meth_get_count.pod 48ed9c23 Jul 25 17:48:26 2017 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt EVP_PKEY_METH_GET0_INFO 3 -.Os -.Sh NAME -.Nm EVP_PKEY_meth_get0_info -.Nd enumerate public key methods -.Sh SYNOPSIS -.In openssl/evp.h -.Ft void -.Fo EVP_PKEY_meth_get0_info -.Fa "int *ppkey_id" -.Fa "int *pflags" -.Fa "const EVP_PKEY_METHOD *meth" -.Fc -.Sh DESCRIPTION -The function -.Fn EVP_PKEY_meth_get0_info -retrieves the public key ID (a NID) and any flags associated with the -public key method -.Pf * Fa meth . -.Sh SEE ALSO -.Xr EVP_PKEY_meth_new 3 , -.Xr EVP_PKEY_new 3 -.Sh HISTORY -.Fn EVP_PKEY_meth_get0_info -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_meth_new.3 b/src/lib/libcrypto/man/EVP_PKEY_meth_new.3 deleted file mode 100644 index 706824cd59..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_meth_new.3 +++ /dev/null @@ -1,555 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_meth_new.3,v 1.4 2019/06/06 01:06:58 schwarze Exp $ -.\" selective merge up to: OpenSSL 43f985fd Aug 21 11:47:17 2017 -0400 -.\" -.\" This file was written by Paul Yang -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt EVP_PKEY_METH_NEW 3 -.Os -.Sh NAME -.Nm EVP_PKEY_meth_new , -.Nm EVP_PKEY_meth_free , -.Nm EVP_PKEY_meth_copy , -.Nm EVP_PKEY_meth_find , -.Nm EVP_PKEY_meth_add0 , -.Nm EVP_PKEY_meth_set_init , -.Nm EVP_PKEY_meth_set_copy , -.Nm EVP_PKEY_meth_set_cleanup , -.Nm EVP_PKEY_meth_set_paramgen , -.Nm EVP_PKEY_meth_set_keygen , -.Nm EVP_PKEY_meth_set_sign , -.Nm EVP_PKEY_meth_set_verify , -.Nm EVP_PKEY_meth_set_verify_recover , -.Nm EVP_PKEY_meth_set_signctx , -.Nm EVP_PKEY_meth_set_verifyctx , -.Nm EVP_PKEY_meth_set_encrypt , -.Nm EVP_PKEY_meth_set_decrypt , -.Nm EVP_PKEY_meth_set_derive , -.Nm EVP_PKEY_meth_set_ctrl -.Nd manipulate an EVP_PKEY_METHOD structure -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_PKEY_METHOD * -.Fo EVP_PKEY_meth_new -.Fa "int id" -.Fa "int flags" -.Fc -.Ft void -.Fo EVP_PKEY_meth_free -.Fa "EVP_PKEY_METHOD *pmeth" -.Fc -.Ft void -.Fo EVP_PKEY_meth_copy -.Fa "EVP_PKEY_METHOD *dst" -.Fa "const EVP_PKEY_METHOD *src" -.Fc -.Ft const EVP_PKEY_METHOD * -.Fo EVP_PKEY_meth_find -.Fa "int type" -.Fc -.Ft int -.Fo EVP_PKEY_meth_add0 -.Fa "const EVP_PKEY_METHOD *pmeth" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_init -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*init)(EVP_PKEY_CTX *ctx)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_copy -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_cleanup -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "void (*cleanup)(EVP_PKEY_CTX *ctx)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_paramgen -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*paramgen_init)(EVP_PKEY_CTX *ctx)" -.Fa "int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_keygen -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*keygen_init)(EVP_PKEY_CTX *ctx)" -.Fa "int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_sign -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*sign_init)(EVP_PKEY_CTX *ctx)" -.Fa "int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,\ - const unsigned char *tbs, size_t tbslen)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_verify -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*verify_init)(EVP_PKEY_CTX *ctx)" -.Fa "int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig,\ - size_t siglen, const unsigned char *tbs, size_t tbslen)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_verify_recover -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*verify_recover_init)(EVP_PKEY_CTX *ctx)" -.Fa "int (*verify_recover)(EVP_PKEY_CTX *ctx, unsigned char *sig,\ - size_t *siglen, const unsigned char *tbs, size_t tbslen)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_signctx -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)" -.Fa "int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig,\ - size_t *siglen, EVP_MD_CTX *mctx)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_verifyctx -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)" -.Fa "int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,\ - int siglen, EVP_MD_CTX *mctx)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_encrypt -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*encrypt_init)(EVP_PKEY_CTX *ctx)" -.Fa "int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out,\ - size_t *outlen, const unsigned char *in, size_t inlen)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_decrypt -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*decrypt_init)(EVP_PKEY_CTX *ctx)" -.Fa "int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out,\ - size_t *outlen, const unsigned char *in, size_t inlen)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_derive -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*derive_init)(EVP_PKEY_CTX *ctx)" -.Fa "int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)" -.Fc -.Ft void -.Fo EVP_PKEY_meth_set_ctrl -.Fa "EVP_PKEY_METHOD *pmeth" -.Fa "int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)" -.Fa "int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)" -.Fc -.Sh DESCRIPTION -The -.Vt EVP_PKEY_METHOD -structure holds a set of methods -for a specific public key cryptographic algorithm. -Those methods perform tasks such as generating keys, signing, verifying, -encrypting, decrypting, and so on. -.Pp -There are two places where the -.Vt EVP_PKEY_METHOD -objects are stored: one is a built-in static array representing the -standard methods for different algorithms, and the other one is a stack -of user-defined application-specific methods, which can be manipulated -with -.Fn EVP_PKEY_meth_add0 . -.Pp -The -.Vt EVP_PKEY_METHOD -objects are usually referenced by -.Vt EVP_PKEY_CTX -objects. -.Ss Methods -The methods implement the particular public key algorithm represented by the -.Vt EVP_PKEY_CTX -object. -.Bd -unfilled -.Ft int Fn (*init) "EVP_PKEY_CTX *ctx" -.Ft int Fn (*copy) "EVP_PKEY_CTX *dst" "EVP_PKEY_CTX *src" -.Ft void Fn (*cleanup) "EVP_PKEY_CTX *ctx" -.Ed -.Pp -The -.Fn init -method is called by -.Xr EVP_PKEY_CTX_new 3 -and -.Xr EVP_PKEY_CTX_new_id 3 -to initialize the algorithm-specific data when a new -.Vt EVP_PKEY_CTX -is created. -The -.Fn cleanup -method is called by -.Xr EVP_PKEY_CTX_free 3 -when an -.Vt EVP_PKEY_CTX -is freed. -The -.Fn copy -method is called by -.Xr EVP_PKEY_CTX_dup 3 -when an -.Vt EVP_PKEY_CTX -is duplicated. -.Bd -unfilled -.Ft int Fn (*paramgen_init) "EVP_PKEY_CTX *ctx" -.Ft int Fn (*paramgen) "EVP_PKEY_CTX *ctx" "EVP_PKEY *pkey" -.Ed -.Pp -The -.Fn paramgen_init -and -.Fn paramgen -methods deal with key parameter generation. -They are called by -.Xr EVP_PKEY_paramgen_init 3 -and -.Xr EVP_PKEY_paramgen 3 -to handle the parameter generation process. -.Bd -unfilled -.Ft int Fn (*keygen_init) "EVP_PKEY_CTX *ctx" -.Ft int Fn (*keygen) "EVP_PKEY_CTX *ctx" "EVP_PKEY *pkey" -.Ed -.Pp -The -.Fn keygen_init -and -.Fn keygen -methods are used to generate a key for the specified algorithm. -They are called by -.Xr EVP_PKEY_keygen_init 3 -and -.Xr EVP_PKEY_keygen 3 . -.Bd -unfilled -.Ft int Fn (*sign_init) "EVP_PKEY_CTX *ctx" -.Ft int Fo (*sign) -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *sig" -.Fa "size_t *siglen" -.Fa "const unsigned char *tbs" -.Fa "size_t tbslen" -.Fc -.Ed -.Pp -The -.Fn sign_init -and -.Fn sign -methods are used to generate the signature of a piece of data using a -private key. -They are called by -.Xr EVP_PKEY_sign_init 3 -and -.Xr EVP_PKEY_sign 3 . -.Bd -unfilled -.Ft int Fn (*verify_init) "EVP_PKEY_CTX *ctx" -.Ft int Fo (*verify) -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const unsigned char *sig" -.Fa "size_t siglen" -.Fa "const unsigned char *tbs" -.Fa "size_t tbslen" -.Fc -.Ed -.Pp -The -.Fn verify_init -and -.Fn verify -methods are used to verify whether a signature is valid. -They are called by -.Xr EVP_PKEY_verify_init 3 -and -.Xr EVP_PKEY_verify 3 . -.Bd -unfilled -.Ft int Fn (*verify_recover_init) "EVP_PKEY_CTX *ctx" -.Ft int Fo (*verify_recover) -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *rout" -.Fa "size_t *routlen" -.Fa "const unsigned char *sig" -.Fa "size_t siglen" -.Fc -.Ed -.Pp -The -.Fn verify_recover_init -and -.Fn verify_recover -methods are used to verify a signature and then recover the digest from -the signature (for instance, a signature that was generated by the RSA -signing algorithm). -They are called by -.Xr EVP_PKEY_verify_recover_init 3 -and -.Xr EVP_PKEY_verify_recover 3 . -.Bd -unfilled -.Ft int Fn (*signctx_init) "EVP_PKEY_CTX *ctx" "EVP_MD_CTX *mctx" -.Ft int Fo (*signctx) -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *sig" -.Fa "size_t *siglen" -.Fa "EVP_MD_CTX *mctx" -.Fc -.Ed -.Pp -The -.Fn signctx_init -and -.Fn signctx -methods are used to sign a digest represented by an -.Vt EVP_MD_CTX -object. -They are called by the -.Xr EVP_DigestSignInit 3 -functions. -.Bd -unfilled -.Ft int Fn (*verifyctx_init) "EVP_PKEY_CTX *ctx" "EVP_MD_CTX *mctx" -.Ft int Fo (*verifyctx) -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const unsigned char *sig" -.Fa "int siglen" -.Fa "EVP_MD_CTX *mctx" -.Fc -.Ed -.Pp -The -.Fn verifyctx_init -and -.Fn verifyctx -methods are used to verify a signature against the data in an -.Vt EVP_MD_CTX -object. -They are called by the -.Xr EVP_DigestVerifyInit 3 -functions. -.Bd -unfilled -.Ft int Fn (*encrypt_init) "EVP_PKEY_CTX *ctx" -.Ft int Fo (*encrypt) -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *out" -.Fa "size_t *outlen" -.Fa "const unsigned char *in" -.Fa "size_t inlen" -.Fc -.Ed -.Pp -The -.Fn encrypt_init -and -.Fn encrypt -methods are used to encrypt a piece of data. -They are called by -.Xr EVP_PKEY_encrypt_init 3 -and -.Xr EVP_PKEY_encrypt 3 . -.Bd -unfilled -.Ft int Fn (*decrypt_init) "EVP_PKEY_CTX *ctx" -.Ft int Fo (*decrypt) -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *out" -.Fa "size_t *outlen" -.Fa "const unsigned char *in" -.Fa "size_t inlen" -.Fc -.Ed -.Pp -The -.Fn decrypt_init -and -.Fn decrypt -methods are used to decrypt a piece of data. -They are called by -.Xr EVP_PKEY_decrypt_init 3 -and -.Xr EVP_PKEY_decrypt 3 . -.Bd -unfilled -.Ft int Fn (*derive_init) "EVP_PKEY_CTX *ctx" -.Ft int Fo (*derive) -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *key" -.Fa "size_t *keylen" -.Fc -.Ed -.Pp -The -.Fn derive_init -and -.Fn derive -methods are used to derive the shared secret from a public key algorithm -(for instance, the DH algorithm). -They are called by -.Xr EVP_PKEY_derive_init 3 -and -.Xr EVP_PKEY_derive 3 . -.Bd -unfilled -.Ft int Fo (*ctrl) -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int type" -.Fa "int p1" -.Fa "void *p2" -.Fc -.Ft int Fo (*ctrl_str) -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const char *type" -.Fa "const char *value" -.Fc -.Ed -.Pp -The -.Fn ctrl -and -.Fn ctrl_str -methods are used to adjust algorithm-specific settings. -See -.Xr EVP_PKEY_CTX_ctrl 3 -for details. -.Ss Functions -.Fn EVP_PKEY_meth_new -creates a new -.Vt EVP_PKEY_METHOD -object with the given -.Fa id -and -.Fa flags . -The following flags are supported: -.Bl -tag -width Ds -.It Dv EVP_PKEY_FLAG_AUTOARGLEN -Automatically calculate the maximum size of the output buffer -in corresponding EVP methods by the EVP framework. -Thus the implementations of these methods don't need to care about -handling the case of returning output buffer size by themselves. -For details on the output buffer size, refer to -.Xr EVP_PKEY_sign 3 . -.It Dv EVP_PKEY_FLAG_SIGCTX_CUSTOM -Indicate that the -.Fn signctx -method of an -.Vt EVP_PKEY_METHOD -is always called by the EVP framework while doing a digest signing -operation by calling -.Xr EVP_DigestSignFinal 3 . -.El -.Pp -.Fn EVP_PKEY_meth_free -frees -.Fa pmeth . -.Pp -.Fn EVP_PKEY_meth_copy -copies -.Fa src -to -.Fa dst . -.Pp -.Fn EVP_PKEY_meth_find -finds an -.Vt EVP_PKEY_METHOD -object with the given -.Fa id . -This function first searches through the user-defined method objects and -then through the built-in objects. -.Pp -.Fn EVP_PKEY_meth_add0 -adds -.Fa pmeth -to the stack of user defined methods. -.Pp -The -.Fn EVP_PKEY_meth_set_* -functions set the corresponding fields of -.Fa pmeth -to the arguments passed. -.Sh RETURN VALUES -.Fn EVP_PKEY_meth_new -returns a pointer to a new -.Vt EVP_PKEY_METHOD -object or -.Dv NULL -on error. -.Pp -.Fn EVP_PKEY_meth_find -returns a pointer to the found -.Vt EVP_PKEY_METHOD -object or -.Dv NULL -if no matching object is found. -.Pp -.Fn EVP_PKEY_meth_add0 -returns 1 if the method is added successfully or 0 if an error occurred. -.Sh SEE ALSO -.Xr EVP_DigestInit 3 , -.Xr EVP_PKEY_meth_get0_info 3 , -.Xr EVP_PKEY_new 3 -.Sh HISTORY -.Fn EVP_PKEY_meth_new , -.Fn EVP_PKEY_meth_free , -.Fn EVP_PKEY_meth_find , -.Fn EVP_PKEY_meth_add0 , -.Fn EVP_PKEY_meth_set_init , -.Fn EVP_PKEY_meth_set_copy , -.Fn EVP_PKEY_meth_set_cleanup , -.Fn EVP_PKEY_meth_set_paramgen , -.Fn EVP_PKEY_meth_set_keygen , -.Fn EVP_PKEY_meth_set_sign , -.Fn EVP_PKEY_meth_set_verify , -.Fn EVP_PKEY_meth_set_verify_recover , -.Fn EVP_PKEY_meth_set_signctx , -.Fn EVP_PKEY_meth_set_verifyctx , -.Fn EVP_PKEY_meth_set_encrypt , -.Fn EVP_PKEY_meth_set_decrypt , -.Fn EVP_PKEY_meth_set_derive , -and -.Fn EVP_PKEY_meth_set_ctrl -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Pp -.Fn EVP_PKEY_meth_copy -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_new.3 b/src/lib/libcrypto/man/EVP_PKEY_new.3 deleted file mode 100644 index 939d5f0d8a..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_new.3 +++ /dev/null @@ -1,211 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_new.3,v 1.13 2021/03/31 16:48:43 tb Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson -.\" and Matt Caswell . -.\" Copyright (c) 2002, 2018 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 31 2021 $ -.Dt EVP_PKEY_NEW 3 -.Os -.Sh NAME -.Nm EVP_PKEY_new , -.Nm EVP_PKEY_up_ref , -.Nm EVP_PKEY_free , -.Nm EVP_PKEY_new_CMAC_key , -.Nm EVP_PKEY_new_mac_key -.Nd private key allocation functions -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_PKEY * -.Fn EVP_PKEY_new void -.Ft int -.Fo EVP_PKEY_up_ref -.Fa "EVP_PKEY *key" -.Fc -.Ft void -.Fo EVP_PKEY_free -.Fa "EVP_PKEY *key" -.Fc -.Ft EVP_PKEY * -.Fo EVP_PKEY_new_CMAC_key -.Fa "ENGINE *e" -.Fa "const unsigned char *priv" -.Fa "size_t len" -.Fa "const EVP_CIPHER *cipher" -.Fc -.Ft EVP_PKEY * -.Fo EVP_PKEY_new_mac_key -.Fa "int type" -.Fa "ENGINE *e" -.Fa "const unsigned char *key" -.Fa "int keylen" -.Fc -.Sh DESCRIPTION -The -.Vt EVP_PKEY -structure is used by various OpenSSL functions which require a general -private key without reference to any particular algorithm. -.Pp -The -.Fn EVP_PKEY_new -function allocates an empty -.Vt EVP_PKEY -structure. -The reference count is set to 1. -To add a private or public key to it, use the functions described in -.Xr EVP_PKEY_set1_RSA 3 . -.Pp -.Fn EVP_PKEY_up_ref -increments the reference count of -.Fa key -by 1. -.Pp -.Fn EVP_PKEY_free -decrements the reference count of -.Fa key -by 1, and if the reference count reaches zero, frees it up. -If -.Fa key -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn EVP_PKEY_new_CMAC_key -allocates a new -.Vt EVP_PKEY -for the -.Dv EVP_PKEY_CMAC -algorithm type. -If -.Fa e -is -.Pf non- Dv NULL , -then the new -.Vt EVP_PKEY -is associated with the engine -.Fa e . -.Fa priv -points to the raw private key data -of length -.Fa len -for this -.Vt EVP_PKEY . -.Fa cipher -specifies a cipher algorithm to be used during creation of the CMAC. -.Fa cipher -should be a standard encryption only cipher. -For example, AEAD and XTS ciphers should not be used. -.Pp -.Fn EVP_PKEY_new_mac_key -allocates a new -.Vt EVP_PKEY . -If -.Fa e -is -.Pf non- Dv NULL , -then the new -.Vt EVP_PKEY -structure is associated with the engine -.Fa e . -The -.Fa type -argument indicates what kind of key this is. -The value should be a NID for a public key algorithm that supports -raw private keys, for example -.Dv EVP_PKEY_HMAC . -.Fa key -points to the raw private key data for this -.Vt EVP_PKEY -which should be of length -.Fa keylen . -The length should be appropriate for the type of the key. -The public key data will be automatically derived from the given -private key data (if appropriate for the algorithm type). -.Sh RETURN VALUES -.Fn EVP_PKEY_new , -.Fn EVP_PKEY_new_CMAC_key , -and -.Fn EVP_PKEY_new_mac_key -return either the newly allocated -.Vt EVP_PKEY -structure or -.Dv NULL -if an error occurred. -.Pp -.Fn EVP_PKEY_up_ref -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr CMAC_Init 3 , -.Xr d2i_PrivateKey 3 , -.Xr evp 3 , -.Xr EVP_PKEY_asn1_new 3 , -.Xr EVP_PKEY_cmp 3 , -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_get_default_digest_nid 3 , -.Xr EVP_PKEY_meth_new 3 , -.Xr EVP_PKEY_print_private 3 , -.Xr EVP_PKEY_set1_RSA 3 -.Sh HISTORY -.Fn EVP_PKEY_new -and -.Fn EVP_PKEY_free -first appeared in SSLeay 0.6.0 and have been available since -.Ox 2.4 . -.Pp -.Fn EVP_PKEY_new_CMAC_key -first appeared in OpenSSL 1.1.1 and has been available since -.Ox 6.9 . -.Pp -.Fn EVP_PKEY_new_mac_key -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . -.Pp -.Fn EVP_PKEY_up_ref -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_print_private.3 b/src/lib/libcrypto/man/EVP_PKEY_print_private.3 deleted file mode 100644 index c1e6899818..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_print_private.3 +++ /dev/null @@ -1,130 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_print_private.3,v 1.7 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt EVP_PKEY_PRINT_PRIVATE 3 -.Os -.Sh NAME -.Nm EVP_PKEY_print_public , -.Nm EVP_PKEY_print_private , -.Nm EVP_PKEY_print_params -.Nd public key algorithm printing routines -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_print_public -.Fa "BIO *out" -.Fa "const EVP_PKEY *pkey" -.Fa "int indent" -.Fa "ASN1_PCTX *pctx" -.Fc -.Ft int -.Fo EVP_PKEY_print_private -.Fa "BIO *out" -.Fa "const EVP_PKEY *pkey" -.Fa "int indent" -.Fa "ASN1_PCTX *pctx" -.Fc -.Ft int -.Fo EVP_PKEY_print_params -.Fa "BIO *out" -.Fa "const EVP_PKEY *pkey" -.Fa "int indent" -.Fa "ASN1_PCTX *pctx" -.Fc -.Sh DESCRIPTION -The functions -.Fn EVP_PKEY_print_public , -.Fn EVP_PKEY_print_private , -and -.Fn EVP_PKEY_print_params -print out the public, private or parameter components of key -.Fa pkey , -respectively. -The key is sent to -.Vt BIO -.Fa out -in human readable form. -The parameter -.Fa indent -indicates how far the printout should be indented. -.Pp -The -.Fa pctx -parameter allows the print output to be finely tuned by using ASN.1 -printing options. -If -.Fa pctx -is set to -.Dv NULL , -then default values will be used. -Currently, no public key algorithms include any options in the -.Fa pctx -parameter. -.Pp -If the key does not include all the components indicated by the function, -then only those contained in the key will be printed. -For example, passing a public key to -.Fn EVP_PKEY_print_private -will only print the public components. -.Sh RETURN VALUES -These functions all return 1 for success and 0 or a negative value for -failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh SEE ALSO -.Xr EVP_PKEY_asn1_set_public 3 , -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_keygen 3 , -.Xr EVP_PKEY_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 deleted file mode 100644 index 2883c02d34..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ /dev/null @@ -1,478 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.18 2021/07/02 11:48:01 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019, 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 2 2021 $ -.Dt EVP_PKEY_SET1_RSA 3 -.Os -.Sh NAME -.Nm EVP_PKEY_set1_RSA , -.Nm EVP_PKEY_set1_DSA , -.Nm EVP_PKEY_set1_DH , -.Nm EVP_PKEY_set1_EC_KEY , -.Nm EVP_PKEY_get1_RSA , -.Nm EVP_PKEY_get1_DSA , -.Nm EVP_PKEY_get1_DH , -.Nm EVP_PKEY_get1_EC_KEY , -.Nm EVP_PKEY_get0_RSA , -.Nm EVP_PKEY_get0_DSA , -.Nm EVP_PKEY_get0_DH , -.Nm EVP_PKEY_get0_EC_KEY , -.Nm EVP_PKEY_get0_hmac , -.Nm EVP_PKEY_get0 , -.Nm EVP_PKEY_assign_RSA , -.Nm EVP_PKEY_assign_DSA , -.Nm EVP_PKEY_assign_DH , -.Nm EVP_PKEY_assign_EC_KEY , -.Nm EVP_PKEY_assign_GOST , -.Nm EVP_PKEY_assign , -.Nm EVP_PKEY_base_id , -.Nm EVP_PKEY_id , -.Nm EVP_PKEY_type , -.Nm EVP_PKEY_set_type -.\" The function X509_certificate_type(3) is intentionally undocumented -.\" and scheduled for deletion from the library. BoringSSL already -.\" deleted it and OpenSSL deprecates it in version 3.0. -.Nd EVP_PKEY assignment functions -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_set1_RSA -.Fa "EVP_PKEY *pkey" -.Fa "RSA *key" -.Fc -.Ft int -.Fo EVP_PKEY_set1_DSA -.Fa "EVP_PKEY *pkey" -.Fa "DSA *key" -.Fc -.Ft int -.Fo EVP_PKEY_set1_DH -.Fa "EVP_PKEY *pkey" -.Fa "DH *key" -.Fc -.Ft int -.Fo EVP_PKEY_set1_EC_KEY -.Fa "EVP_PKEY *pkey" -.Fa "EC_KEY *key" -.Fc -.Ft RSA * -.Fo EVP_PKEY_get1_RSA -.Fa "EVP_PKEY *pkey" -.Fc -.Ft DSA * -.Fo EVP_PKEY_get1_DSA -.Fa "EVP_PKEY *pkey" -.Fc -.Ft DH * -.Fo EVP_PKEY_get1_DH -.Fa "EVP_PKEY *pkey" -.Fc -.Ft EC_KEY * -.Fo EVP_PKEY_get1_EC_KEY -.Fa "EVP_PKEY *pkey" -.Fc -.Ft RSA * -.Fo EVP_PKEY_get0_RSA -.Fa "EVP_PKEY *pkey" -.Fc -.Ft DSA * -.Fo EVP_PKEY_get0_DSA -.Fa "EVP_PKEY *pkey" -.Fc -.Ft DH * -.Fo EVP_PKEY_get0_DH -.Fa "EVP_PKEY *pkey" -.Fc -.Ft EC_KEY * -.Fo EVP_PKEY_get0_EC_KEY -.Fa "EVP_PKEY *pkey" -.Fc -.Ft const unsigned char * -.Fo EVP_PKEY_get0_hmac -.Fa "const EVP_PKEY *pkey" -.Fa "size_t *len" -.Fc -.Ft void * -.Fo EVP_PKEY_get0 -.Fa "const EVP_PKEY *pkey" -.Fc -.Ft int -.Fo EVP_PKEY_assign_RSA -.Fa "EVP_PKEY *pkey" -.Fa "RSA *key" -.Fc -.Ft int -.Fo EVP_PKEY_assign_DSA -.Fa "EVP_PKEY *pkey" -.Fa "DSA *key" -.Fc -.Ft int -.Fo EVP_PKEY_assign_DH -.Fa "EVP_PKEY *pkey" -.Fa "DH *key" -.Fc -.Ft int -.Fo EVP_PKEY_assign_EC_KEY -.Fa "EVP_PKEY *pkey" -.Fa "EC_KEY *key" -.Fc -.Ft int -.Fo EVP_PKEY_assign_GOST -.Fa "EVP_PKEY *pkey" -.Fa "GOST_KEY *key" -.Fc -.Ft int -.Fo EVP_PKEY_assign -.Fa "EVP_PKEY *pkey" -.Fa "int type" -.Fa "void *key" -.Fc -.Ft int -.Fo EVP_PKEY_base_id -.Fa "EVP_PKEY *pkey" -.Fc -.Ft int -.Fo EVP_PKEY_id -.Fa "EVP_PKEY *pkey" -.Fc -.Ft int -.Fo EVP_PKEY_type -.Fa "int type" -.Fc -.Ft int -.Fo EVP_PKEY_set_type -.Fa "EVP_PKEY *pkey" -.Fa "int type" -.Fc -.Sh DESCRIPTION -.Fn EVP_PKEY_set1_RSA , -.Fn EVP_PKEY_set1_DSA , -.Fn EVP_PKEY_set1_DH , -and -.Fn EVP_PKEY_set1_EC_KEY -set the key referenced by -.Fa pkey -to -.Fa key -and increment the reference count of -.Fa key -by 1 in case of success. -.Pp -.Fn EVP_PKEY_get1_RSA , -.Fn EVP_PKEY_get1_DSA , -.Fn EVP_PKEY_get1_DH , -and -.Fn EVP_PKEY_get1_EC_KEY -return the key referenced in -.Fa pkey , -incrementing its reference count by 1, or -.Dv NULL -if the key is not of the correct type. -.Pp -.Fn EVP_PKEY_get0_RSA , -.Fn EVP_PKEY_get0_DSA , -.Fn EVP_PKEY_get0_DH , -.Fn EVP_PKEY_get0_EC_KEY , -and -.Fn EVP_PKEY_get0 -are identical except that they do not increment the reference count. -Consequently, the returned key must not be freed by the caller. -.Pp -.Fn EVP_PKEY_get0_hmac -returns an internal pointer to the key referenced in -.Fa pkey -and sets -.Pf * Fa len -to its length in bytes. -The returned pointer must not be freed by the caller. -If -.Fa pkey -is not of the correct type, -.Dv NULL -is returned and the content of -.Pf * Fa len -becomes unspecified. -.Pp -.Fn EVP_PKEY_assign_RSA , -.Fn EVP_PKEY_assign_DSA , -.Fn EVP_PKEY_assign_DH , -.Fn EVP_PKEY_assign_EC_KEY , -.Fn EVP_PKEY_assign_GOST , -and -.Fn EVP_PKEY_assign -also set the referenced key to -.Fa key ; -however these use the supplied -.Fa key -internally without incrementing its reference count, such that -.Fa key -will be freed when the parent -.Fa pkey -is freed. -If the -.Fa key -is of the wrong type, these functions report success even though -.Fa pkey -ends up in a corrupted state. -Even the functions explicitly containing the type in their name are -.Em not -type safe because they are implemented as macros. -The following types are supported: -.Dv EVP_PKEY_RSA , -.Dv EVP_PKEY_DSA , -.Dv EVP_PKEY_DH , -.Dv EVP_PKEY_EC , -and -.Dv EVP_PKEY_GOSTR01 . -.Pp -.Fn EVP_PKEY_base_id -returns the type of -.Fa pkey -according to the following table: -.Pp -.Bl -column -compact -offset 2n EVP_PKEY_GOSTR NID_X9_62_id_ecPublicKey -.It Sy return value Ta Ta Sy PEM type string -.It Dv EVP_PKEY_CMAC Ta = Dv NID_cmac Ta CMAC -.It Dv EVP_PKEY_DH Ta = Dv NID_dhKeyAgreement Ta DH -.It Dv EVP_PKEY_DSA Ta = Dv NID_dsa Ta DSA -.It Dv EVP_PKEY_EC Ta = Dv NID_X9_62_id_ecPublicKey Ta EC -.It Dv EVP_PKEY_GOSTIMIT Ta = Dv NID_id_Gost28147_89_MAC Ta GOST-MAC -.It Dv EVP_PKEY_GOSTR01 Ta = Dv NID_id_GostR3410_2001 Ta GOST2001 -.It Dv EVP_PKEY_HMAC Ta = Dv NID_hmac Ta HMAC -.It Dv EVP_PKEY_RSA Ta = Dv NID_rsaEncryption Ta RSA -.It Dv EVP_PKEY_RSA_PSS Ta = Dv NID_rsassaPss Ta RSA-PSS -.El -.Pp -Application programs can support additional key types by calling -.Xr EVP_PKEY_asn1_add0 3 . -.Pp -.Fn EVP_PKEY_id -returns the actual OID associated with -.Fa pkey . -Historically keys using the same algorithm could use different OIDs. -The following deprecated aliases are still supported: -.Pp -.Bl -column -compact -offset 2n EVP_PKEY_GOSTR12_ NID_id_tc26_gost3410_2012_512 -.It Sy return value Ta Ta Sy alias for -.It Dv EVP_PKEY_DSA1 Ta = Dv NID_dsa_2 Ta DSA -.It Dv EVP_PKEY_DSA2 Ta = Dv NID_dsaWithSHA Ta DSA -.It Dv EVP_PKEY_DSA3 Ta = Dv NID_dsaWithSHA1 Ta DSA -.It Dv EVP_PKEY_DSA4 Ta = Dv NID_dsaWithSHA1_2 Ta DSA -.It Dv EVP_PKEY_GOSTR12_256 Ta = Dv NID_id_tc26_gost3410_2012_256 Ta GOST2001 -.It Dv EVP_PKEY_GOSTR12_512 Ta = Dv NID_id_tc26_gost3410_2012_512 Ta GOST2001 -.It Dv EVP_PKEY_RSA2 Ta = Dv NID_rsa Ta RSA -.El -.Pp -Application programs can support additional alternative OIDs by calling -.Xr EVP_PKEY_asn1_add_alias 3 . -.Pp -Most applications wishing to know a key type will simply call -.Fn EVP_PKEY_base_id -and will not care about the actual type, -which will be identical in almost all cases. -.Pp -.Fn EVP_PKEY_type -returns the underlying type of the NID -.Fa type . -For example, -.Fn EVP_PKEY_type EVP_PKEY_RSA2 -will return -.Dv EVP_PKEY_RSA . -.Pp -.Fn EVP_PKEY_set_type -frees the key referenced in -.Fa pkey , -if any, and sets the key type of -.Fa pkey -to -.Fa type -without referencing a new key from -.Fa pkey -yet. -For -.Fa type , -any of the possible return values of -.Fn EVP_PKEY_base_id -and -.Fn EVP_PKEY_id -can be passed. -.Pp -In accordance with the OpenSSL naming convention, the key obtained from -or assigned to -.Fa pkey -using the -.Sy 1 -functions must be freed as well as -.Fa pkey . -.Sh RETURN VALUES -.Fn EVP_PKEY_set1_RSA , -.Fn EVP_PKEY_set1_DSA , -.Fn EVP_PKEY_set1_DH , -.Fn EVP_PKEY_set1_EC_KEY , -.Fn EVP_PKEY_assign_RSA , -.Fn EVP_PKEY_assign_DSA , -.Fn EVP_PKEY_assign_DH , -.Fn EVP_PKEY_assign_EC_KEY , -.Fn EVP_PKEY_assign_GOST , -.Fn EVP_PKEY_assign , -and -.Fn EVP_PKEY_set_type -return 1 for success or 0 for failure. -.Pp -.Fn EVP_PKEY_get1_RSA , -.Fn EVP_PKEY_get1_DSA , -.Fn EVP_PKEY_get1_DH , -.Fn EVP_PKEY_get1_EC_KEY , -.Fn EVP_PKEY_get0_RSA , -.Fn EVP_PKEY_get0_DSA , -.Fn EVP_PKEY_get0_DH , -.Fn EVP_PKEY_get0_EC_KEY , -.Fn EVP_PKEY_get0_hmac , -and -.Fn EVP_PKEY_get0 -return the referenced key or -.Dv NULL -if an error occurred. -For -.Fn EVP_PKEY_get0 , -the return value points to an -.Vt RSA , -.Vt DSA , -.Vt DH , -.Vt EC_KEY , -.Vt GOST_KEY , -or -.Vt ASN1_OCTET_STRING -object depending on the type of -.Fa pkey . -.Pp -.Fn EVP_PKEY_base_id , -.Fn EVP_PKEY_id , -and -.Fn EVP_PKEY_type -return a key type or -.Dv NID_undef -(equivalently -.Dv EVP_PKEY_NONE ) -on error. -.Sh SEE ALSO -.Xr DH_new 3 , -.Xr DSA_new 3 , -.Xr EC_KEY_new 3 , -.Xr EVP_PKEY_get0_asn1 3 , -.Xr EVP_PKEY_new 3 , -.Xr RSA_new 3 -.Sh HISTORY -.Fn EVP_PKEY_assign_RSA , -.Fn EVP_PKEY_assign_DSA , -.Fn EVP_PKEY_assign_DH , -.Fn EVP_PKEY_assign , -and -.Fn EVP_PKEY_type -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn EVP_PKEY_set1_RSA , -.Fn EVP_PKEY_set1_DSA , -.Fn EVP_PKEY_set1_DH , -.Fn EVP_PKEY_get1_RSA , -.Fn EVP_PKEY_get1_DSA , -and -.Fn EVP_PKEY_get1_DH -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn EVP_PKEY_set1_EC_KEY , -.Fn EVP_PKEY_get1_EC_KEY , -and -.Fn EVP_PKEY_assign_EC_KEY -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn EVP_PKEY_get0 , -.Fn EVP_PKEY_set_type , -.Fn EVP_PKEY_base_id , -and -.Fn EVP_PKEY_id -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Pp -.Fn EVP_PKEY_assign_GOST -first appeared in -.Ox 5.7 . -.Pp -.Fn EVP_PKEY_get0_RSA , -.Fn EVP_PKEY_get0_DSA , -.Fn EVP_PKEY_get0_DH , -and -.Fn EVP_PKEY_get0_EC_KEY -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . -.Pp -.Fn EVP_PKEY_get0_hmac -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.5 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_sign.3 b/src/lib/libcrypto/man/EVP_PKEY_sign.3 deleted file mode 100644 index efbea950c9..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_sign.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_sign.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2013, 2014 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt EVP_PKEY_SIGN 3 -.Os -.Sh NAME -.Nm EVP_PKEY_sign_init , -.Nm EVP_PKEY_sign -.Nd sign using a public key algorithm -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_sign_init -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_sign -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *sig" -.Fa "size_t *siglen" -.Fa "const unsigned char *tbs" -.Fa "size_t tbslen" -.Fc -.Sh DESCRIPTION -The -.Fn EVP_PKEY_sign_init -function initializes a public key algorithm context using the key -.Fa ctx->pkey -for a signing operation. -.Pp -The -.Fn EVP_PKEY_sign -function performs a public key signing operation using -.Fa ctx . -The data to be signed is specified using the -.Fa tbs -and -.Fa tbslen -parameters. -If -.Fa sig -is -.Dv NULL , -then the maximum size of the output buffer is written to the -.Fa siglen -parameter. -If -.Fa sig -is not -.Dv NULL , -then before the call the -.Fa siglen -parameter should contain the length of the -.Fa sig -buffer. -If the call is successful the signature is written to -.Fa sig -and the amount of data written to -.Fa siglen . -.Pp -.Fn EVP_PKEY_sign -does not hash the data to be signed, and therefore is normally used -to sign digests. -For signing arbitrary messages, see the -.Xr EVP_DigestSignInit 3 -and -.Xr EVP_SignInit 3 -signing interfaces instead. -.Pp -After the call to -.Fn EVP_PKEY_sign_init , -algorithm specific control operations can be performed to set any -appropriate parameters for the operation; see -.Xr EVP_PKEY_CTX_ctrl 3 . -.Pp -The function -.Fn EVP_PKEY_sign -can be called more than once on the same context if several operations -are performed using the same parameters. -.Sh RETURN VALUES -.Fn EVP_PKEY_sign_init -and -.Fn EVP_PKEY_sign -return 1 for success and 0 or a negative value for failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh EXAMPLES -Sign data using RSA with PKCS#1 padding and SHA256 digest: -.Bd -literal -offset indent -#include -#include - -EVP_PKEY_CTX *ctx; -/* md is a SHA-256 digest in this example. */ -unsigned char *md, *sig; -size_t mdlen = 32, siglen; -EVP_PKEY *signing_key; - -/* - * NB: assumes signing_key and md are set up before the next - * step. signing_key must be an RSA private key and md must - * point to the SHA-256 digest to be signed. - */ -ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); -if (!ctx) - /* Error occurred */ -if (EVP_PKEY_sign_init(ctx) <= 0) - /* Error */ -if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - /* Error */ -if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) - /* Error */ - -/* Determine buffer length */ -if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) - /* Error */ - -sig = malloc(siglen); - -if (!sig) - /* malloc failure */ - -if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) - /* Error */ - -/* Signature is siglen bytes written to buffer sig */ -.Ed -.Sh SEE ALSO -.Xr EVP_PKEY_CTX_ctrl 3 , -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_decrypt 3 , -.Xr EVP_PKEY_derive 3 , -.Xr EVP_PKEY_encrypt 3 , -.Xr EVP_PKEY_meth_set_sign 3 , -.Xr EVP_PKEY_verify 3 , -.Xr EVP_PKEY_verify_recover 3 -.Sh HISTORY -.Fn EVP_PKEY_sign_init -and -.Fn EVP_PKEY_sign -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_verify.3 b/src/lib/libcrypto/man/EVP_PKEY_verify.3 deleted file mode 100644 index c4d983320a..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_verify.3 +++ /dev/null @@ -1,168 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_verify.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ -.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2010, 2013, 2018 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt EVP_PKEY_VERIFY 3 -.Os -.Sh NAME -.Nm EVP_PKEY_verify_init , -.Nm EVP_PKEY_verify -.Nd signature verification using a public key algorithm -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_verify_init -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_verify -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const unsigned char *sig" -.Fa "size_t siglen" -.Fa "const unsigned char *tbs" -.Fa "size_t tbslen" -.Fc -.Sh DESCRIPTION -The -.Fn EVP_PKEY_verify_init -function initializes a public key algorithm context using key -.Fa ctx->pkey -for a signature verification operation. -.Pp -The -.Fn EVP_PKEY_verify -function performs a public key verification operation using -.Fa ctx . -The signature is specified using the -.Fa sig -and -.Fa siglen -parameters. -The verified data (i.e. the data believed originally signed) is -specified using the -.Fa tbs -and -.Fa tbslen -parameters. -.Pp -After the call to -.Fn EVP_PKEY_verify_init , -algorithm specific control operations can be performed to set any -appropriate parameters for the operation. -.Pp -The function -.Fn EVP_PKEY_verify -can be called more than once on the same context if several operations -are performed using the same parameters. -.Sh RETURN VALUES -.Fn EVP_PKEY_verify_init -and -.Fn EVP_PKEY_verify -return 1 if the verification was successful and 0 if it failed. -Unlike other functions the return value 0 from -.Fn EVP_PKEY_verify -only indicates that the signature did not verify successfully. -That is, -.Fa tbs -did not match the original data or the signature was of invalid form. -It is not an indication of a more serious error. -.Pp -A negative value indicates an error other that signature verification -failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh EXAMPLES -Verify signature using PKCS#1 and SHA256 digest: -.Bd -literal -offset 3n -#include -#include - -EVP_PKEY_CTX *ctx; -unsigned char *md, *sig; -size_t mdlen, siglen; -EVP_PKEY *verify_key; - -/* - * Assumes that verify_key, sig, siglen, md, and mdlen are already set up - * and that verify_key is an RSA public key. - */ -ctx = EVP_PKEY_CTX_new(verify_key, NULL); -if (!ctx) - /* Error occurred */ -if (EVP_PKEY_verify_init(ctx) <= 0) - /* Error */ -if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - /* Error */ -if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) - /* Error */ - -/* Perform operation */ -ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); - -/* - * ret == 1 indicates success, 0 verify failure, - * and < 0 some other error. - */ -.Ed -.Sh SEE ALSO -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_decrypt 3 , -.Xr EVP_PKEY_derive 3 , -.Xr EVP_PKEY_encrypt 3 , -.Xr EVP_PKEY_meth_set_verify 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify_recover 3 -.Sh HISTORY -.Fn EVP_PKEY_verify_init -and -.Fn EVP_PKEY_verify -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 deleted file mode 100644 index 3a55faccd2..0000000000 --- a/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 +++ /dev/null @@ -1,189 +0,0 @@ -.\" $OpenBSD: EVP_PKEY_verify_recover.3,v 1.9 2018/03/23 04:34:23 schwarze Exp $ -.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2006, 2009, 2010, 2013, 2018 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt EVP_PKEY_VERIFY_RECOVER 3 -.Os -.Sh NAME -.Nm EVP_PKEY_verify_recover_init , -.Nm EVP_PKEY_verify_recover -.Nd recover signature using a public key algorithm -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_PKEY_verify_recover_init -.Fa "EVP_PKEY_CTX *ctx" -.Fc -.Ft int -.Fo EVP_PKEY_verify_recover -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *rout" -.Fa "size_t *routlen" -.Fa "const unsigned char *sig" -.Fa "size_t siglen" -.Fc -.Sh DESCRIPTION -The -.Fn EVP_PKEY_verify_recover_init -function initializes a public key algorithm context using key -.Fa ctx->pkey -for a verify recover operation. -.Pp -The -.Fn EVP_PKEY_verify_recover -function recovers signed data using -.Fa ctx . -The signature is specified using the -.Fa sig -and -.Fa siglen -parameters. -If -.Fa rout -is -.Dv NULL , -then the maximum size of the output buffer is written to the -.Fa routlen -parameter. -If -.Fa rout -is not -.Dv NULL , -then before the call the -.Fa routlen -parameter should contain the length of the -.Fa rout -buffer. -If the call is successful, recovered data is written to -.Fa rout -and the amount of data written to -.Fa routlen . -.Pp -Normally an application is only interested in whether a signature -verification operation is successful. -In those cases, the -.Xr EVP_PKEY_verify 3 -function should be used. -.Pp -Sometimes however it is useful to obtain the data originally signed -using a signing operation. -Only certain public key algorithms can recover a signature in this way -(for example RSA in PKCS padding mode). -.Pp -After the call to -.Fn EVP_PKEY_verify_recover_init , -algorithm specific control operations can be performed to set any -appropriate parameters for the operation. -.Pp -The function -.Fn EVP_PKEY_verify_recover -can be called more than once on the same context if several operations -are performed using the same parameters. -.Sh RETURN VALUES -.Fn EVP_PKEY_verify_recover_init -and -.Fn EVP_PKEY_verify_recover -return 1 for success and 0 or a negative value for failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh EXAMPLES -Recover digest originally signed using PKCS#1 and SHA256 digest: -.Bd -literal -offset indent -#include -#include - -EVP_PKEY_CTX *ctx; -unsigned char *rout, *sig; -size_t routlen, siglen; -EVP_PKEY *verify_key; - -/* - * Assumes that verify_key, sig, and siglen are already set up - * and that verify_key is an RSA public key. - */ -ctx = EVP_PKEY_CTX_new(verify_key, NULL); -if (!ctx) - /* Error occurred */ -if (EVP_PKEY_verify_recover_init(ctx) <= 0) - /* Error */ -if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - /* Error */ -if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) - /* Error */ - -/* Determine buffer length */ -if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) - /* Error */ - -rout = malloc(routlen); - -if (!rout) - /* malloc failure */ - -if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) - /* Error */ - -/* Recovered data is routlen bytes written to buffer rout */ -.Ed -.Sh SEE ALSO -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_decrypt 3 , -.Xr EVP_PKEY_derive 3 , -.Xr EVP_PKEY_encrypt 3 , -.Xr EVP_PKEY_meth_set_verify_recover 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 -.Sh HISTORY -.Fn EVP_PKEY_verify_recover_init -and -.Fn EVP_PKEY_verify_recover -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_SealInit.3 b/src/lib/libcrypto/man/EVP_SealInit.3 deleted file mode 100644 index 15938fcb33..0000000000 --- a/src/lib/libcrypto/man/EVP_SealInit.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" $OpenBSD: EVP_SealInit.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2002, 2003, 2005, 2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 7 2019 $ -.Dt EVP_SEALINIT 3 -.Os -.Sh NAME -.Nm EVP_SealInit , -.Nm EVP_SealUpdate , -.Nm EVP_SealFinal -.Nd EVP envelope encryption -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_SealInit -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "const EVP_CIPHER *type" -.Fa "unsigned char **ek" -.Fa "int *ekl" -.Fa "unsigned char *iv" -.Fa "EVP_PKEY **pubk" -.Fa "int npubk" -.Fc -.Ft int -.Fo EVP_SealUpdate -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fa "unsigned char *in" -.Fa "int inl" -.Fc -.Ft int -.Fo EVP_SealFinal -.Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *out" -.Fa "int *outl" -.Fc -.Sh DESCRIPTION -The EVP envelope routines are a high level interface to envelope -encryption. -They generate a random key and IV (if required) then "envelope" it by -using public key encryption. -Data can then be encrypted using this key. -.Pp -.Fn EVP_SealInit -initializes a cipher context -.Fa ctx -for encryption with cipher -.Fa type -using a random secret key and IV. -.Fa type -is normally supplied by a function such as -.Xr EVP_aes_256_cbc 3 ; -see -.Xr EVP_EncryptInit 3 -for details. -The secret key is encrypted using one or more public keys. -This allows the same encrypted data to be decrypted using any of -the corresponding private keys. -.Fa ek -is an array of buffers where the public key encrypted secret key will be -written. -Each buffer must contain enough room for the corresponding encrypted -key: that is -.Fa ek[i] -must have room for -.Fn EVP_PKEY_size pubk[i] -bytes. -The actual size of each encrypted secret key is written to the array -.Fa ekl . -.Fa pubk -is an array of -.Fa npubk -public keys. -.Pp -The -.Fa iv -parameter is a buffer where the generated IV is written to. -It must contain enough room for the corresponding cipher's IV, as -determined by (for example) -.Fn EVP_CIPHER_iv_length type . -.Pp -If the cipher does not require an IV then the -.Fa iv -parameter is ignored and can be -.Dv NULL . -.Pp -.Fn EVP_SealUpdate -and -.Fn EVP_SealFinal -have exactly the same properties as the -.Xr EVP_EncryptUpdate 3 -and -.Xr EVP_EncryptFinal 3 -routines. -.Pp -The public key must be RSA because it is the only OpenSSL public key -algorithm that supports key transport. -.Pp -Envelope encryption is the usual method of using public key encryption -on large amounts of data. -This is because public key encryption is slow but symmetric encryption -is fast. -So symmetric encryption is used for bulk encryption and the small random -symmetric key used is transferred using public key encryption. -.Pp -It is possible to call -.Fn EVP_SealInit -twice in the same way as -.Xr EVP_EncryptInit 3 . -The first call should have -.Fa npubk -set to 0 and (after setting any cipher parameters) it should be called -again with -.Fa type -set to NULL. -.Sh RETURN VALUES -.Fn EVP_SealInit -returns 0 on error or -.Fa npubk -if successful. -.Pp -.Fn EVP_SealUpdate -and -.Fn EVP_SealFinal -return 1 for success and 0 for failure. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_EncryptInit 3 , -.Xr EVP_OpenInit 3 -.Sh HISTORY -.Fn EVP_SealInit , -.Fn EVP_SealUpdate , -and -.Fn EVP_SealFinal -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn EVP_SealFinal -did not return a value before OpenSSL 0.9.7. diff --git a/src/lib/libcrypto/man/EVP_SignInit.3 b/src/lib/libcrypto/man/EVP_SignInit.3 deleted file mode 100644 index a53d059b46..0000000000 --- a/src/lib/libcrypto/man/EVP_SignInit.3 +++ /dev/null @@ -1,229 +0,0 @@ -.\" $OpenBSD: EVP_SignInit.3,v 1.14 2019/06/10 14:58:48 schwarze Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000-2002, 2005, 2006, 2014-2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt EVP_SIGNINIT 3 -.Os -.Sh NAME -.Nm EVP_SignInit_ex , -.Nm EVP_SignUpdate , -.Nm EVP_SignFinal , -.Nm EVP_SignInit , -.Nm EVP_PKEY_size , -.Nm EVP_PKEY_bits -.Nd EVP signing functions -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_SignInit_ex -.Fa "EVP_MD_CTX *ctx" -.Fa "const EVP_MD *type" -.Fa "ENGINE *impl" -.Fc -.Ft int -.Fo EVP_SignUpdate -.Fa "EVP_MD_CTX *ctx" -.Fa "const void *d" -.Fa "unsigned int cnt" -.Fc -.Ft int -.Fo EVP_SignFinal -.Fa "EVP_MD_CTX *ctx" -.Fa "unsigned char *sig" -.Fa "unsigned int *s" -.Fa "EVP_PKEY *pkey" -.Fc -.Ft void -.Fo EVP_SignInit -.Fa "EVP_MD_CTX *ctx" -.Fa "const EVP_MD *type" -.Fc -.Ft int -.Fo EVP_PKEY_size -.Fa "const EVP_PKEY *pkey" -.Fc -.Ft int -.Fo EVP_PKEY_bits -.Fa "const EVP_PKEY *pkey" -.Fc -.Sh DESCRIPTION -The EVP signature routines are a high level interface to digital -signatures. -.Pp -.Fn EVP_SignInit_ex -sets up a signing context -.Fa ctx -to use the digest -.Fa type -from -.Vt ENGINE -.Fa impl . -.Fa ctx -must be initialized with -.Xr EVP_MD_CTX_init 3 -before calling this function. -.Pp -.Fn EVP_SignUpdate -hashes -.Fa cnt -bytes of data at -.Fa d -into the signature context -.Fa ctx . -This function can be called several times on the same -.Fa ctx -to include additional data. -.Pp -.Fn EVP_SignFinal -signs the data in -.Fa ctx -using the private key -.Fa pkey -and places the signature in -.Fa sig . -.Fa sig -must be at least -.Fn EVP_PKEY_size pkey -bytes in size. -.Fa s -is an OUT parameter, and not used as an IN parameter. -The number of bytes of data written (i.e.\& -the length of the signature) will be written to the integer at -.Fa s . -At most -.Fn EVP_PKEY_size pkey -bytes will be written. -.Pp -.Fn EVP_SignInit -initializes a signing context -.Fa ctx -to use the default implementation of digest -.Fa type . -.Pp -.Fn EVP_PKEY_size -returns the maximum size of a signature in bytes. -The actual signature returned by -.Fn EVP_SignFinal -may be smaller. -.Pp -The EVP interface to digital signatures should almost always be -used in preference to the low level interfaces. -This is because the code then becomes transparent to the algorithm used -and much more flexible. -.Pp -The call to -.Fn EVP_SignFinal -internally finalizes a copy of the digest context. -This means that calls to -.Fn EVP_SignUpdate -and -.Fn EVP_SignFinal -can be called later to digest and sign additional data. -.Pp -Since only a copy of the digest context is ever finalized, the context -must be cleaned up after use by calling -.Xr EVP_MD_CTX_free 3 -or a memory leak will occur. -.Sh RETURN VALUES -.Fn EVP_SignInit_ex , -.Fn EVP_SignUpdate , -and -.Fn EVP_SignFinal -return 1 for success and 0 for failure. -.Pp -.Fn EVP_PKEY_size -returns the maximum size of a signature in bytes. -.Pp -.Fn EVP_PKEY_bits -returns the number of significant bits in the key -or 0 if an error occurs. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_PKEY_asn1_set_public 3 , -.Xr EVP_VerifyInit 3 -.Sh HISTORY -.Fn EVP_SignInit , -.Fn EVP_SignUpdate , -and -.Fn EVP_SignFinal -first appeared in SSLeay 0.5.1. -.Fn EVP_PKEY_size -first appeared in SSLeay 0.6.0. -.Fn EVP_PKEY_bits -first appeared in SSLeay 0.9.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn EVP_SignInit_ex -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . -.Sh BUGS -Older versions of this documentation wrongly stated that calls to -.Fn EVP_SignUpdate -could not be made after calling -.Fn EVP_SignFinal . -.Pp -Since the private key is passed in the call to -.Fn EVP_SignFinal -any error relating to the private key (for example an unsuitable key and -digest combination) will not be indicated until after potentially large -amounts of data have been passed through -.Fn EVP_SignUpdate . -.Pp -It is not possible to change the signing parameters using these -function. -.Pp -The previous two bugs are fixed in the newer EVP_DigestSign* function. diff --git a/src/lib/libcrypto/man/EVP_VerifyInit.3 b/src/lib/libcrypto/man/EVP_VerifyInit.3 deleted file mode 100644 index 5556f6c835..0000000000 --- a/src/lib/libcrypto/man/EVP_VerifyInit.3 +++ /dev/null @@ -1,195 +0,0 @@ -.\" $OpenBSD: EVP_VerifyInit.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2001, 2006, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt EVP_VERIFYINIT 3 -.Os -.Sh NAME -.Nm EVP_VerifyInit_ex , -.Nm EVP_VerifyUpdate , -.Nm EVP_VerifyFinal , -.Nm EVP_VerifyInit -.Nd EVP signature verification functions -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_VerifyInit_ex -.Fa "EVP_MD_CTX *ctx" -.Fa "const EVP_MD *type" -.Fa "ENGINE *impl" -.Fc -.Ft int -.Fo EVP_VerifyUpdate -.Fa "EVP_MD_CTX *ctx" -.Fa "const void *d" -.Fa "unsigned int cnt" -.Fc -.Ft int -.Fo EVP_VerifyFinal -.Fa "EVP_MD_CTX *ctx" -.Fa "unsigned char *sigbuf" -.Fa "unsigned int siglen" -.Fa "EVP_PKEY *pkey" -.Fc -.Ft int -.Fo EVP_VerifyInit -.Fa "EVP_MD_CTX *ctx" -.Fa "const EVP_MD *type" -.Fc -.Sh DESCRIPTION -The EVP signature verification routines are a high level interface to -digital signatures. -.Pp -.Fn EVP_VerifyInit_ex -sets up a verification context -.Fa ctx -to use the digest -.Fa type -from -.Vt ENGINE -.Fa impl . -.Fa ctx -must be initialized by calling -.Xr EVP_MD_CTX_init 3 -before calling this function. -.Pp -.Fn EVP_VerifyUpdate -hashes -.Fa cnt -bytes of data at -.Fa d -into the verification context -.Fa ctx . -This function can be called several times on the same -.Fa ctx -to include additional data. -.Pp -.Fn EVP_VerifyFinal -verifies the data in -.Fa ctx -using the public key -.Fa pkey -and against the -.Fa siglen -bytes at -.Fa sigbuf . -.Pp -.Fn EVP_VerifyInit -initializes a verification context -.Fa ctx -to use the default implementation of digest -.Fa type . -.Pp -The EVP interface to digital signatures should almost always be -used in preference to the low level interfaces. -This is because the code then becomes transparent to the algorithm used -and much more flexible. -.Pp -The call to -.Fn EVP_VerifyFinal -internally finalizes a copy of the digest context. -This means that calls to -.Fn EVP_VerifyUpdate -and -.Fn EVP_VerifyFinal -can be called later to digest and verify additional data. -.Pp -Since only a copy of the digest context is ever finalized, the context -must be cleaned up after use by calling -.Xr EVP_MD_CTX_free 3 , -or a memory leak will occur. -.Sh RETURN VALUES -.Fn EVP_VerifyInit_ex -and -.Fn EVP_VerifyUpdate -return 1 for success and 0 for failure. -.Pp -.Fn EVP_VerifyFinal -returns 1 for a correct signature, 0 for failure, and -1 if some other -error occurred. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_SignInit 3 -.Sh HISTORY -.Fn EVP_VerifyInit , -.Fn EVP_VerifyUpdate , -and -.Fn EVP_VerifyFinal -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn EVP_VerifyInit_ex -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . -.Sh BUGS -Older versions of this documentation wrongly stated that calls to -.Fn EVP_VerifyUpdate -could not be made after calling -.Fn EVP_VerifyFinal . -.Pp -Since the public key is passed in the call to -.Xr EVP_SignFinal 3 , -any error relating to the private key (for example an unsuitable key and -digest combination) will not be indicated until after potentially large -amounts of data have been passed through -.Xr EVP_SignUpdate 3 . -.Pp -It is not possible to change the signing parameters using these -functions. -.Pp -The previous two bugs are fixed in the newer functions of the -.Xr EVP_DigestVerifyInit 3 -family. diff --git a/src/lib/libcrypto/man/EVP_aes_128_cbc.3 b/src/lib/libcrypto/man/EVP_aes_128_cbc.3 deleted file mode 100644 index ac63f7f1f2..0000000000 --- a/src/lib/libcrypto/man/EVP_aes_128_cbc.3 +++ /dev/null @@ -1,337 +0,0 @@ -.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.4 2020/06/24 18:15:00 jmc Exp $ -.\" selective merge up to: OpenSSL 7c6d372a Nov 20 13:20:01 2018 +0000 -.\" -.\" This file was written by Ronald Tse -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt EVP_AES_128_CBC 3 -.Os -.Sh NAME -.Nm EVP_aes_128_cbc , -.Nm EVP_aes_192_cbc , -.Nm EVP_aes_256_cbc , -.Nm EVP_aes_128_cfb1 , -.Nm EVP_aes_192_cfb1 , -.Nm EVP_aes_256_cfb1 , -.Nm EVP_aes_128_cfb8 , -.Nm EVP_aes_192_cfb8 , -.Nm EVP_aes_256_cfb8 , -.Nm EVP_aes_128_cfb128 , -.Nm EVP_aes_192_cfb128 , -.Nm EVP_aes_256_cfb128 , -.Nm EVP_aes_128_cfb , -.Nm EVP_aes_192_cfb , -.Nm EVP_aes_256_cfb , -.Nm EVP_aes_128_ctr , -.Nm EVP_aes_192_ctr , -.Nm EVP_aes_256_ctr , -.Nm EVP_aes_128_ecb , -.Nm EVP_aes_192_ecb , -.Nm EVP_aes_256_ecb , -.Nm EVP_aes_128_ofb , -.Nm EVP_aes_192_ofb , -.Nm EVP_aes_256_ofb , -.Nm EVP_aes_128_cbc_hmac_sha1 , -.Nm EVP_aes_256_cbc_hmac_sha1 , -.Nm EVP_aes_128_ccm , -.Nm EVP_aes_192_ccm , -.Nm EVP_aes_256_ccm , -.Nm EVP_aes_128_gcm , -.Nm EVP_aes_192_gcm , -.Nm EVP_aes_256_gcm , -.Nm EVP_aes_128_wrap , -.Nm EVP_aes_192_wrap , -.Nm EVP_aes_256_wrap , -.Nm EVP_aes_128_xts , -.Nm EVP_aes_256_xts -.Nd EVP AES cipher -.Sh SYNOPSIS -.In openssl/evp.h -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_cbc void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_cbc void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_cbc void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_cfb1 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_cfb1 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_cfb1 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_cfb8 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_cfb8 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_cfb8 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_cfb128 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_cfb128 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_cfb128 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_cfb void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_cfb void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_cfb void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_ctr void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_ctr void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_ctr void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_ecb void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_ecb void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_ecb void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_ofb void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_ofb void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_ofb void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_cbc_hmac_sha1 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_cbc_hmac_sha1 void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_ccm void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_ccm void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_ccm void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_gcm void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_gcm void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_gcm void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_wrap void -.Ft const EVP_CIPHER * -.Fn EVP_aes_192_wrap void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_wrap void -.Ft const EVP_CIPHER * -.Fn EVP_aes_128_xts void -.Ft const EVP_CIPHER * -.Fn EVP_aes_256_xts void -.Sh DESCRIPTION -These functions provide the AES encryption algorithm in the -.Xr evp 3 -framework. -.Pp -.Fn EVP_aes_128_cbc , -.Fn EVP_aes_192_cbc , -.Fn EVP_aes_256_cbc , -.Fn EVP_aes_128_cfb1 , -.Fn EVP_aes_192_cfb1 , -.Fn EVP_aes_256_cfb1 , -.Fn EVP_aes_128_cfb8 , -.Fn EVP_aes_192_cfb8 , -.Fn EVP_aes_256_cfb8 , -.Fn EVP_aes_128_cfb128 , -.Fn EVP_aes_192_cfb128 , -.Fn EVP_aes_256_cfb128 , -.Fn EVP_aes_128_ctr , -.Fn EVP_aes_192_ctr , -.Fn EVP_aes_256_ctr , -.Fn EVP_aes_128_ecb , -.Fn EVP_aes_192_ecb , -.Fn EVP_aes_256_ecb , -.Fn EVP_aes_128_ofb , -.Fn EVP_aes_192_ofb , -and -.Fn EVP_aes_256_ofb -provide AES for 128, 192, and 256-bit keys in the following modes: -CBC, CFB with 1-bit shift, CFB with 8-bit shift, CFB with 128-bit shift, -CTR, ECB, and OFB. -.Pp -.Fn EVP_aes_128_cfb , -.Fn EVP_aes_192_cfb , -and -.Fn EVP_aes_256_cfb -are aliases for -.Fn EVP_aes_128_cfb128 , -.Fn EVP_aes_192_cfb128 , -and -.Fn EVP_aes_256_cfb128 . -.Pp -.Fn EVP_aes_128_cbc_hmac_sha1 -and -.Fn EVP_aes_256_cbc_hmac_sha1 -provide authenticated encryption with AES in CBC mode using SHA-1 as HMAC, -with keys of 128 and 256-bit length respectively. -The authentication tag is 160 bits long. -This is not intended for usage outside of TLS and requires -calling of some undocumented control functions. -These ciphers do not conform to the EVP AEAD interface. -.Pp -.Fn EVP_aes_128_ccm , -.Fn EVP_aes_192_ccm , -.Fn EVP_aes_256_ccm , -.Fn EVP_aes_128_gcm , -.Fn EVP_aes_192_gcm , -and -.Fn EVP_aes_256_gcm -provide AES for 128, 192 and 256-bit keys in CBC-MAC Mode (CCM) -and Galois Counter Mode (GCM), respectively. -These ciphers require additional control operations to function -correctly; see -.Xr EVP_EncryptInit 3 -for details. -.Pp -.Fn EVP_aes_128_wrap , -.Fn EVP_aes_192_wrap , -and -.Fn EVP_aes_256_wrap -provide AES key wrap with 128, 192 and 256-bit keys -according to RFC 3394 section 2.2.1 ("wrap"). -When the returned -.Vt EVP_CIPHER -object is later passed to -.Xr EVP_CipherInit_ex 3 , -.Xr EVP_EncryptInit_ex 3 , -or -.Xr EVP_DecryptInit_ex 3 -together with an -.Vt EVP_CIPHER_CTX -object, the flag -.Dv EVP_CIPHER_CTX_FLAG_WRAP_ALLOW -must have been set in the -.Vt EVP_CIPHER_CTX -using -.Xr EVP_CIPHER_CTX_set_flags 3 . -Otherwise, or when passing the returned -.Vt EVP_CIPHER -object to -.Xr EVP_CipherInit 3 , -.Xr EVP_EncryptInit 3 , -or -.Xr EVP_DecryptInit 3 , -initialization fails with a -.Dq wrap not allowed -error. -.Pp -.Fn EVP_aes_128_xts -and -.Fn EVP_aes_256_xts -provide XEX-based tweaked-codebook mode with ciphertext stealing (XTS-AES) -as specified in IEEE Std. 1619-2007 and described in NIST SP 800-38E. -It was designed for encrypting data on a storage device, -provides confidentiality but not authentication of data, -and requires a key of double length for protection of a certain key size. -In particular, XTS-AES-128 takes input of a 256-bit key to achieve -AES 128-bit security, and XTS-AES-256 takes input of a 512-bit key -to achieve AES 256-bit security. -.Sh RETURN VALUES -These functions return an -.Vt EVP_CIPHER -structure that provides the implementation of the symmetric cipher. -.Sh SEE ALSO -.Xr AES_encrypt 3 , -.Xr evp 3 , -.Xr EVP_EncryptInit 3 -.Sh HISTORY -.Fn EVP_aes_128_cbc , -.Fn EVP_aes_192_cbc , -.Fn EVP_aes_256_cbc , -.Fn EVP_aes_128_cfb , -.Fn EVP_aes_192_cfb , -.Fn EVP_aes_256_cfb , -.Fn EVP_aes_128_ebc , -.Fn EVP_aes_192_ebc , -.Fn EVP_aes_256_ebc , -.Fn EVP_aes_128_ofb , -.Fn EVP_aes_192_ofb , -and -.Fn EVP_aes_256_ofb -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn EVP_aes_128_cfb1 , -.Fn EVP_aes_192_cfb1 , -.Fn EVP_aes_256_cfb1 , -.Fn EVP_aes_128_cfb8 , -.Fn EVP_aes_192_cfb8 , -.Fn EVP_aes_256_cfb8 , -.Fn EVP_aes_128_cfb128 , -.Fn EVP_aes_192_cfb128 , -and -.Fn EVP_aes_256_cfb128 -first appeared in OpenSSL 0.9.7e and have been available since -.Ox 3.8 . -.Pp -.Fn EVP_aes_128_ctr , -.Fn EVP_aes_192_ctr , -.Fn EVP_aes_256_ctr , -.Fn EVP_aes_128_cbc_hmac_sha1 , -.Fn EVP_aes_256_cbc_hmac_sha1 , -.Fn EVP_aes_128_ccm , -.Fn EVP_aes_192_ccm , -.Fn EVP_aes_256_ccm , -.Fn EVP_aes_128_gcm , -.Fn EVP_aes_192_gcm , -.Fn EVP_aes_256_gcm , -.Fn EVP_aes_128_xts , -and -.Fn EVP_aes_256_xts -first appeared in OpenSSL 1.0.1 and have been available since -.Ox 5.3 . -.Pp -.Fn EVP_aes_128_wrap , -.Fn EVP_aes_192_wrap , -and -.Fn EVP_aes_256_wrap -first appeared in OpenSSL 1.0.2 and have been available since -.Ox 6.5 . diff --git a/src/lib/libcrypto/man/EVP_camellia_128_cbc.3 b/src/lib/libcrypto/man/EVP_camellia_128_cbc.3 deleted file mode 100644 index 190247a68b..0000000000 --- a/src/lib/libcrypto/man/EVP_camellia_128_cbc.3 +++ /dev/null @@ -1,149 +0,0 @@ -.\" $OpenBSD: EVP_camellia_128_cbc.3,v 1.2 2020/06/24 18:15:00 jmc Exp $ -.\" selective merge up to: OpenSSL 7c6d372a Nov 20 13:20:01 2018 +0000 -.\" -.\" This file was written by Ronald Tse -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt EVP_CAMELLIA_128_CBC 3 -.Os -.Sh NAME -.Nm EVP_camellia_128_cbc , -.Nm EVP_camellia_192_cbc , -.Nm EVP_camellia_256_cbc , -.Nm EVP_camellia_128_cfb , -.Nm EVP_camellia_192_cfb , -.Nm EVP_camellia_256_cfb , -.Nm EVP_camellia_128_cfb1 , -.Nm EVP_camellia_192_cfb1 , -.Nm EVP_camellia_256_cfb1 , -.Nm EVP_camellia_128_cfb8 , -.Nm EVP_camellia_192_cfb8 , -.Nm EVP_camellia_256_cfb8 , -.Nm EVP_camellia_128_cfb128 , -.Nm EVP_camellia_192_cfb128 , -.Nm EVP_camellia_256_cfb128 , -.Nm EVP_camellia_128_ecb , -.Nm EVP_camellia_192_ecb , -.Nm EVP_camellia_256_ecb , -.Nm EVP_camellia_128_ofb , -.Nm EVP_camellia_192_ofb , -.Nm EVP_camellia_256_ofb -.Nd EVP Camellia cipher -.Sh SYNOPSIS -.In openssl/evp.h -.Ft const EVP_CIPHER * -.Fn EVP_camellia_128_cbc void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_192_cbc void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_256_cbc void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_128_cfb void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_192_cfb void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_256_cfb void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_128_cfb1 void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_192_cfb1 void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_256_cfb1 void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_128_cfb8 void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_192_cfb8 void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_256_cfb8 void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_128_cfb128 void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_192_cfb128 void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_256_cfb128 void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_128_ecb void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_192_ecb void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_256_ecb void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_128_ofb void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_192_ofb void -.Ft const EVP_CIPHER * -.Fn EVP_camellia_256_ofb void -.Sh DESCRIPTION -These functions provide the Camellia encryption algorithm in the -.Xr evp 3 -framework. -They use 128, 192, and 256-bit keys in the following modes, respectively: -CBC, CFB with 1-bit shift, CFB with 8-bit shift, CFB with 128-bit shift, -ECB, and OFB. -.Pp -.Fn EVP_camellia_128_cfb , -.Fn EVP_camellia_192_cfb , -and -.Fn EVP_camellia_256_cfb -are aliases for -.Fn EVP_camellia_128_cfb128 , -.Fn EVP_camellia_192_cfb128 , -and -.Fn EVP_camellia_256_cfb128 , -implemented as macros. -.Sh RETURN VALUES -These functions return an -.Vt EVP_CIPHER -structure that provides the implementation of the symmetric cipher. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_EncryptInit 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.8c -and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/EVP_des_cbc.3 b/src/lib/libcrypto/man/EVP_des_cbc.3 deleted file mode 100644 index 759e03fac0..0000000000 --- a/src/lib/libcrypto/man/EVP_des_cbc.3 +++ /dev/null @@ -1,221 +0,0 @@ -.\" $OpenBSD: EVP_des_cbc.3,v 1.1 2019/03/21 12:54:37 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL EVP_desx_cbc.pod 8fa4d95e Oct 21 11:59:09 2017 +0900 -.\" selective merge up to: -.\" OpenSSL EVP_des.pod 7c6d372a Nov 20 13:20:01 2018 +0000 -.\" -.\" This file was written by Ronald Tse -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 21 2019 $ -.Dt EVP_DES_CBC 3 -.Os -.Sh NAME -.Nm EVP_des_cbc , -.Nm EVP_des_cfb , -.Nm EVP_des_cfb1 , -.Nm EVP_des_cfb8 , -.Nm EVP_des_cfb64 , -.Nm EVP_des_ecb , -.Nm EVP_des_ofb , -.Nm EVP_des_ede , -.Nm EVP_des_ede_cbc , -.Nm EVP_des_ede_cfb , -.Nm EVP_des_ede_cfb64 , -.Nm EVP_des_ede_ecb , -.Nm EVP_des_ede_ofb , -.Nm EVP_des_ede3 , -.Nm EVP_des_ede3_cbc , -.Nm EVP_des_ede3_cfb , -.Nm EVP_des_ede3_cfb1 , -.Nm EVP_des_ede3_cfb8 , -.Nm EVP_des_ede3_cfb64 , -.Nm EVP_des_ede3_ecb , -.Nm EVP_des_ede3_ofb , -.Nm EVP_desx_cbc -.Nd EVP DES cipher -.Sh SYNOPSIS -.In openssl/evp.h -.Ft const EVP_CIPHER * -.Fn EVP_des_cbc void -.Ft const EVP_CIPHER * -.Fn EVP_des_cfb void -.Ft const EVP_CIPHER * -.Fn EVP_des_cfb1 void -.Ft const EVP_CIPHER * -.Fn EVP_des_cfb8 void -.Ft const EVP_CIPHER * -.Fn EVP_des_cfb64 void -.Ft const EVP_CIPHER * -.Fn EVP_des_ecb void -.Ft const EVP_CIPHER * -.Fn EVP_des_ofb void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede_cbc void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede_cfb void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede_cfb64 void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede_ecb void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede_ofb void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede3 void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede3_cbc void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede3_cfb void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede3_cfb1 void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede3_cfb8 void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede3_cfb64 void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede3_ecb void -.Ft const EVP_CIPHER * -.Fn EVP_des_ede3_ofb void -.Ft const EVP_CIPHER * -.Fn EVP_desx_cbc void -.Sh DESCRIPTION -These functions provide the DES encryption algorithm in the -.Xr evp 3 -framework. -.Pp -.Fn EVP_des_cbc , -.Fn EVP_des_cfb1 , -.Fn EVP_des_cfb8 , -.Fn EVP_des_cfb64 , -.Fn EVP_des_ecb , -and -.Fn EVP_des_ofb -provide DES in CBC, CFB with 1-bit shift, CFB with 8-bit shift, -CFB with 64-bit shift, ECB, and OFB modes. -.Fn EVP_des_cfb -is an alias for -.Fn EVP_des_cfb64 , -implemented as a macro. -.Pp -.Fn EVP_des_ede_cbc , -.Fn EVP_des_ede_cfb64 , -.Fn EVP_des_ede_ecb , -and -.Fn EVP_des_ede_ofb -provide two key triple DES in CBC, CFB with 64-bit shift, ECB, and OFB modes. -.Fn EVP_des_ede_cfb -is an alias for -.Fn EVP_des_ede_cfb64 , -implemented as a macro. -.Fn EVP_des_ede -is an alias for -.Fn EVP_des_ede_ecb . -.Pp -.Fn EVP_des_ede3_cbc , -.Fn EVP_des_ede3_cfb1 , -.Fn EVP_des_ede3_cfb8 , -.Fn EVP_des_ede3_cfb64 , -.Fn EVP_des_ede3_ecb , -.Fn EVP_des_ede3_ofb -provide three key triple DES in CBC, CFB with 1-bit shift, CFB with 8-bit -shift, CFB with 64-bit shift, ECB, and OFB modes. -.Fn EVP_des_ede3_cfb -is an alias for -.Fn EVP_des_ede3_cfb64 , -implemented as a macro. -.Fn EVP_des_ede3 -is an alias for -.Fn EVP_des_ede3_ecb . -.Pp -.Fn EVP_desx_cbc -provides the DES-X encryption algorithm in CBC mode. -It uses a key length of 128 bits and acts on blocks of 128 bits. -.Sh RETURN VALUES -These functions return an -.Vt EVP_CIPHER -structure that provides the implementation of the symmetric cipher. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_EncryptInit 3 -.Sh HISTORY -.Fn EVP_des_cbc , -.Fn EVP_des_cfb , -.Fn EVP_des_ecb , -.Fn EVP_des_ofb , -.Fn EVP_des_ede , -.Fn EVP_des_ede_cbc , -.Fn EVP_des_ede_cfb , -.Fn EVP_des_ede_ofb , -.Fn EVP_des_ede3 , -.Fn EVP_des_ede3_cbc , -.Fn EVP_des_ede3_cfb , -and -.Fn EVP_des_ede3_ofb -first appeared in SSLeay 0.5.1. -.Fn EVP_desx_cbc -first appeared in SSLeay 0.6.2. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn EVP_des_ede_ecb -and -.Fn EVP_des_ede3_ecb -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn EVP_des_cfb1 , -.Fn EVP_des_cfb8 , -.Fn EVP_des_cfb64 , -.Fn EVP_des_ede_cfb64 , -.Fn EVP_des_ede3_cfb1 , -.Fn EVP_des_ede3_cfb8 , -and -.Fn EVP_des_ede3_cfb64 -first appeared in OpenSSL 0.9.7e and have been available since -.Ox 3.8 . diff --git a/src/lib/libcrypto/man/EVP_rc4.3 b/src/lib/libcrypto/man/EVP_rc4.3 deleted file mode 100644 index fda041113c..0000000000 --- a/src/lib/libcrypto/man/EVP_rc4.3 +++ /dev/null @@ -1,109 +0,0 @@ -.\" $OpenBSD: EVP_rc4.3,v 1.1 2019/03/21 13:37:25 schwarze Exp $ -.\" full merge up to: OpenSSL 8fa4d95e Oct 21 11:59:09 2017 +0900 -.\" -.\" This file was written by Ronald Tse -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 21 2019 $ -.Dt EVP_RC4 3 -.Os -.Sh NAME -.Nm EVP_rc4 , -.Nm EVP_rc4_40 , -.Nm EVP_rc4_hmac_md5 -.Nd EVP RC4 stream cipher -.Sh SYNOPSIS -.In openssl/evp.h -.Ft const EVP_CIPHER * -.Fn EVP_rc4 void -.Ft const EVP_CIPHER * -.Fn EVP_rc4_40 void -.Ft const EVP_CIPHER * -.Fn EVP_rc4_hmac_md5 void -.Sh DESCRIPTION -These functions provide the RC4 stream cipher in the -.Xr evp 3 -framework. -It is a variable key length cipher. -.Pp -.Fn EVP_rc4 -uses a default key length of 128 bits. -.Pp -.Fn EVP_rc4_40 -uses a key length of 40 bits instead. -This function is deprecated. -Use -.Fn EVP_rc4 -and -.Xr EVP_CIPHER_CTX_set_key_length 3 -instead. -.Pp -.Fn EVP_rc4_hmac_md5 -provides authenticated encryption with the RC4 stream cipher -with MD5 as HMAC. -This function is not intended for usage outside of TLS -and requires calling of some undocumented control functions. -It does not conform to the EVP AEAD interface. -.Sh RETURN VALUES -These functions return an -.Vt EVP_CIPHER -structure that provides the implementation of the symmetric cipher. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_EncryptInit 3 -.Sh HISTORY -.Fn EVP_rc4 -first appeared in SSLeay 0.5.1 -and -.Fn EVP_rc4_40 -in OpenSSL 0.9.1. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn EVP_rc4_hmac_md5 -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/EVP_sm3.3 b/src/lib/libcrypto/man/EVP_sm3.3 deleted file mode 100644 index aa6789f249..0000000000 --- a/src/lib/libcrypto/man/EVP_sm3.3 +++ /dev/null @@ -1,82 +0,0 @@ -.\" $OpenBSD: EVP_sm3.3,v 1.1 2019/08/25 17:08:20 schwarze Exp $ -.\" full merge up to: OpenSSL 21ebd2fc Aug 24 20:38:04 2018 +0800 -.\" -.\" This file was written by Jack Lloyd -.\" and Ronald Tse . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" Copyright (c) 2017 Ribose Inc. All Rights Reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 25 2019 $ -.Dt EVP_SM3 3 -.Os -.Sh NAME -.Nm EVP_sm3 -.Nd SM3 hash function for EVP -.Sh SYNOPSIS -.In openssl/evp.h -.Ft const EVP_MD * -.Fn EVP_sm3 void -.Sh DESCRIPTION -SM3 is a cryptographic hash function with a 256-bit output. -It is part of the Chinese -.Dq Commercial Cryptography -suite of algorithms which is required -for certain commercial applications in China. -.Sh RETURN VALUES -.Fn EVP_sm3 -returns a pointer to a static -.Vt EVP_MD -object implementing the SM3 hash function. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_DigestInit 3 -.Sh STANDARDS -GB/T 32905-2016 and GM/T 0004-2012 -.Sh HISTORY -.Fn EVP_sm3 -first appeared in OpenSSL 1.1.1 and has been available since -.Ox 6.5 . diff --git a/src/lib/libcrypto/man/EVP_sm4_cbc.3 b/src/lib/libcrypto/man/EVP_sm4_cbc.3 deleted file mode 100644 index 85ff88f54e..0000000000 --- a/src/lib/libcrypto/man/EVP_sm4_cbc.3 +++ /dev/null @@ -1,81 +0,0 @@ -.\" $OpenBSD: EVP_sm4_cbc.3,v 1.1 2019/03/18 05:56:24 schwarze Exp $ -.\" full merge up to: OpenSSL 87103969 Oct 1 14:11:57 2018 -0700 -.\" -.\" Copyright (c) 2017 Ribose Inc -.\" Copyright (c) 2019 Ingo Schwarze -.\" The original version of this file -.\" was written by Ronald Tse . -.\" -.\" Permission to use, copy, modify, and/or distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 18 2019 $ -.Dt EVP_SM4_CBC 3 -.Os -.Sh NAME -.Nm EVP_sm4_cbc , -.Nm EVP_sm4_ecb , -.Nm EVP_sm4_cfb , -.Nm EVP_sm4_cfb128 , -.Nm EVP_sm4_ofb , -.Nm EVP_sm4_ctr -.Nd EVP SM4 cipher -.Sh SYNOPSIS -.In openssl/evp.h -.Ft const EVP_CIPHER * -.Fn EVP_sm4_cbc void -.Ft const EVP_CIPHER * -.Fn EVP_sm4_ecb void -.Ft const EVP_CIPHER * -.Fn EVP_sm4_cfb void -.Ft const EVP_CIPHER * -.Fn EVP_sm4_cfb128 void -.Ft const EVP_CIPHER * -.Fn EVP_sm4_ofb void -.Ft const EVP_CIPHER * -.Fn EVP_sm4_ctr void -.Sh DESCRIPTION -These functions provide the SM4 blockcipher in the -.Xr evp 3 -framework. -.Pp -All modes use a key length of 128 bits and act on blocks of 128 -bits. -.Pp -.Fn EVP_sm4_cfb -is an alias for -.Fn EVP_sm4_cfb128 . -.Pp -With an argument of -.Qq sm4 -or -.Qq SM4 , -.Xr EVP_get_cipherbyname 3 -returns -.Fn EVP_sm4_cbc . -.Sh RETURN VALUES -These functions return an -.Vt EVP_CIPHER -structure that provides the implementation of the symmetric cipher. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_EncryptInit 3 -.Sh STANDARDS -.Rs -.%T Information security technology - SM4 block cipher algorithm -.%I National Standards of People's Republic of China -.%N GB/T 32907-2016 -.%D August 29, 2016 -.Re -.Sh HISTORY -These functions appeared in OpenSSL 1.1.1 and have been available since -.Ox 6.5 . diff --git a/src/lib/libcrypto/man/EVP_whirlpool.3 b/src/lib/libcrypto/man/EVP_whirlpool.3 deleted file mode 100644 index 29f85bc1ae..0000000000 --- a/src/lib/libcrypto/man/EVP_whirlpool.3 +++ /dev/null @@ -1,83 +0,0 @@ -.\" $OpenBSD: EVP_whirlpool.3,v 1.1 2019/08/25 17:08:20 schwarze Exp $ -.\" full merge up to: OpenSSL bbda8ce9 Oct 31 15:43:01 2017 +0800 -.\" -.\" This file was written by Ronald Tse . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 25 2019 $ -.Dt EVP_WHIRLPOOL 3 -.Os -.Sh NAME -.Nm EVP_whirlpool -.Nd WHIRLPOOL hash function for EVP -.Sh SYNOPSIS -.In openssl/evp.h -.Ft const EVP_MD * -.Fn EVP_whirlpool void -.Sh DESCRIPTION -WHIRLPOOL is a cryptographic hash function -producing a message digest of 512 bits. -.Sh RETURN VALUES -.Fn EVP_whirlpool -returns a pointer to a static -.Vt EVP_MD -object implementing the WHIRLPOOL hash function. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_DigestInit 3 -.Sh STANDARDS -ISO/IEC 10118-3:2004 -.Sh HISTORY -.Fn EVP_whirlpool -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . -.Sh AUTHORS -.An -nosplit -The WHIRLPOOL algorithm was designed by -.An Vincent Rijmen -and -.An Paulo S. L. M. Barreto . diff --git a/src/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 b/src/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 deleted file mode 100644 index 869f538c6f..0000000000 --- a/src/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 +++ /dev/null @@ -1,83 +0,0 @@ -.\" $OpenBSD: EXTENDED_KEY_USAGE_new.3,v 1.5 2019/08/22 15:15:35 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 22 2019 $ -.Dt EXTENDED_KEY_USAGE_NEW 3 -.Os -.Sh NAME -.Nm EXTENDED_KEY_USAGE_new , -.Nm EXTENDED_KEY_USAGE_free -.Nd X.509 key usage restrictions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft EXTENDED_KEY_USAGE -.Fn EXTENDED_KEY_USAGE_new void -.Ft void -.Fn EXTENDED_KEY_USAGE_free "EXTENDED_KEY_USAGE *eku" -.Sh DESCRIPTION -By using the key usage extension, the extended key usage extension, -or both of them, -.Vt X509 -end entity certificates may indicate that the key contained in them -is only intended to be used for the specified purposes. -If both extensions are present, only uses compatible with both -extensions are intended. -.Pp -.Fn EXTENDED_KEY_USAGE_new -allocates and initializes an empty -.Vt EXTENDED_KEY_USAGE -object, which is a -.Vt STACK_OF(ASN1_OBJECT) -and represents an ASN.1 -.Vt ExtKeyUsageSyntax -structure defined in RFC 5280 section 4.2.1.12. -It can hold key purpose identifiers. -.Pp -.Fn EXTENDED_KEY_USAGE_free -frees -.Fa eku . -.Pp -The key usage extension uses the ASN.1 BIT STRING data type -and doesn't require any dedicated object. -.Sh RETURN VALUES -.Fn EXTENDED_KEY_USAGE_new -returns the new -.Vt EXTENDED_KEY_USAGE -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr BASIC_CONSTRAINTS_new 3 , -.Xr d2i_EXTENDED_KEY_USAGE 3 , -.Xr POLICYINFO_new 3 , -.Xr X509_check_purpose 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile: -.Bl -dash -compact -.It -section 4.2.1.3: Key Usage -.It -section 4.2.1.12: Extended Key Usage -.El -.Sh HISTORY -.Fn EXTENDED_KEY_USAGE_new -and -.Fn EXTENDED_KEY_USAGE_free -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/GENERAL_NAME_new.3 b/src/lib/libcrypto/man/GENERAL_NAME_new.3 deleted file mode 100644 index a6b7ee56da..0000000000 --- a/src/lib/libcrypto/man/GENERAL_NAME_new.3 +++ /dev/null @@ -1,165 +0,0 @@ -.\" $OpenBSD: GENERAL_NAME_new.3,v 1.6 2019/06/06 01:06:58 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt GENERAL_NAME_NEW 3 -.Os -.Sh NAME -.Nm GENERAL_NAME_new , -.Nm GENERAL_NAME_free , -.Nm GENERAL_NAMES_new , -.Nm GENERAL_NAMES_free , -.Nm EDIPARTYNAME_new , -.Nm EDIPARTYNAME_free , -.Nm OTHERNAME_new , -.Nm OTHERNAME_free -.Nd names for use in X.509 extensions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft GENERAL_NAME * -.Fn GENERAL_NAME_new void -.Ft void -.Fn GENERAL_NAME_free "GENERAL_NAME *name" -.Ft GENERAL_NAMES * -.Fn GENERAL_NAMES_new void -.Ft void -.Fn GENERAL_NAMES_free "GENERAL_NAMES *names" -.Ft EDIPARTYNAME * -.Fn EDIPARTYNAME_new void -.Ft void -.Fn EDIPARTYNAME_free "EDIPARTYNAME *name" -.Ft OTHERNAME * -.Fn OTHERNAME_new void -.Ft void -.Fn OTHERNAME_free "OTHERNAME *name" -.Sh DESCRIPTION -Even though the X.501 -.Vt Name -documented in -.Xr X509_NAME_new 3 -is a complicated multi-layered structure, it is very rigid and not -flexible enough to represent various entities that many people want -to use as names in certificates. -For that reason, X.509 extensions use the X.509 -.Vt GeneralName -wrapper structure rather than using the X.501 -.Vt Name -structure directly, at the expense of adding one or two additional -layers of indirection. -.Pp -.Fn GENERAL_NAME_new -allocates and initializes an empty -.Vt GENERAL_NAME -object, representing the ASN.1 -.Vt GeneralName -structure defined in RFC 5280 section 4.2.1.6. -It can for example hold an -.Vt X509_name -object, an IP address, a DNS host name, a uniform resource identifier, -an email address, or an -.Vt EDIPARTYNAME -or -.Vt OTHERNAME -object described below. -.Fn GENERAL_NAME_free -frees -.Fa name . -.Pp -.Fn GENERAL_NAMES_new -allocates and initializes an empty -.Vt GENERAL_NAMES -object, which is a -.Vt STACK_OF(GENERAL_NAME) -and represents the ASN.1 -.Vt GeneralNames -structure defined in RFC 5280 section 4.2.1.6. -It is used by extension structures that can contain multiple names, -for example key identifier, alternative name, and distribution point -extensions. -.Fn GENERAL_NAMES_free -frees -.Fa names . -.Pp -.Fn EDIPARTYNAME_new -allocates and initializes an empty -.Vt EDIPARTYNAME -object, representing the ASN.1 -.Vt EDIPartyName -structure defined in RFC 5280 section 4.2.1.6, where -.Dq EDI -stands for -.Dq electronic data identifier . -It can hold two strings, the name itself and the name of the authority -that assigned that name. -.Fn EDIPARTYNAME_free -frees -.Fa name . -.Pp -.Fn OTHERNAME_new -allocates and initializes an empty -.Vt OTHERNAME -object, representing the ASN.1 -.Vt OtherName -structure defined in RFC 5280 section 4.2.1.6. -It can hold data of any -.Vt ASN1_TYPE -together with a type identifier. -.Fn OTHERNAME_free -frees -.Fa name . -.Sh RETURN VALUES -.Fn GENERAL_NAME_new , -.Fn GENERAL_NAMES_new , -.Fn EDIPARTYNAME_new , -and -.Fn OTHERNAME_new -return a new -.Vt GENERAL_NAME , -.Vt GENERAL_NAMES , -.Vt EDIPARTYNAME , -or -.Vt OTHERNAME -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_GENERAL_NAME 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_NAME_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, -section 4.2: Certificate Extensions -.Sh HISTORY -.Fn GENERAL_NAME_new , -.Fn GENERAL_NAME_free , -.Fn GENERAL_NAMES_new , -and -.Fn GENERAL_NAMES_free -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . -.Pp -.Fn OTHERNAME_new -and -.Fn OTHERNAME_free -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn EDIPARTYNAME_new -and -.Fn EDIPARTYNAME_free -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/HMAC.3 b/src/lib/libcrypto/man/HMAC.3 deleted file mode 100644 index b76d8b2869..0000000000 --- a/src/lib/libcrypto/man/HMAC.3 +++ /dev/null @@ -1,404 +0,0 @@ -.\" $OpenBSD: HMAC.3,v 1.17 2020/06/24 16:06:27 schwarze Exp $ -.\" full merge up to: OpenSSL crypto/hmac a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" selective merge up to: OpenSSL man3/HMAC b3696a55 Sep 2 09:35:50 2017 -0400 -.\" -.\" This file was written by Ulf Moeller , -.\" Richard Levitte , and -.\" Matt Caswell . -.\" Copyright (c) 2000-2002, 2006, 2008, 2009, 2013, 2015, 2016 -.\" The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt HMAC 3 -.Os -.Sh NAME -.Nm HMAC , -.Nm HMAC_CTX_new , -.Nm HMAC_CTX_reset , -.Nm HMAC_CTX_free , -.Nm HMAC_CTX_init , -.Nm HMAC_CTX_cleanup , -.Nm HMAC_cleanup , -.Nm HMAC_Init_ex , -.Nm HMAC_Init , -.Nm HMAC_Update , -.Nm HMAC_Final , -.Nm HMAC_CTX_copy , -.Nm HMAC_CTX_set_flags , -.Nm HMAC_CTX_get_md , -.Nm HMAC_size -.Nd HMAC message authentication code -.Sh SYNOPSIS -.In openssl/hmac.h -.Ft unsigned char * -.Fo HMAC -.Fa "const EVP_MD *evp_md" -.Fa "const void *key" -.Fa "int key_len" -.Fa "const unsigned char *d" -.Fa "size_t n" -.Fa "unsigned char *md" -.Fa "unsigned int *md_len" -.Fc -.Ft HMAC_CTX * -.Fn HMAC_CTX_new void -.Ft int -.Fo HMAC_CTX_reset -.Fa "HMAC_CTX *ctx" -.Fc -.Ft void -.Fo HMAC_CTX_free -.Fa "HMAC_CTX *ctx" -.Fc -.Ft void -.Fo HMAC_CTX_init -.Fa "HMAC_CTX *ctx" -.Fc -.Ft void -.Fo HMAC_CTX_cleanup -.Fa "HMAC_CTX *ctx" -.Fc -.Ft void -.Fo HMAC_cleanup -.Fa "HMAC_CTX *ctx" -.Fc -.Ft int -.Fo HMAC_Init_ex -.Fa "HMAC_CTX *ctx" -.Fa "const void *key" -.Fa "int key_len" -.Fa "const EVP_MD *md" -.Fa "ENGINE *impl" -.Fc -.Ft int -.Fo HMAC_Init -.Fa "HMAC_CTX *ctx" -.Fa "const void *key" -.Fa "int key_len" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo HMAC_Update -.Fa "HMAC_CTX *ctx" -.Fa "const unsigned char *data" -.Fa "size_t len" -.Fc -.Ft int -.Fo HMAC_Final -.Fa "HMAC_CTX *ctx" -.Fa "unsigned char *md" -.Fa "unsigned int *len" -.Fc -.Ft int -.Fo HMAC_CTX_copy -.Fa "HMAC_CTX *dctx" -.Fa "HMAC_CTX *sctx" -.Fc -.Ft void -.Fo HMAC_CTX_set_flags -.Fa "HMAC_CTX *ctx" -.Fa "unsigned long flags" -.Fc -.Ft const EVP_MD * -.Fo HMAC_CTX_get_md -.Fa "const HMAC_CTX *ctx" -.Fc -.Ft size_t -.Fo HMAC_size -.Fa "const HMAC_CTX *e" -.Fc -.Sh DESCRIPTION -HMAC is a MAC (message authentication code), i.e. a keyed hash -function used for message authentication, which is based on a hash -function. -.Pp -.Fn HMAC -computes the message authentication code of the -.Fa n -bytes at -.Fa d -using the hash function -.Fa evp_md -and the key -.Fa key -which is -.Fa key_len -bytes long. -.Pp -It places the result in -.Fa md , -which must have space for the output of the hash function, which is no -more than -.Dv EVP_MAX_MD_SIZE -bytes. -If -.Fa md -is -.Dv NULL , -the digest is placed in a static array, which is not thread safe. -The size of the output is placed in -.Fa md_len , -unless it is -.Dv NULL . -.Pp -.Fa evp_md -can be -.Xr EVP_sha1 3 , -.Xr EVP_ripemd160 3 , -etc. -.Pp -.Fn HMAC_CTX_new -allocates and initializes a new -.Vt HMAC_CTX -object. -.Pp -.Fn HMAC_CTX_reset -zeroes and re-initializes -.Fa ctx -and associated resources, making it suitable for new computations -as if it was deleted with -.Fn HMAC_CTX_free -and newly created with -.Fn HMAC_CTX_new . -.Pp -.Fn HMAC_CTX_free -erases the key and other data from -.Fa ctx , -releases any associated resources, and finally frees -.Fa ctx -itself. -.Pp -.Fn HMAC_CTX_init -is a deprecated function to initialize an empty -.Vt HMAC_CTX -object, similar to -.Fn CTX_new -but without the allocation. -Calling it is required for static objects and objects on the stack -before using them. -.Pp -.Fn HMAC_CTX_cleanup -is a deprecated function to erase the key and other data from -.Fa ctx -and release any associated resources, similar to -.Fn HMAC_CTX_free -but without freeing -.Fa ctx -itself. -Calling it is required for static objects and objects on the stack -that were initialized with -.Fn HMAC_CTX_init -and are no longer needed. -.Pp -.Fn HMAC_cleanup -is an alias for -.Fn HMAC_CTX_cleanup -included for backward compatibility with 0.9.6b. -It is deprecated and implemented as a macro. -.Pp -The following functions may be used if the message is not completely -stored in memory: -.Pp -.Fn HMAC_Init_ex -sets up or reuses -.Fa ctx -to use the hash function -.Fa evp_md -and the key -.Fa key . -Either can be -.Dv NULL , -in which case the existing one is reused. -The -.Fa ctx -must have been created with -.Fn HMAC_CTX_new -or initialized with -.Fn HMAC_CTX_init -before the first use in this function. -If -.Fn HMAC_Init_ex -is called with a -.Dv NULL -.Fa key -but -.Fa evp_md -is neither -.Dv NULL -nor the same as the previous digest used by -.Fa ctx , -then an error is returned because reuse of an existing key with a -different digest is not supported. -.Pp -.Fn HMAC_Init -is a deprecated wrapper around -.Fn HMAC_Init_ex . -If called with both -.Fa key -and -.Fa md , -it calls -.Fn HMAC_CTX_init -first, which only makes sense for an empty, uninitialized -.Fa ctx , -but not for one already initialized with -.Fn HMAC_CTX_new -or -.Fn HMAC_CTX_init . -If -.Fa key -or -.Fa md -is -.Dv NULL , -it does not call -.Fn HMAC_CTX_init ; -so in this case, -.Fa ctx -already needs to be initialized with -.Fn HMAC_CTX_new -or -.Fn HMAC_CTX_init . -.Pp -.Fn HMAC_Update -can be called repeatedly with chunks of the message to be authenticated -.Pq Fa len No bytes at Fa data . -.Pp -.Fn HMAC_Final -places the message authentication code in -.Fa md , -which must have space for the hash function output. -.Pp -.Fn HMAC_CTX_copy -copies all of the internal state from -.Fa sctx -into -.Fa dctx . -.Pp -.Fn HMAC_CTX_set_flags -applies the specified flags to the internal -.Vt EVP_MD_CTX -objects. -Possible flag values -.Dv EVP_MD_CTX_FLAG_* -are defined in -.In openssl/evp.h . -.Pp -.Fn HMAC_size -returns the length in bytes of the underlying hash function output. -It is implemented as a macro. -.Sh RETURN VALUES -.Fn HMAC -returns a pointer to the message authentication code or -.Dv NULL -if an error occurred. -.Pp -.Fn HMAC_CTX_new -returns a pointer to the new -.Vt HMAC_CTX -object or -.Dv NULL -if an error occurred. -.Pp -.Fn HMAC_CTX_reset , -.Fn HMAC_Init_ex , -.Fn HMAC_Update , -.Fn HMAC_Final , -and -.Fn HMAC_CTX_copy -return 1 for success or 0 if an error occurred. -.Pp -.Fn HMAC_CTX_get_md -returns the message digest that was previously set for -.Fa ctx -with -.Fn HMAC_Init_ex , -or -.Dv NULL -if none was set. -.Pp -.Fn HMAC_size -returns the length in bytes of the underlying hash function output -or 0 on error. -.Sh SEE ALSO -.Xr CMAC_Init 3 , -.Xr EVP_DigestInit 3 -.Sh STANDARDS -RFC 2104 -.Sh HISTORY -.Fn HMAC , -.Fn HMAC_cleanup , -.Fn HMAC_Init , -.Fn HMAC_Update , -.Fn HMAC_Final , -and -.Fn HMAC_size -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . -.Pp -.Fn HMAC_CTX_init , -.Fn HMAC_CTX_cleanup , -and -.Fn HMAC_Init_ex -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn HMAC_CTX_set_flags -first appeared in OpenSSL 0.9.7f and have been available since -.Ox 3.8 . -.Pp -.Fn HMAC_CTX_copy -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . -.Pp -.Fn HMAC_CTX_new , -.Fn HMAC_CTX_reset , -.Fn HMAC_CTX_free , -and -.Fn HMAC_CTX_get_md -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/MD5.3 b/src/lib/libcrypto/man/MD5.3 deleted file mode 100644 index 1e4a628591..0000000000 --- a/src/lib/libcrypto/man/MD5.3 +++ /dev/null @@ -1,196 +0,0 @@ -.\" $OpenBSD: MD5.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Ulf Moeller and -.\" Richard Levitte . -.\" Copyright (c) 2000, 2006 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt MD5 3 -.Os -.Sh NAME -.Nm MD4 , -.Nm MD5 , -.Nm MD4_Init , -.Nm MD4_Update , -.Nm MD4_Final , -.Nm MD5_Init , -.Nm MD5_Update , -.Nm MD5_Final -.Nd MD4 and MD5 hash functions -.Sh SYNOPSIS -.In openssl/md4.h -.Ft unsigned char * -.Fo MD4 -.Fa "const unsigned char *d" -.Fa "unsigned long n" -.Fa "unsigned char *md" -.Fc -.Ft int -.Fo MD4_Init -.Fa "MD4_CTX *c" -.Fc -.Ft int -.Fo MD4_Update -.Fa "MD4_CTX *c" -.Fa "const void *data" -.Fa "unsigned long len" -.Fc -.Ft int -.Fo MD4_Final -.Fa "unsigned char *md" -.Fa "MD4_CTX *c" -.Fc -.In openssl/md5.h -.Ft unsigned char * -.Fo MD5 -.Fa "const unsigned char *d" -.Fa "unsigned long n" -.Fa "unsigned char *md" -.Fc -.Ft int -.Fo MD5_Init -.Fa "MD5_CTX *c" -.Fc -.Ft int -.Fo MD5_Update -.Fa "MD5_CTX *c" -.Fa "const void *data" -.Fa "unsigned long len" -.Fc -.Ft int -.Fo MD5_Final -.Fa "unsigned char *md" -.Fa "MD5_CTX *c" -.Fc -.Sh DESCRIPTION -MD4 and MD5 are cryptographic hash functions with a 128-bit -output. -.Pp -.Fn MD4 -and -.Fn MD5 -compute the MD4 and MD5 message digest of the -.Fa n -bytes at -.Fa d -and place it in -.Fa md , -which must have space for -.Dv MD4_DIGEST_LENGTH No == Dv MD5_DIGEST_LENGTH No == 16 -bytes of output. -If -.Fa md -is -.Dv NULL , -the digest is placed in a static array. -.Pp -The following functions may be used if the message is not completely -stored in memory: -.Pp -.Fn MD5_Init -initializes a -.Vt MD5_CTX -structure. -.Pp -.Fn MD5_Update -can be called repeatedly with chunks of the message to be hashed -.Pq Fa len No bytes at Fa data . -.Pp -.Fn MD5_Final -places the message digest in -.Fa md , -which must have space for -.Dv MD5_DIGEST_LENGTH No == 16 -bytes of output, and erases the -.Vt MD5_CTX . -.Pp -.Fn MD4_Init , -.Fn MD4_Update , -and -.Fn MD4_Final -are analogous using an -.Vt MD4_CTX -structure. -.Pp -Applications should use the higher level functions -.Xr EVP_DigestInit 3 -etc. instead of calling these hash functions directly. -.Sh RETURN VALUES -.Fn MD4 -and -.Fn MD5 -return pointers to the hash value. -.Pp -.Fn MD4_Init , -.Fn MD4_Update , -.Fn MD4_Final , -.Fn MD5_Init , -.Fn MD5_Update , -and -.Fn MD5_Final -return 1 for success or 0 otherwise. -.Sh SEE ALSO -.Xr EVP_DigestInit 3 -.Sh STANDARDS -RFC 1320, RFC 1321 -.Sh HISTORY -.Fn MD5 , -.Fn MD5_Init , -.Fn MD5_Update , -and -.Fn MD5_Final -appeared in SSLeay 0.4 or earlier and have been available since -.Ox 2.4 . -.Pp -.Fn MD4 , -.Fn MD4_Init , -.Fn MD4_Update , -and -.Fn MD4_Final -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile deleted file mode 100644 index 1b838a599c..0000000000 --- a/src/lib/libcrypto/man/Makefile +++ /dev/null @@ -1,390 +0,0 @@ -# $OpenBSD: Makefile,v 1.190 2021/08/06 21:50:54 schwarze Exp $ - -.include - -MAN= \ - ACCESS_DESCRIPTION_new.3 \ - AES_encrypt.3 \ - ASN1_INTEGER_get.3 \ - ASN1_OBJECT_new.3 \ - ASN1_STRING_length.3 \ - ASN1_STRING_new.3 \ - ASN1_STRING_print_ex.3 \ - ASN1_STRING_TABLE_add.3 \ - ASN1_TIME_set.3 \ - ASN1_TYPE_get.3 \ - ASN1_generate_nconf.3 \ - ASN1_get_object.3 \ - ASN1_item_d2i.3 \ - ASN1_item_new.3 \ - ASN1_parse_dump.3 \ - ASN1_put_object.3 \ - ASN1_time_parse.3 \ - AUTHORITY_KEYID_new.3 \ - BASIC_CONSTRAINTS_new.3 \ - BF_set_key.3 \ - BIO_ctrl.3 \ - BIO_dump.3 \ - BIO_f_base64.3 \ - BIO_f_buffer.3 \ - BIO_f_cipher.3 \ - BIO_f_md.3 \ - BIO_f_null.3 \ - BIO_find_type.3 \ - BIO_get_data.3 \ - BIO_get_ex_new_index.3 \ - BIO_meth_new.3 \ - BIO_new.3 \ - BIO_new_CMS.3 \ - BIO_printf.3 \ - BIO_push.3 \ - BIO_read.3 \ - BIO_s_accept.3 \ - BIO_s_bio.3 \ - BIO_s_connect.3 \ - BIO_s_fd.3 \ - BIO_s_file.3 \ - BIO_s_mem.3 \ - BIO_s_null.3 \ - BIO_s_socket.3 \ - BIO_set_callback.3 \ - BIO_should_retry.3 \ - BN_BLINDING_new.3 \ - BN_CTX_new.3 \ - BN_CTX_start.3 \ - BN_add.3 \ - BN_add_word.3 \ - BN_bn2bin.3 \ - BN_cmp.3 \ - BN_copy.3 \ - BN_generate_prime.3 \ - BN_get0_nist_prime_521.3 \ - BN_mod_inverse.3 \ - BN_mod_mul_montgomery.3 \ - BN_mod_mul_reciprocal.3 \ - BN_new.3 \ - BN_num_bytes.3 \ - BN_rand.3 \ - BN_set_bit.3 \ - BN_set_flags.3 \ - BN_set_negative.3 \ - BN_swap.3 \ - BN_zero.3 \ - BUF_MEM_new.3 \ - CMAC_Init.3 \ - CMS_ContentInfo_new.3 \ - CMS_add0_cert.3 \ - CMS_add1_recipient_cert.3 \ - CMS_add1_signer.3 \ - CMS_compress.3 \ - CMS_decrypt.3 \ - CMS_encrypt.3 \ - CMS_final.3 \ - CMS_get0_RecipientInfos.3 \ - CMS_get0_SignerInfos.3 \ - CMS_get0_type.3 \ - CMS_get1_ReceiptRequest.3 \ - CMS_sign.3 \ - CMS_sign_receipt.3 \ - CMS_uncompress.3 \ - CMS_verify.3 \ - CMS_verify_receipt.3 \ - CONF_modules_free.3 \ - CONF_modules_load_file.3 \ - CRYPTO_get_mem_functions.3 \ - CRYPTO_lock.3 \ - CRYPTO_memcmp.3 \ - CRYPTO_set_ex_data.3 \ - ChaCha.3 \ - DES_set_key.3 \ - DH_generate_key.3 \ - DH_generate_parameters.3 \ - DH_get_ex_new_index.3 \ - DH_get0_pqg.3 \ - DH_new.3 \ - DH_set_method.3 \ - DH_size.3 \ - DIST_POINT_new.3 \ - DSA_SIG_new.3 \ - DSA_do_sign.3 \ - DSA_dup_DH.3 \ - DSA_generate_key.3 \ - DSA_generate_parameters.3 \ - DSA_get_ex_new_index.3 \ - DSA_get0_pqg.3 \ - DSA_meth_new.3 \ - DSA_new.3 \ - DSA_set_method.3 \ - DSA_sign.3 \ - DSA_size.3 \ - ECDH_compute_key.3 \ - ECDSA_SIG_new.3 \ - EC_GFp_simple_method.3 \ - EC_GROUP_copy.3 \ - EC_GROUP_new.3 \ - EC_KEY_METHOD_new.3 \ - EC_KEY_new.3 \ - EC_POINT_add.3 \ - EC_POINT_new.3 \ - ENGINE_add.3 \ - ENGINE_ctrl.3 \ - ENGINE_get_default_RSA.3 \ - ENGINE_init.3 \ - ENGINE_new.3 \ - ENGINE_register_RSA.3 \ - ENGINE_register_all_RSA.3 \ - ENGINE_set_RSA.3 \ - ENGINE_set_default.3 \ - ENGINE_set_flags.3 \ - ENGINE_unregister_RSA.3 \ - ERR.3 \ - ERR_GET_LIB.3 \ - ERR_asprintf_error_data.3 \ - ERR_clear_error.3 \ - ERR_error_string.3 \ - ERR_get_error.3 \ - ERR_load_crypto_strings.3 \ - ERR_load_strings.3 \ - ERR_print_errors.3 \ - ERR_put_error.3 \ - ERR_remove_state.3 \ - ERR_set_mark.3 \ - ESS_SIGNING_CERT_new.3 \ - EVP_AEAD_CTX_init.3 \ - EVP_BytesToKey.3 \ - EVP_DigestInit.3 \ - EVP_DigestSignInit.3 \ - EVP_DigestVerifyInit.3 \ - EVP_EncodeInit.3 \ - EVP_EncryptInit.3 \ - EVP_OpenInit.3 \ - EVP_PKEY_asn1_new.3 \ - EVP_PKEY_asn1_get_count.3 \ - EVP_PKEY_CTX_ctrl.3 \ - EVP_PKEY_CTX_new.3 \ - EVP_PKEY_cmp.3 \ - EVP_PKEY_decrypt.3 \ - EVP_PKEY_derive.3 \ - EVP_PKEY_encrypt.3 \ - EVP_PKEY_get_default_digest_nid.3 \ - EVP_PKEY_keygen.3 \ - EVP_PKEY_meth_get0_info.3 \ - EVP_PKEY_meth_new.3 \ - EVP_PKEY_new.3 \ - EVP_PKEY_print_private.3 \ - EVP_PKEY_set1_RSA.3 \ - EVP_PKEY_sign.3 \ - EVP_PKEY_verify.3 \ - EVP_PKEY_verify_recover.3 \ - EVP_SealInit.3 \ - EVP_SignInit.3 \ - EVP_VerifyInit.3 \ - EVP_aes_128_cbc.3 \ - EVP_camellia_128_cbc.3 \ - EVP_des_cbc.3 \ - EVP_rc4.3 \ - EVP_sm3.3 \ - EVP_sm4_cbc.3 \ - EVP_whirlpool.3 \ - EXTENDED_KEY_USAGE_new.3 \ - GENERAL_NAME_new.3 \ - HMAC.3 \ - MD5.3 \ - NAME_CONSTRAINTS_new.3 \ - OBJ_nid2obj.3 \ - OCSP_CRLID_new.3 \ - OCSP_REQUEST_new.3 \ - OCSP_SERVICELOC_new.3 \ - OCSP_cert_to_id.3 \ - OCSP_request_add1_nonce.3 \ - OCSP_resp_find_status.3 \ - OCSP_response_status.3 \ - OCSP_sendreq_new.3 \ - OPENSSL_VERSION_NUMBER.3 \ - OPENSSL_cleanse.3 \ - OPENSSL_config.3 \ - OPENSSL_init_crypto.3 \ - OPENSSL_load_builtin_modules.3 \ - OPENSSL_malloc.3 \ - OPENSSL_sk_new.3 \ - OpenSSL_add_all_algorithms.3 \ - PEM_ASN1_read.3 \ - PEM_X509_INFO_read.3 \ - PEM_bytes_read_bio.3 \ - PEM_read.3 \ - PEM_read_bio_PrivateKey.3 \ - PEM_write_bio_CMS_stream.3 \ - PEM_write_bio_PKCS7_stream.3 \ - PKCS12_create.3 \ - PKCS12_new.3 \ - PKCS12_newpass.3 \ - PKCS12_parse.3 \ - PKCS12_SAFEBAG_new.3 \ - PKCS5_PBKDF2_HMAC.3 \ - PKCS7_add_attribute.3 \ - PKCS7_dataFinal.3 \ - PKCS7_dataInit.3 \ - PKCS7_decrypt.3 \ - PKCS7_encrypt.3 \ - PKCS7_final.3 \ - PKCS7_get_signer_info.3 \ - PKCS7_new.3 \ - PKCS7_set_content.3 \ - PKCS7_set_type.3 \ - PKCS7_sign.3 \ - PKCS7_sign_add_signer.3 \ - PKCS7_verify.3 \ - PKCS8_PRIV_KEY_INFO_new.3 \ - PKEY_USAGE_PERIOD_new.3 \ - POLICYINFO_new.3 \ - PROXY_POLICY_new.3 \ - RAND_add.3 \ - RAND_bytes.3 \ - RAND_load_file.3 \ - RAND_set_rand_method.3 \ - RC4.3 \ - RIPEMD160.3 \ - RSA_PSS_PARAMS_new.3 \ - RSA_blinding_on.3 \ - RSA_check_key.3 \ - RSA_generate_key.3 \ - RSA_get_ex_new_index.3 \ - RSA_get0_key.3 \ - RSA_meth_new.3 \ - RSA_new.3 \ - RSA_padding_add_PKCS1_type_1.3 \ - RSA_pkey_ctx_ctrl.3 \ - RSA_print.3 \ - RSA_private_encrypt.3 \ - RSA_public_encrypt.3 \ - RSA_set_method.3 \ - RSA_sign.3 \ - RSA_sign_ASN1_OCTET_STRING.3 \ - RSA_size.3 \ - SHA1.3 \ - SMIME_read_CMS.3 \ - SMIME_read_PKCS7.3 \ - SMIME_write_CMS.3 \ - SMIME_write_PKCS7.3 \ - STACK_OF.3 \ - SXNET_new.3 \ - TS_REQ_new.3 \ - UI_UTIL_read_pw.3 \ - UI_create_method.3 \ - UI_get_string_type.3 \ - UI_new.3 \ - X25519.3 \ - X509V3_get_d2i.3 \ - X509_ALGOR_dup.3 \ - X509_ATTRIBUTE_new.3 \ - X509_CINF_new.3 \ - X509_CRL_get0_by_serial.3 \ - X509_CRL_new.3 \ - X509_CRL_print.3 \ - X509_EXTENSION_set_object.3 \ - X509_INFO_new.3 \ - X509_LOOKUP_hash_dir.3 \ - X509_LOOKUP_new.3 \ - X509_NAME_ENTRY_get_object.3 \ - X509_NAME_add_entry_by_txt.3 \ - X509_NAME_get_index_by_NID.3 \ - X509_NAME_hash.3 \ - X509_NAME_new.3 \ - X509_NAME_print_ex.3 \ - X509_OBJECT_get0_X509.3 \ - X509_PUBKEY_new.3 \ - X509_PURPOSE_set.3 \ - X509_REQ_new.3 \ - X509_REVOKED_new.3 \ - X509_SIG_new.3 \ - X509_STORE_CTX_get_error.3 \ - X509_STORE_CTX_get_ex_new_index.3 \ - X509_STORE_CTX_new.3 \ - X509_STORE_CTX_set_flags.3 \ - X509_STORE_CTX_set_verify_cb.3 \ - X509_STORE_get_by_subject.3 \ - X509_STORE_load_locations.3 \ - X509_STORE_new.3 \ - X509_STORE_set_verify_cb_func.3 \ - X509_STORE_set1_param.3 \ - X509_TRUST_set.3 \ - X509_VERIFY_PARAM_set_flags.3 \ - X509_add1_trust_object.3 \ - X509_check_ca.3 \ - X509_check_host.3 \ - X509_check_issued.3 \ - X509_check_private_key.3 \ - X509_check_purpose.3 \ - X509_check_trust.3 \ - X509_cmp.3 \ - X509_cmp_time.3 \ - X509_digest.3 \ - X509_find_by_subject.3 \ - X509_get_pubkey.3 \ - X509_get_serialNumber.3 \ - X509_get_subject_name.3 \ - X509_get_version.3 \ - X509_get0_notBefore.3 \ - X509_get0_signature.3 \ - X509_get1_email.3 \ - X509_keyid_set1.3 \ - X509_new.3 \ - X509_ocspid_print.3 \ - X509_policy_check.3 \ - X509_policy_tree_level_count.3 \ - X509_print_ex.3 \ - X509_sign.3 \ - X509_signature_dump.3 \ - X509_verify_cert.3 \ - X509V3_EXT_print.3 \ - X509V3_extensions_print.3 \ - X509v3_get_ext_by_NID.3 \ - crypto.3 \ - d2i_ASN1_NULL.3 \ - d2i_ASN1_OBJECT.3 \ - d2i_ASN1_OCTET_STRING.3 \ - d2i_ASN1_SEQUENCE_ANY.3 \ - d2i_AUTHORITY_KEYID.3 \ - d2i_BASIC_CONSTRAINTS.3 \ - d2i_CMS_ContentInfo.3 \ - d2i_DHparams.3 \ - d2i_DIST_POINT.3 \ - d2i_DSAPublicKey.3 \ - d2i_ECPKParameters.3 \ - d2i_ESS_SIGNING_CERT.3 \ - d2i_GENERAL_NAME.3 \ - d2i_OCSP_REQUEST.3 \ - d2i_OCSP_RESPONSE.3 \ - d2i_PKCS12.3 \ - d2i_PKCS7.3 \ - d2i_PKCS8_PRIV_KEY_INFO.3 \ - d2i_PKCS8PrivateKey_bio.3 \ - d2i_PKEY_USAGE_PERIOD.3 \ - d2i_POLICYINFO.3 \ - d2i_PROXY_POLICY.3 \ - d2i_PrivateKey.3 \ - d2i_RSAPublicKey.3 \ - d2i_TS_REQ.3 \ - d2i_X509.3 \ - d2i_X509_ALGOR.3 \ - d2i_X509_ATTRIBUTE.3 \ - d2i_X509_CRL.3 \ - d2i_X509_EXTENSION.3 \ - d2i_X509_NAME.3 \ - d2i_X509_REQ.3 \ - d2i_X509_SIG.3 \ - des_read_pw.3 \ - evp.3 \ - get_rfc3526_prime_8192.3 \ - i2d_CMS_bio_stream.3 \ - i2d_PKCS7_bio_stream.3 \ - lh_new.3 \ - lh_stats.3 \ - openssl.cnf.5 \ - x509v3.cnf.5 - -all clean cleandir depend includes obj tags: - -install: maninstall - -.include diff --git a/src/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 b/src/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 deleted file mode 100644 index fec3aba7f7..0000000000 --- a/src/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 +++ /dev/null @@ -1,100 +0,0 @@ -.\" $OpenBSD: NAME_CONSTRAINTS_new.3,v 1.4 2020/09/17 08:50:05 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: September 17 2020 $ -.Dt NAME_CONSTRAINTS_NEW 3 -.Os -.Sh NAME -.Nm NAME_CONSTRAINTS_new , -.Nm NAME_CONSTRAINTS_free , -.Nm GENERAL_SUBTREE_new , -.Nm GENERAL_SUBTREE_free -.\" .Nm NAME_CONSTRAINTS_check is intentionally undocumented. -.\" beck@ said in the x509/x509_ncons.c rev. 1.4 commit message: -.\" We probably need to deprecate it thoughtfully. -.Nd X.509 CA name constraints extension -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft NAME_CONSTRAINTS * -.Fn NAME_CONSTRAINTS_new void -.Ft void -.Fn NAME_CONSTRAINTS_free "NAME_CONSTRAINTS *names" -.Ft GENERAL_SUBTREE * -.Fn GENERAL_SUBTREE_new void -.Ft void -.Fn GENERAL_SUBTREE_free "GENERAL_SUBTREE *name" -.Sh DESCRIPTION -X.509 CA certificates can use the name constraints extension -to restrict the subject names of subsequent certificates in a -certification path. -.Pp -.Fn NAME_CONSTRAINTS_new -allocates and initializes an empty -.Vt NAME_CONSTRAINTS -object, representing an ASN.1 -.Vt NameConstraints -structure defined in RFC 5280 section 4.2.1.10. -It consists of two -.Vt STACK_OF(GENERAL_SUBTREE) -objects, one specifying permitted names, the other excluded names. -.Fn NAME_CONSTRAINTS_free -frees -.Fa names . -.Pp -.Fn GENERAL_SUBTREE_new -allocates and initializes an empty -.Vt GENERAL_SUBTREE -object, representing an ASN.1 -.Vt GeneralSubtree -structure defined in RFC 5280 section 4.2.1.10. -It is a trivial wrapper around the -.Vt GENERAL_NAME -object documented in -.Xr GENERAL_NAME_new 3 . -The standard requires the other fields of -.Vt GENERAL_SUBTREE -to be ignored. -.Fn GENERAL_SUBTREE_free -frees -.Fa name . -.Sh RETURN VALUES -.Fn NAME_CONSTRAINTS_new -and -.Fn GENERAL_SUBTREE_new -return the new -.Vt NAME_CONSTRAINTS -or -.Vt GENERAL_SUBTREE -object, respectively, or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr BASIC_CONSTRAINTS_new 3 , -.Xr GENERAL_NAMES_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, -section 4.2.1.10: Name Constraints -.Sh HISTORY -.Fn NAME_CONSTRAINTS_new , -.Fn NAME_CONSTRAINTS_free , -.Fn GENERAL_SUBTREE_new , -and -.Fn GENERAL_SUBTREE_free -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/OBJ_nid2obj.3 b/src/lib/libcrypto/man/OBJ_nid2obj.3 deleted file mode 100644 index db9cd05c26..0000000000 --- a/src/lib/libcrypto/man/OBJ_nid2obj.3 +++ /dev/null @@ -1,479 +0,0 @@ -.\" $OpenBSD: OBJ_nid2obj.3,v 1.15 2021/07/05 17:57:16 schwarze Exp $ -.\" OpenSSL c264592d May 14 11:28:00 2006 +0000 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2017, 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2006, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 5 2021 $ -.Dt OBJ_NID2OBJ 3 -.Os -.Sh NAME -.Nm OBJ_nid2obj , -.Nm OBJ_nid2ln , -.Nm OBJ_nid2sn , -.Nm OBJ_obj2nid , -.Nm OBJ_ln2nid , -.Nm OBJ_sn2nid , -.Nm OBJ_txt2nid , -.Nm OBJ_txt2obj , -.Nm OBJ_obj2txt , -.Nm OBJ_cmp , -.Nm OBJ_dup , -.Nm OBJ_create , -.Nm OBJ_cleanup , -.Nm i2t_ASN1_OBJECT , -.Nm i2a_ASN1_OBJECT -.Nd inspect and create ASN.1 object identifiers -.Sh SYNOPSIS -.In openssl/objects.h -.Ft ASN1_OBJECT * -.Fo OBJ_nid2obj -.Fa "int n" -.Fc -.Ft const char * -.Fo OBJ_nid2ln -.Fa "int n" -.Fc -.Ft const char * -.Fo OBJ_nid2sn -.Fa "int n" -.Fc -.Ft int -.Fo OBJ_obj2nid -.Fa "const ASN1_OBJECT *o" -.Fc -.Ft int -.Fo OBJ_ln2nid -.Fa "const char *ln" -.Fc -.Ft int -.Fo OBJ_sn2nid -.Fa "const char *sn" -.Fc -.Ft int -.Fo OBJ_txt2nid -.Fa "const char *s" -.Fc -.Ft ASN1_OBJECT * -.Fo OBJ_txt2obj -.Fa "const char *s" -.Fa "int no_name" -.Fc -.Ft int -.Fo OBJ_obj2txt -.Fa "char *buf" -.Fa "int buf_len" -.Fa "const ASN1_OBJECT *a" -.Fa "int no_name" -.Fc -.Ft int -.Fo OBJ_cmp -.Fa "const ASN1_OBJECT *a" -.Fa "const ASN1_OBJECT *b" -.Fc -.Ft ASN1_OBJECT * -.Fo OBJ_dup -.Fa "const ASN1_OBJECT *o" -.Fc -.Ft int -.Fo OBJ_create -.Fa "const char *oid" -.Fa "const char *sn" -.Fa "const char *ln" -.Fc -.Ft void -.Fn OBJ_cleanup void -.In openssl/asn1.h -.Ft int -.Fo i2t_ASN1_OBJECT -.Fa "char *buf" -.Fa "int buf_len" -.Fa "const ASN1_OBJECT *a" -.Fc -.Ft int -.Fo i2a_ASN1_OBJECT -.Fa "BIO *out_bio" -.Fa "const ASN1_OBJECT *a" -.Fc -.Sh DESCRIPTION -The ASN.1 object utility functions process -.Vt ASN1_OBJECT -structures which are a representation of the ASN.1 OBJECT IDENTIFIER -(OID) type. -For convenience, OIDs are usually represented in source code as -numeric identifiers, or NIDs. -OpenSSL has an internal table of OIDs that are generated when the -library is built, and their corresponding NIDs are available as -defined constants. -For the functions below, application code should treat all returned -values \(em OIDs, NIDs, or names \(em as constants. -.Pp -.Fn OBJ_nid2obj , -.Fn OBJ_nid2ln , -and -.Fn OBJ_nid2sn -convert the NID -.Fa n -to an -.Vt ASN1_OBJECT -structure, its long name, and its short name, respectively, or return -.Dv NULL -if an error occurred. -.Pp -.Fn OBJ_obj2nid , -.Fn OBJ_ln2nid , -and -.Fn OBJ_sn2nid -return the corresponding NID for the object -.Fa o , -the long name -.Fa ln , -or the short name -.Fa sn , -respectively, or -.Dv NID_undef -if an error occurred. -.Pp -.Fn OBJ_txt2nid -returns the NID corresponding to text string -.Fa s . -.Fa s -can be a long name, a short name, or the numerical representation -of an object. -.Pp -.Fn OBJ_txt2obj -converts the text string -.Fa s -into an -.Vt ASN1_OBJECT -structure. -If -.Fa no_name -is 0 then long names and short names will be interpreted as well as -numerical forms. -If -.Fa no_name -is 1 only the numerical form is acceptable. -.Pp -.Fn OBJ_obj2txt -converts the -.Vt ASN1_OBJECT -.Fa a -into a textual representation. -The representation is written as a NUL terminated string to -.Fa buf . -At most -.Fa buf_len -bytes are written, truncating the result if necessary. -The total amount of space required is returned. -If -.Fa no_name -is 0 and the object has a long or short name, then that will be used, -otherwise the numerical form will be used. -.Pp -.Fn i2t_ASN1_OBJECT -is the same as -.Fn OBJ_obj2txt -with -.Fa no_name -set to 0. -.Pp -.Fn i2a_ASN1_OBJECT -writes a textual representation of -.Fa a -to -.Fa out_bio -using -.Xr BIO_write 3 . -It does not write a terminating NUL byte. -If -.Fa a -is -.Dv NULL -or contains no data, it writes the 4-byte string -.Qq NULL . -If -.Fn i2t_ASN1_OBJECT -fails, -.Fn i2a_ASN1_OBJECT -writes the 9-byte string -.Qq . -Otherwise, it writes the string constructed with -.Fn i2t_ASN1_OBJECT . -.Pp -.Fn OBJ_cmp -compares -.Fa a -to -.Fa b . -If the two are identical, 0 is returned. -.Pp -.Fn OBJ_dup -returns a deep copy of -.Fa o -if -.Fa o -is marked as dynamically allocated. -The new object and all data contained in it is marked as dynamically -allocated. -If -.Fa o -is not marked as dynamically allocated, -.Fn OBJ_dup -just returns -.Fa o -itself. -.Pp -.Fn OBJ_create -adds a new object to the internal table. -.Fa oid -is the numerical form of the object, -.Fa sn -the short name and -.Fa ln -the long name. -A new NID is returned for the created object. -.Pp -The new object added to the internal table and all the data -contained in it is marked as not dynamically allocated. -Consequently, retrieving it with -.Fn OBJ_nid2obj -or a similar function and then calling -.Xr ASN1_OBJECT_free 3 -on the returned pointer will have no effect. -.Pp -.Fn OBJ_cleanup -cleans up the internal object table: this should be called before -an application exits if any new objects were added using -.Fn OBJ_create . -.Pp -Objects can have a short name, a long name, and a numerical -identifier (NID) associated with them. -A standard set of objects is represented in an internal table. -The appropriate values are defined in the header file -.In openssl/objects.h . -.Pp -For example, the OID for commonName has the following definitions: -.Bd -literal -#define SN_commonName "CN" -#define LN_commonName "commonName" -#define NID_commonName 13 -.Ed -.Pp -New objects can be added by calling -.Fn OBJ_create . -.Pp -Table objects have certain advantages over other objects: for example -their NIDs can be used in a C language switch statement. -They are also static constant structures which are shared: that is there -is only a single constant structure for each table object. -.Pp -Objects which are not in the table have the NID value -.Dv NID_undef . -.Pp -Objects do not need to be in the internal tables to be processed: -the functions -.Fn OBJ_txt2obj -and -.Fn OBJ_obj2txt -can process the numerical form of an OID. -.Sh RETURN VALUES -.Fn OBJ_nid2obj , -.Fn OBJ_txt2obj , -and -.Fn OBJ_dup -return an -.Vt ASN1_OBJECT -object or -.Dv NULL -if an error occurs. -.Pp -.Fn OBJ_nid2ln -and -.Fn OBJ_nid2sn -return a valid string or -.Dv NULL -on error. -.Pp -.Fn OBJ_obj2nid , -.Fn OBJ_ln2nid , -.Fn OBJ_sn2nid , -and -.Fn OBJ_txt2nid -return a NID or -.Dv NID_undef -on error. -.Pp -.Fn OBJ_obj2txt -and -.Fn i2t_ASN1_OBJECT -return the amount of space required in bytes, -including the terminating NUL byte. -.Pp -.Fn i2a_ASN1_OBJECT -returns the number of bytes written, even if -.Fa a -is invalid or contains invalid data, -but a negative value if memory allocation or a write operation fails. -.Pp -.Fn OBJ_cmp -returns 0 if the contents of -.Fa a -and -.Fa b -are identical, or non-zero otherwise. -.Pp -.Fn OBJ_create -returns the new NID or -.Dv NID_undef -if an error occurs. -.Pp -In some cases of failure of -.Fn OBJ_nid2obj , -.Fn OBJ_nid2ln , -.Fn OBJ_nid2sn , -.Fn OBJ_txt2nid , -.Fn OBJ_txt2obj , -.Fn OBJ_obj2txt , -.Fn OBJ_dup , -.Fn OBJ_create , -.Fn i2t_ASN1_OBJECT , -and -.Fn i2a_ASN1_OBJECT , -the reason can be determined with -.Xr ERR_get_error 3 . -.Sh EXAMPLES -Create an object for -.Sy commonName : -.Bd -literal -offset indent -ASN1_OBJECT *o; -o = OBJ_nid2obj(NID_commonName); -.Ed -.Pp -Check if an object is -.Sy commonName : -.Bd -literal -offset indent -if (OBJ_obj2nid(obj) == NID_commonName) - /* Do something */ -.Ed -.Pp -Create a new NID and initialize an object from it: -.Bd -literal -offset indent -int new_nid; -ASN1_OBJECT *obj; -new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); -obj = OBJ_nid2obj(new_nid); -.Ed -.Pp -Create a new object directly: -.Bd -literal -offset indent -obj = OBJ_txt2obj("1.2.3.4", 1); -.Ed -.Sh SEE ALSO -.Xr ASN1_OBJECT_new 3 , -.Xr BIO_new 3 , -.Xr d2i_ASN1_OBJECT 3 -.Sh HISTORY -.Fn OBJ_nid2obj , -.Fn OBJ_nid2ln , -.Fn OBJ_nid2sn , -.Fn OBJ_obj2nid , -.Fn OBJ_ln2nid , -.Fn OBJ_sn2nid , -.Fn OBJ_txt2nid , -.Fn OBJ_cmp , -and -.Fn OBJ_dup -first appeared in SSLeay 0.5.1. -.Fn i2a_ASN1_OBJECT -first appeared in SSLeay 0.6.0, -.Fn OBJ_cleanup -in SSLeay 0.8.0, and -.Fn OBJ_create -and -.Fn i2t_ASN1_OBJECT -in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn OBJ_txt2obj -first appeared in OpenSSL 0.9.2b. -.Fn OBJ_obj2txt -first appeared in OpenSSL 0.9.4. -Both functions have been available since -.Ox 2.6 . -.Sh BUGS -.Fn OBJ_obj2txt -is awkward and messy to use: it doesn't follow the convention of other -OpenSSL functions where the buffer can be set to -.Dv NULL -to determine the amount of data that should be written. -Instead -.Fa buf -must point to a valid buffer and -.Fa buf_len -should be set to a positive value. -A buffer length of 80 should be more than enough to handle any OID -encountered in practice. diff --git a/src/lib/libcrypto/man/OCSP_CRLID_new.3 b/src/lib/libcrypto/man/OCSP_CRLID_new.3 deleted file mode 100644 index 4bb6971ca9..0000000000 --- a/src/lib/libcrypto/man/OCSP_CRLID_new.3 +++ /dev/null @@ -1,113 +0,0 @@ -.\" $OpenBSD: OCSP_CRLID_new.3,v 1.7 2019/06/06 01:06:58 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt OCSP_CRLID_NEW 3 -.Os -.Sh NAME -.Nm OCSP_CRLID_new , -.Nm OCSP_CRLID_free , -.Nm OCSP_crlID_new -.Nd OCSP CRL extension -.Sh SYNOPSIS -.In opsenssl/ocsp.h -.Ft OCSP_CRLID * -.Fn OCSP_CRLID_new void -.Ft void -.Fn OCSP_CRLID_free "OCSP_CRLID *crlid" -.Ft X509_EXTENSION * -.Fo OCSP_crlID_new -.Fa "const char *url" -.Fa "long *number" -.Fa "char *time" -.Fc -.Sh DESCRIPTION -If a client asks about the validity of a certificate and it turns -out to be invalid, the responder may optionally communicate which -certificate revocation list the certificate was found on. -The required data is stored as an ASN.1 -.Vt CrlID -structure in the singleExtensions field of the -.Vt SingleResponse -structure. -The -.Vt CrlID -is represented by an -.Vt OCSP_CRLID -object, which will be stored inside the -.Vt OCSP_SINGLERESP -object documented in -.Xr OCSP_SINGLERESP_new 3 . -.Pp -.Fn OCSP_CRLID_new -allocates and initializes an empty -.Vt OCSP_CRLID -object. -.Fn OCSP_CRLID_free -frees -.Fa crlid . -.Pp -.Fn OCSP_crlID_new -accepts the -.Fa url -at which the CRL is available, the CRL -.Fa number , -and/or the -.Fa time -at which the CRL was created. -Each argument can be -.Dv NULL , -in which case the respective field is omitted. -The resulting -.Vt CrlID -structure is encoded in ASN.1 using -.Xr X509V3_EXT_i2d 3 -with criticality 0. -.Sh RETURN VALUES -.Fn OCSP_CRLID_new -returns a new -.Vt OCSP_CRLID -object or -.Dv NULL -if an error occurred. -.Pp -.Fn OCSP_crlID_new -returns a new -.Vt X509_EXTENSION -object or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr OCSP_REQUEST_new 3 , -.Xr OCSP_resp_find_status 3 , -.Xr OCSP_response_status 3 , -.Xr X509_EXTENSION_new 3 -.Sh STANDARDS -RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate -Status Protocol, section 4.4.2: CRL References -.Sh HISTORY -.Fn OCSP_CRLID_new , -.Fn OCSP_CRLID_free , -and -.Fn OCSP_crlID_new -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Sh CAVEATS -The function names -.Fn OCSP_CRLID_new -and -.Fn OCSP_crlID_new -only differ in case. diff --git a/src/lib/libcrypto/man/OCSP_REQUEST_new.3 b/src/lib/libcrypto/man/OCSP_REQUEST_new.3 deleted file mode 100644 index 29084a657f..0000000000 --- a/src/lib/libcrypto/man/OCSP_REQUEST_new.3 +++ /dev/null @@ -1,329 +0,0 @@ -.\" $OpenBSD: OCSP_REQUEST_new.3,v 1.11 2021/08/06 21:45:55 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 6 2021 $ -.Dt OCSP_REQUEST_NEW 3 -.Os -.Sh NAME -.Nm OCSP_REQUEST_new , -.Nm OCSP_REQUEST_free , -.Nm OCSP_SIGNATURE_new , -.Nm OCSP_SIGNATURE_free , -.Nm OCSP_REQINFO_new , -.Nm OCSP_REQINFO_free , -.Nm OCSP_ONEREQ_new , -.Nm OCSP_ONEREQ_free , -.Nm OCSP_request_add0_id , -.Nm OCSP_request_sign , -.Nm OCSP_request_add1_cert , -.Nm OCSP_request_onereq_count , -.Nm OCSP_request_onereq_get0 -.Nd OCSP request functions -.Sh SYNOPSIS -.In openssl/ocsp.h -.Ft OCSP_REQUEST * -.Fn OCSP_REQUEST_new void -.Ft void -.Fn OCSP_REQUEST_free "OCSP_REQUEST *req" -.Ft OCSP_SIGNATURE * -.Fn OCSP_SIGNATURE_new void -.Ft void -.Fn OCSP_SIGNATURE_free "OCSP_SIGNATURE *signature" -.Ft OCSP_REQINFO * -.Fn OCSP_REQINFO_new void -.Ft void -.Fn OCSP_REQINFO_free "OCSP_REQINFO *reqinfo" -.Ft OCSP_ONEREQ * -.Fn OCSP_ONEREQ_new void -.Ft void -.Fn OCSP_ONEREQ_free "OCSP_ONEREQ *onereq" -.Ft OCSP_ONEREQ * -.Fo OCSP_request_add0_id -.Fa "OCSP_REQUEST *req" -.Fa "OCSP_CERTID *cid" -.Fc -.Ft int -.Fo OCSP_request_sign -.Fa "OCSP_REQUEST *req" -.Fa "X509 *signer" -.Fa "EVP_PKEY *key" -.Fa "const EVP_MD *dgst" -.Fa "STACK_OF(X509) *certs" -.Fa "unsigned long flags" -.Fc -.Ft int -.Fo OCSP_request_add1_cert -.Fa "OCSP_REQUEST *req" -.Fa "X509 *cert" -.Fc -.Ft int -.Fo OCSP_request_onereq_count -.Fa "OCSP_REQUEST *req" -.Fc -.Ft OCSP_ONEREQ * -.Fo OCSP_request_onereq_get0 -.Fa "OCSP_REQUEST *req" -.Fa "int i" -.Fc -.Sh DESCRIPTION -.Fn OCSP_REQUEST_new -allocates and initializes an empty -.Vt OCSP_REQUEST -object, representing an ASN.1 -.Vt OCSPRequest -structure defined in RFC 6960. -.Fn OCSP_REQUEST_free -frees -.Fa req . -.Pp -.Fn OCSP_SIGNATURE_new -allocates and initializes an empty -.Vt OCSP_SIGNATURE -object, representing an ASN.1 -.Vt Signature -structure defined in RFC 6960. -Such an object is used inside -.Vt OCSP_REQUEST . -.Fn OCSP_SIGNATURE_free -frees -.Fa signature . -.Pp -.Fn OCSP_REQINFO_new -allocates and initializes an empty -.Vt OCSP_REQINFO -object, representing an ASN.1 -.Vt TBSRequest -structure defined in RFC 6960. -Such an object is used inside -.Vt OCSP_REQUEST . -It asks about the validity of one or more certificates. -.Fn OCSP_REQINFO_free -frees -.Fa reqinfo . -.Pp -.Fn OCSP_ONEREQ_new -allocates and initializes an empty -.Vt OCSP_ONEREQ -object, representing an ASN.1 -.Vt Request -structure defined in RFC 6960. -Such objects are used inside -.Vt OCSP_REQINFO . -Each one asks about the validity of one certificiate. -.Fn OCSP_ONEREQ_free -frees -.Fa onereq . -.Pp -.Fn OCSP_request_add0_id -adds certificate ID -.Fa cid -to -.Fa req . -It returns the -.Vt OCSP_ONEREQ -object added so an application can add additional extensions to the -request. -The -.Fa cid -parameter must not be freed up after the operation. -.Pp -.Fn OCSP_request_sign -signs OCSP request -.Fa req -using certificate -.Fa signer , -private key -.Fa key , -digest -.Fa dgst , -and additional certificates -.Fa certs . -If the -.Fa flags -option -.Dv OCSP_NOCERTS -is set, then no certificates will be included in the request. -.Pp -.Fn OCSP_request_add1_cert -adds certificate -.Fa cert -to request -.Fa req . -The application is responsible for freeing up -.Fa cert -after use. -.Pp -.Fn OCSP_request_onereq_count -returns the total number of -.Vt OCSP_ONEREQ -objects in -.Fa req . -.Pp -.Fn OCSP_request_onereq_get0 -returns an internal pointer to the -.Vt OCSP_ONEREQ -contained in -.Fa req -of index -.Fa i . -The index value -.Fa i -runs from 0 to -.Fn OCSP_request_onereq_count req No - 1 . -.Pp -.Fn OCSP_request_onereq_count -and -.Fn OCSP_request_onereq_get0 -are mainly used by OCSP responders. -.Sh RETURN VALUES -.Fn OCSP_REQUEST_new , -.Fn OCSP_SIGNATURE_new , -.Fn OCSP_REQINFO_new , -and -.Fn OCSP_ONEREQ_new -return an empty -.Vt OCSP_REQUEST , -.Vt OCSP_SIGNATURE , -.Vt OCSP_REQINFO , -or -.Vt OCSP_ONEREQ -object, respectively, or -.Dv NULL -if an error occurred. -.Pp -.Fn OCSP_request_add0_id -returns the -.Vt OCSP_ONEREQ -object containing -.Fa cid -or -.Dv NULL -if an error occurred. -.Pp -.Fn OCSP_request_sign -and -.Fn OCSP_request_add1_cert -return 1 for success or 0 for failure. -.Pp -.Fn OCSP_request_onereq_count -returns the total number of -.Vt OCSP_ONEREQ -objects in -.Fa req . -.Pp -.Fn OCSP_request_onereq_get0 -returns a pointer to an -.Vt OCSP_ONEREQ -object or -.Dv NULL -if the index value is out of range. -.Sh EXAMPLES -Create an -.Vt OCSP_REQUEST -object for certificate -.Fa cert -with issuer -.Fa issuer : -.Bd -literal -offset indent -OCSP_REQUEST *req; -OCSP_ID *cid; - -req = OCSP_REQUEST_new(); -if (req == NULL) - /* error */ -cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); -if (cid == NULL) - /* error */ - -if (OCSP_REQUEST_add0_id(req, cid) == NULL) - /* error */ - - /* Do something with req, e.g. query responder */ - -OCSP_REQUEST_free(req); -.Ed -.Sh SEE ALSO -.Xr ACCESS_DESCRIPTION_new 3 , -.Xr crypto 3 , -.Xr d2i_OCSP_REQUEST 3 , -.Xr d2i_OCSP_RESPONSE 3 , -.Xr EVP_DigestInit 3 , -.Xr OCSP_cert_to_id 3 , -.Xr OCSP_CRLID_new 3 , -.Xr OCSP_request_add1_nonce 3 , -.Xr OCSP_resp_find_status 3 , -.Xr OCSP_response_status 3 , -.Xr OCSP_sendreq_new 3 , -.Xr OCSP_SERVICELOC_new 3 , -.Xr X509_ocspid_print 3 -.Sh STANDARDS -RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate -Status Protocol, section 4.1: Request Syntax -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 b/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 deleted file mode 100644 index 62eb8c320f..0000000000 --- a/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 +++ /dev/null @@ -1,109 +0,0 @@ -.\" $OpenBSD: OCSP_SERVICELOC_new.3,v 1.8 2019/08/23 12:23:39 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 23 2019 $ -.Dt OCSP_SERVICELOC_NEW 3 -.Os -.Sh NAME -.Nm OCSP_SERVICELOC_new , -.Nm OCSP_SERVICELOC_free , -.Nm OCSP_url_svcloc_new -.Nd OCSP service locator extension -.Sh SYNOPSIS -.In openssl/ocsp.h -.Ft OCSP_SERVICELOC * -.Fn OCSP_SERVICELOC_new void -.Ft void -.Fn OCSP_SERVICELOC_free "OCSP_SERVICELOC *sloc" -.Ft X509_EXTENSION * -.Fo OCSP_url_svcloc_new -.Fa "X509_NAME *issuer" -.Fa "const char **urls" -.Fc -.Sh DESCRIPTION -Due to restrictions of network routing, a client may be unable to -directly contact the authoritative OCSP server for a certificate -that needs to be checked. -In that case, the request can be sent via a proxy server. -An ASN.1 -.Vt ServiceLocator -structure is included in the singleRequestExtensions field of the -.Vt Request -structure to indicate where to forward the request. -The -.Vt ServiceLocator -is represented by a -.Vt OCSP_SERVICELOC -object, which will be stored inside the -.Vt OCSP_ONEREQ -object documented in -.Xr OCSP_ONEREQ_new 3 . -.Pp -.Fn OCSP_SERVICELOC_new -allocates and initializes an empty -.Vt OCSP_SERVICELOC -object. -.Fn OCSP_SERVICELOC_free -frees -.Fa sloc . -.Pp -.Fn OCSP_url_svcloc_new -requires an -.Fa issuer -name and optionally accepts an array of -.Fa urls . -If -.Fa urls -or its first element is -.Dv NULL , -the locator field is omitted from the -.Vt ServiceLocator -structure and only the issuer is included. -The resulting -.Vt ServiceLocator -structure is encoded in ASN.1 using -.Xr X509V3_EXT_i2d 3 -with criticality 0. -.Sh RETURN VALUES -.Fn OCSP_SERVICELOC_new -returns a new -.Vt OCSP_SERVICELOC -object or -.Dv NULL -if an error occurred. -.Pp -.Fn OCSP_url_svcloc_new -returns a new -.Vt X509_EXTENSION -object or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr OCSP_REQUEST_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_get1_ocsp 3 , -.Xr X509_get_issuer_name 3 , -.Xr X509_NAME_new 3 -.Sh STANDARDS -RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate -Status Protocol, section 4.4.6: Service Locator -.Sh HISTORY -.Fn OCSP_SERVICELOC_new , -.Fn OCSP_SERVICELOC_free , -and -.Fn OCSP_url_svcloc_new -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OCSP_cert_to_id.3 b/src/lib/libcrypto/man/OCSP_cert_to_id.3 deleted file mode 100644 index f2ed8b1154..0000000000 --- a/src/lib/libcrypto/man/OCSP_cert_to_id.3 +++ /dev/null @@ -1,232 +0,0 @@ -.\" $OpenBSD: OCSP_cert_to_id.3,v 1.11 2021/08/06 21:45:55 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 6 2021 $ -.Dt OCSP_CERT_TO_ID 3 -.Os -.Sh NAME -.Nm OCSP_CERTID_new , -.Nm OCSP_CERTID_free , -.Nm OCSP_cert_to_id , -.Nm OCSP_cert_id_new , -.Nm OCSP_id_issuer_cmp , -.Nm OCSP_id_cmp , -.Nm OCSP_id_get0_info -.Nd OCSP certificate ID utility functions -.Sh SYNOPSIS -.In openssl/ocsp.h -.Ft OCSP_CERTID * -.Fn OCSP_CERTID_new void -.Ft void -.Fn OCSP_CERTID_free "OCSP_CERTID *id" -.Ft OCSP_CERTID * -.Fo OCSP_cert_to_id -.Fa "const EVP_MD *dgst" -.Fa "const X509 *subject" -.Fa "const X509 *issuer" -.Fc -.Ft OCSP_CERTID * -.Fo OCSP_cert_id_new -.Fa "const EVP_MD *dgst" -.Fa "const X509_NAME *issuerName" -.Fa "const ASN1_BIT_STRING *issuerKey" -.Fa "const ASN1_INTEGER *serialNumber" -.Fc -.Ft int -.Fo OCSP_id_issuer_cmp -.Fa "OCSP_CERTID *a" -.Fa "OCSP_CERTID *b" -.Fc -.Ft int -.Fo OCSP_id_cmp -.Fa "OCSP_CERTID *a" -.Fa "OCSP_CERTID *b" -.Fc -.Ft int -.Fo OCSP_id_get0_info -.Fa "ASN1_OCTET_STRING **piNameHash" -.Fa "ASN1_OBJECT **pmd" -.Fa "ASN1_OCTET_STRING **pikeyHash" -.Fa "ASN1_INTEGER **pserial" -.Fa "OCSP_CERTID *cid" -.Fc -.Sh DESCRIPTION -.Fn OCSP_CERTID_new -allocates and initializes an empty -.Vt OCSP_CERTID -object, representing an ASN.1 -.Vt CertID -structure defined in RFC 6960. -It can store hashes of an issuer's distinguished name and public -key together with a serial number of a certificate. -It is used by the -.Vt OCSP_ONEREQ -object described in -.Xr OCSP_ONEREQ_new 3 -and by the -.Vt OCSP_SINGLERESP -object described in -.Xr OCSP_SINGLERESP_new 3 . -.Fn OCSP_CERTID_free -frees -.Fa id . -.Pp -.Fn OCSP_cert_to_id -creates and returns a new -.Vt OCSP_CERTID -object using message digest -.Fa dgst -for certificate -.Fa subject -with issuer -.Fa issuer . -If -.Fa dgst -is -.Dv NULL -then SHA1 is used. -.Pp -.Fn OCSP_cert_id_new -creates and returns a new -.Vt OCSP_CERTID -using -.Fa dgst -and issuer name -.Fa issuerName , -issuer key hash -.Fa issuerKey -and serial number -.Fa serialNumber . -.Pp -.Fn OCSP_id_cmp -compares -.Vt OCSP_CERTID -.Fa a -and -.Fa b . -.Pp -.Fn OCSP_id_issuer_cmp -compares only the issuer name of -.Vt OCSP_CERTID -.Fa a -and -.Fa b . -.Pp -.Fn OCSP_id_get0_info -returns the issuer name hash, hash OID, issuer key hash and serial -number contained in -.Fa cid . -If any of the values are not required the corresponding parameter can be -set to -.Dv NULL . -The values returned by -.Fn OCSP_id_get0_info -are internal pointers and must not be freed up by an application: -they will be freed when the corresponding -.Vt OCSP_CERTID -object is freed. -.Pp -OCSP clients will typically only use -.Fn OCSP_cert_to_id -or -.Fn OCSP_cert_id_new : -the other functions are used by responder applications. -.Sh RETURN VALUES -.Fn OCSP_CERTID_new , -.Fn OCSP_cert_to_id , -and -.Fn OCSP_cert_id_new -return either a pointer to a valid -.Vt OCSP_CERTID -object or -.Dv NULL -if an error occurred. -.Pp -.Fn OCSP_id_cmp -and -.Fn OCSP_id_issuer_cmp -return 0 for a match or non-zero otherwise. -.Pp -.Fn OCSP_id_get0_info -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr EVP_DigestInit 3 , -.Xr OCSP_request_add1_nonce 3 , -.Xr OCSP_REQUEST_new 3 , -.Xr OCSP_resp_find_status 3 , -.Xr OCSP_response_status 3 , -.Xr OCSP_sendreq_new 3 , -.Xr X509_get_issuer_name 3 , -.Xr X509_NAME_new 3 , -.Xr X509_ocspid_print 3 -.Sh STANDARDS -RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate -Status Protocol, section 4: Details of the Protocol -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OCSP_request_add1_nonce.3 b/src/lib/libcrypto/man/OCSP_request_add1_nonce.3 deleted file mode 100644 index 036c937c61..0000000000 --- a/src/lib/libcrypto/man/OCSP_request_add1_nonce.3 +++ /dev/null @@ -1,163 +0,0 @@ -.\" $OpenBSD: OCSP_request_add1_nonce.3,v 1.4 2018/03/22 21:08:22 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt OCSP_REQUEST_ADD1_NONCE 3 -.Os -.Sh NAME -.Nm OCSP_request_add1_nonce , -.Nm OCSP_basic_add1_nonce , -.Nm OCSP_check_nonce , -.Nm OCSP_copy_nonce -.Nd OCSP nonce functions -.Sh SYNOPSIS -.In openssl/ocsp.h -.Ft int -.Fo OCSP_request_add1_nonce -.Fa "OCSP_REQUEST *req" -.Fa "unsigned char *val" -.Fa "int len" -.Fc -.Ft int -.Fo OCSP_basic_add1_nonce -.Fa "OCSP_BASICRESP *resp" -.Fa "unsigned char *val" -.Fa "int len" -.Fc -.Ft int -.Fo OCSP_check_nonce -.Fa "OCSP_REQUEST *req" -.Fa "OCSP_BASICRESP *resp" -.Fc -.Ft int -.Fo OCSP_copy_nonce -.Fa "OCSP_BASICRESP *resp" -.Fa "OCSP_REQUEST *req" -.Fc -.Sh DESCRIPTION -An OCSP nonce is typically added to an OCSP request to thwart replay -attacks by checking the same nonce value appears in the response. -.Pp -.Fn OCSP_request_add1_nonce -adds a nonce of value -.Fa val -and length -.Fa len -to OCSP request -.Fa req . -If -.Fa val -is -.Dv NULL , -a random nonce is used. -If -.Fa len -is zero or negative, a default length will be used (currently 16 bytes). -For most purposes the nonce value in a request is set to a random value -so the -.Fa val -parameter in -.Fn OCSP_request_add1_nonce -is usually NULL. -.Pp -.Fn OCSP_basic_add1_nonce -is identical to -.Fn OCSP_request_add1_nonce -except it adds a nonce to OCSP basic response -.Fa resp . -.Pp -.Fn OCSP_check_nonce -compares the nonce value in -.Fa req -and -.Fa resp . -.Pp -.Fn OCSP_copy_nonce -copies any nonce value present in -.Fa req -to -.Fa resp . -.Pp -Some responders may include a nonce in all responses even if one is not -supplied. -.Pp -Some responders cache OCSP responses and do not sign each response for -performance reasons. -As a result they do not support nonces. -.Sh RETURN VALUES -.Fn OCSP_request_add1_nonce -and -.Fn OCSP_basic_add1_nonce -return 1 for success or 0 for failure. -.Pp -.Fn OCSP_copy_nonce -returns 1 if a nonce was successfully copied, 2 if no nonce was -present in -.Fa req , -or 0 if an error occurred. -.Pp -.Fn OCSP_check_nonce -returns positive values for success: 1 if nonces are present and -equal, 2 if both nonces are absent, or 3 if a nonce is present in -the response only. -A zero return value indicates that both nonces are present but -mismatch: this should be treated as an error condition. -A return value of -1 indicates that a nonce is present in the request -only: this will happen if the responder doesn't support nonces. -.Sh SEE ALSO -.Xr OCSP_cert_to_id 3 , -.Xr OCSP_REQUEST_new 3 , -.Xr OCSP_resp_find_status 3 , -.Xr OCSP_response_status 3 , -.Xr OCSP_sendreq_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OCSP_resp_find_status.3 b/src/lib/libcrypto/man/OCSP_resp_find_status.3 deleted file mode 100644 index bcfefb5754..0000000000 --- a/src/lib/libcrypto/man/OCSP_resp_find_status.3 +++ /dev/null @@ -1,494 +0,0 @@ -.\" $OpenBSD: OCSP_resp_find_status.3,v 1.10 2019/08/27 10:00:41 schwarze Exp $ -.\" full merge up to: OpenSSL c952780c Jun 21 07:03:34 2016 -0400 -.\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016, 2018, 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson -.\" and David von Oheimb . -.\" Copyright (c) 2014, 2018 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 27 2019 $ -.Dt OCSP_RESP_FIND_STATUS 3 -.Os -.Sh NAME -.Nm OCSP_SINGLERESP_new , -.Nm OCSP_SINGLERESP_free , -.Nm OCSP_CERTSTATUS_new , -.Nm OCSP_CERTSTATUS_free , -.Nm OCSP_REVOKEDINFO_new , -.Nm OCSP_REVOKEDINFO_free , -.Nm OCSP_resp_find_status , -.Nm OCSP_cert_status_str , -.Nm OCSP_resp_count , -.Nm OCSP_resp_get0 , -.Nm OCSP_resp_find , -.Nm OCSP_SINGLERESP_get0_id , -.Nm OCSP_single_get0_status , -.Nm OCSP_check_validity , -.Nm OCSP_basic_verify -.Nd OCSP response utility functions -.Sh SYNOPSIS -.In openssl/ocsp.h -.Ft OCSP_SINGLERESP * -.Fn OCSP_SINGLERESP_new void -.Ft void -.Fn OCSP_SINGLERESP_free "OCSP_SINGLERESP *single" -.Ft OCSP_CERTSTATUS * -.Fn OCSP_CERTSTATUS_new void -.Ft void -.Fn OCSP_CERTSTATUS_free "OCSP_CERTSTATUS *certstatus" -.Ft OCSP_REVOKEDINFO * -.Fn OCSP_REVOKEDINFO_new void -.Ft void -.Fn OCSP_REVOKEDINFO_free "OCSP_REVOKEDINFO *revokedinfo" -.Ft int -.Fo OCSP_resp_find_status -.Fa "OCSP_BASICRESP *bs" -.Fa "OCSP_CERTID *id" -.Fa "int *status" -.Fa "int *reason" -.Fa "ASN1_GENERALIZEDTIME **revtime" -.Fa "ASN1_GENERALIZEDTIME **thisupd" -.Fa "ASN1_GENERALIZEDTIME **nextupd" -.Fc -.Ft const char * -.Fo OCSP_cert_status_str -.Fa "long status" -.Fc -.Ft int -.Fo OCSP_resp_count -.Fa "OCSP_BASICRESP *bs" -.Fc -.Ft OCSP_SINGLERESP * -.Fo OCSP_resp_get0 -.Fa "OCSP_BASICRESP *bs" -.Fa "int idx" -.Fc -.Ft int -.Fo OCSP_resp_find -.Fa "OCSP_BASICRESP *bs" -.Fa "OCSP_CERTID *id" -.Fa "int last" -.Fc -.Ft const OCSP_CERTID * -.Fo OCSP_SINGLERESP_get0_id -.Fa "const OCSP_SINGLERESP *single" -.Fc -.Ft int -.Fo OCSP_single_get0_status -.Fa "OCSP_SINGLERESP *single" -.Fa "int *reason" -.Fa "ASN1_GENERALIZEDTIME **revtime" -.Fa "ASN1_GENERALIZEDTIME **thisupd" -.Fa "ASN1_GENERALIZEDTIME **nextupd" -.Fc -.Ft int -.Fo OCSP_check_validity -.Fa "ASN1_GENERALIZEDTIME *thisupd" -.Fa "ASN1_GENERALIZEDTIME *nextupd" -.Fa "long sec" -.Fa "long maxsec" -.Fc -.Ft int -.Fo OCSP_basic_verify -.Fa "OCSP_BASICRESP *bs" -.Fa "STACK_OF(X509) *certs" -.Fa "X509_STORE *st" -.Fa "unsigned long flags" -.Fc -.Sh DESCRIPTION -.Fn OCSP_SINGLERESP_new -allocates and initializes an empty -.Vt OCSP_SINGLERESP -object, representing an ASN.1 -.Vt SingleResponse -structure defined in RFC 6960. -Each such object can store the server's answer regarding the validity -of one individual certificate. -Such objects are used inside the -.Vt OCSP_RESPDATA -of -.Vt OCSP_BASICRESP -objects, which are described in -.Xr OCSP_BASICRESP_new 3 . -.Fn OCSP_SINGLERESP_free -frees -.Fa single . -.Pp -.Fn OCSP_CERTSTATUS_new -allocates and initializes an empty -.Vt OCSP_CERTSTATUS -object, representing an ASN.1 -.Vt CertStatus -structure defined in RFC 6960. -Such an object is used inside -.Vt OCSP_SINGLERESP . -.Fn OCSP_CERTSTATUS_free -frees -.Fa certstatus . -.Pp -.Fn OCSP_REVOKEDINFO_new -allocates and initializes an empty -.Vt OCSP_REVOKEDINFO -object, representing an ASN.1 -.Vt RevokedInfo -structure defined in RFC 6960. -Such an object is used inside -.Vt OCSP_CERTSTATUS . -.Fn OCSP_REVOKEDINFO_free -frees -.Fa revokedinfo . -.Pp -.Fn OCSP_resp_find_status -searches -.Fa bs -for an OCSP response for -.Fa id . -If it is successful, the fields of the response are returned in -.Pf * Fa status , -.Pf * Fa reason , -.Pf * Fa revtime , -.Pf * Fa thisupd -and -.Pf * Fa nextupd . -The -.Pf * Fa status -value will be one of -.Dv V_OCSP_CERTSTATUS_GOOD , -.Dv V_OCSP_CERTSTATUS_REVOKED , -or -.Dv V_OCSP_CERTSTATUS_UNKNOWN . -The -.Pf * Fa reason -and -.Pf * Fa revtime -fields are only set if the status is -.Dv V_OCSP_CERTSTATUS_REVOKED . -If set, the -.Pf * Fa reason -field will be set to the revocation reason which will be one of -.Dv OCSP_REVOKED_STATUS_NOSTATUS , -.Dv OCSP_REVOKED_STATUS_UNSPECIFIED , -.Dv OCSP_REVOKED_STATUS_KEYCOMPROMISE , -.Dv OCSP_REVOKED_STATUS_CACOMPROMISE , -.Dv OCSP_REVOKED_STATUS_AFFILIATIONCHANGED , -.Dv OCSP_REVOKED_STATUS_SUPERSEDED , -.Dv OCSP_REVOKED_STATUS_CESSATIONOFOPERATION , -.Dv OCSP_REVOKED_STATUS_CERTIFICATEHOLD -or -.Dv OCSP_REVOKED_STATUS_REMOVEFROMCRL . -.Pp -.Fn OCSP_cert_status_str -converts one of the -.Fa status -codes retrieved by -.Fn OCSP_resp_find_status -to a string consisting of one word. -.Pp -.Fn OCSP_resp_count -returns the number of -.Vt OCSP_SINGLERESP -structures in -.Fa bs . -.Pp -.Fn OCSP_resp_get0 -returns the -.Vt OCSP_SINGLERESP -structure in -.Fa bs -corresponding to index -.Fa idx , -where -.Fa idx -runs from 0 to -.Fn OCSP_resp_count bs No - 1 . -.Pp -.Fn OCSP_resp_find -searches -.Fa bs -for -.Fa id -and returns the index of the first matching entry after -.Fa last -or starting from the beginning if -.Fa last -is -1. -.Pp -.Fn OCSP_single_get0_status -extracts the fields of -.Fa single -in -.Pf * Fa reason , -.Pf * Fa revtime , -.Pf * Fa thisupd , -and -.Pf * Fa nextupd . -.Pp -.Fn OCSP_check_validity -checks the validity of -.Fa thisupd -and -.Fa nextupd -values which will be typically obtained from -.Fn OCSP_resp_find_status -or -.Fn OCSP_single_get0_status . -If -.Fa sec -is non-zero it indicates how many seconds leeway should be allowed in -the check. -If -.Fa maxsec -is positive it indicates the maximum age of -.Fa thisupd -in seconds. -.Pp -Applications will typically call -.Fn OCSP_resp_find_status -using the certificate ID of interest and then check its validity using -.Fn OCSP_check_validity . -They can then take appropriate action based on the status of the -certificate. -.Pp -An OCSP response for a certificate contains -.Sy thisUpdate -and -.Sy nextUpdate -fields. -Normally the current time should be between these two values. -To account for clock skew, the -.Fa maxsec -field can be set to non-zero in -.Fn OCSP_check_validity . -Some responders do not set the -.Sy nextUpdate -field. -This would otherwise mean an ancient response would be considered -valid: the -.Fa maxsec -parameter to -.Fn OCSP_check_validity -can be used to limit the permitted age of responses. -.Pp -The values written to -.Pf * Fa revtime , -.Pf * Fa thisupd , -and -.Pf * Fa nextupd -by -.Fn OCSP_resp_find_status -and -.Fn OCSP_single_get0_status -are internal pointers which must not be freed up by the calling -application. -Any or all of these parameters can be set to -.Dv NULL -if their value is not required. -.Pp -.Fn OCSP_basic_verify -checks that the basic response message -.Fa bs -is correctly signed and that the signer certificate can be validated. -It takes -.Fa st -as the trusted store and -.Fa certs -as a set of untrusted intermediate certificates. -The function first tries to find the signer certificate of the response in -.Fa certs . -It also searches the certificates the responder may have included in -.Fa bs -unless the -.Fa flags -contain -.Dv OCSP_NOINTERN . -It fails if the signer certificate cannot be found. -Next, the function checks the signature of -.Fa bs -and fails on error unless the -.Fa flags -contain -.Dv OCSP_NOSIGS . -Then the function already returns -success if the -.Fa flags -contain -.Dv OCSP_NOVERIFY -or if the signer certificate was found in -.Fa certs -and the -.Fa flags -contain -.Dv OCSP_TRUSTOTHER . -Otherwise the function continues by validating the signer certificate. -To this end, all certificates in -.Fa certs -and in -.Fa bs -are considered as untrusted certificates for the construction of -the validation path for the signer certificate unless the -.Dv OCSP_NOCHAIN -flag is set. -After successful path -validation, the function returns success if the -.Dv OCSP_NOCHECKS -flag is set. -Otherwise it verifies that the signer certificate meets the OCSP issuer -criteria including potential delegation. -If this does not succeed and the -.Fa flags -do not contain -.Dv OCSP_NOEXPLICIT , -the function checks for explicit trust for OCSP signing -in the root CA certificate. -.Sh RETURN VALUES -.Fn OCSP_SINGLERESP_new , -.Fn OCSP_CERTSTATUS_new , -and -.Fn OCSP_REVOKEDINFO_new -return a pointer to an empty -.Vt OCSP_SINGLERESP , -.Vt OCSP_CERTSTATUS , -or -.Vt OCSP_REVOKEDINFO -object, respectively, or -.Dv NULL -if an error occurred. -.Pp -.Fn OCSP_resp_find_status -returns 1 if -.Fa id -is found in -.Fa bs -or 0 otherwise. -.Pp -.Fn OCSP_cert_status_str -returns a pointer to a static string. -.Pp -.Fn OCSP_resp_count -returns the total number of -.Vt OCSP_SINGLERESP -fields in -.Fa bs . -.Pp -.Fn OCSP_resp_get0 -returns a pointer to an -.Vt OCSP_SINGLERESP -structure or -.Dv NULL -if -.Fa idx -is out of range. -.Pp -.Fn OCSP_resp_find -returns the index of -.Fa id -in -.Fa bs -(which may be 0) or -1 if -.Fa id -was not found. -.Pp -.Fn OCSP_SINGLERESP_get0_id -returns an internal pointer to the certificate ID object used by -.Fa single ; -the returned pointer should not be freed by the caller. -.Pp -.Fn OCSP_single_get0_status -returns the status of -.Fa single -or -1 if an error occurred. -.Pp -.Fn OCSP_basic_verify -returns 1 on success, 0 on error, or -1 on fatal error such as malloc failure. -.Sh SEE ALSO -.Xr OCSP_cert_to_id 3 , -.Xr OCSP_CRLID_new 3 , -.Xr OCSP_request_add1_nonce 3 , -.Xr OCSP_REQUEST_new 3 , -.Xr OCSP_response_status 3 , -.Xr OCSP_sendreq_new 3 -.Sh STANDARDS -RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate -Status Protocol, section 4.2: Response Syntax -.Sh HISTORY -.Fn OCSP_SINGLERESP_new , -.Fn OCSP_SINGLERESP_free , -.Fn OCSP_CERTSTATUS_new , -.Fn OCSP_CERTSTATUS_free , -.Fn OCSP_REVOKEDINFO_new , -.Fn OCSP_REVOKEDINFO_free , -.Fn OCSP_resp_find_status , -.Fn OCSP_cert_status_str , -.Fn OCSP_resp_count , -.Fn OCSP_resp_get0 , -.Fn OCSP_resp_find , -.Fn OCSP_single_get0_status , -and -.Fn OCSP_check_validity -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn OCSP_SINGLERESP_get0_id -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/OCSP_response_status.3 b/src/lib/libcrypto/man/OCSP_response_status.3 deleted file mode 100644 index 4e85384fb0..0000000000 --- a/src/lib/libcrypto/man/OCSP_response_status.3 +++ /dev/null @@ -1,308 +0,0 @@ -.\" $OpenBSD: OCSP_response_status.3,v 1.8 2019/08/27 09:40:29 schwarze Exp $ -.\" full merge up to: OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 -.\" selective merge up to: OpenSSL 6738bf14 Feb 13 12:51:29 2018 +0000 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016, 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2014, 2016, 2018 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 27 2019 $ -.Dt OCSP_RESPONSE_STATUS 3 -.Os -.Sh NAME -.Nm OCSP_RESPONSE_new , -.Nm OCSP_RESPONSE_free , -.Nm OCSP_RESPBYTES_new , -.Nm OCSP_RESPBYTES_free , -.Nm OCSP_BASICRESP_new , -.Nm OCSP_BASICRESP_free , -.Nm OCSP_RESPDATA_new , -.Nm OCSP_RESPDATA_free , -.Nm OCSP_RESPID_new , -.Nm OCSP_RESPID_free , -.Nm OCSP_response_create , -.Nm OCSP_response_status , -.Nm OCSP_response_status_str , -.Nm OCSP_response_get1_basic , -.Nm OCSP_basic_sign -.Nd OCSP response functions -.Sh SYNOPSIS -.In openssl/ocsp.h -.Ft OCSP_RESPONSE * -.Fn OCSP_RESPONSE_new void -.Ft void -.Fn OCSP_RESPONSE_free "OCSP_RESPONSE *resp" -.Ft OCSP_RESPBYTES * -.Fn OCSP_RESPBYTES_new void -.Ft void -.Fn OCSP_RESPBYTES_free "OCSP_RESPBYTES *respbytes" -.Ft OCSP_BASICRESP * -.Fn OCSP_BASICRESP_new void -.Ft void -.Fn OCSP_BASICRESP_free "OCSP_BASICRESP *bs" -.Ft OCSP_RESPDATA * -.Fn OCSP_RESPDATA_new void -.Ft void -.Fn OCSP_RESPDATA_free "OCSP_RESPDATA *respdata" -.Ft OCSP_RESPID * -.Fn OCSP_RESPID_new void -.Ft void -.Fn OCSP_RESPID_free "OCSP_RESPID *respid" -.Ft OCSP_RESPONSE * -.Fo OCSP_response_create -.Fa "int status" -.Fa "OCSP_BASICRESP *bs" -.Fc -.Ft int -.Fo OCSP_response_status -.Fa "OCSP_RESPONSE *resp" -.Fc -.Ft const char * -.Fo OCSP_response_status_str -.Fa "long code" -.Fc -.Ft OCSP_BASICRESP * -.Fo OCSP_response_get1_basic -.Fa "OCSP_RESPONSE *resp" -.Fc -.Ft int -.Fo OCSP_basic_sign -.Fa "OCSP_BASICRESP *bs" -.Fa "X509 *signer" -.Fa "EVP_PKEY *key" -.Fa "const EVP_MD *dgst" -.Fa "STACK_OF(X509) *certs" -.Fa "unsigned long flags" -.Fc -.Sh DESCRIPTION -.Fn OCSP_RESPONSE_new -allocates and initializes an empty -.Vt OCSP_RESPONSE -object, representing an ASN.1 -.Vt OCSPResponse -structure defined in RFC 6960. -.Fn OCSP_RESPONSE_free -frees -.Fa resp . -.Pp -.Fn OCSP_RESPBYTES_new -allocates and initializes an empty -.Vt OCSP_RESPBYTES -object, representing an ASN.1 -.Vt ResponseBytes -structure defined in RFC 6960. -Such an object is used inside -.Vt OCSP_RESPONSE . -.Fn OCSP_RESPBYTES_free -frees -.Fa respbytes . -.Pp -.Fn OCSP_BASICRESP_new -allocates and initializes an empty -.Vt OCSP_BASICRESP -object, representing an ASN.1 -.Vt BasicOCSPResponse -structure defined in RFC 6960. -.Vt OCSP_RESPBYTES -contains the DER-encoded form of an -.Vt OCSP_BASICRESP -object. -.Fn OCSP_BASICRESP_free -frees -.Fa bs . -.Pp -.Fn OCSP_RESPDATA_new -allocates and initializes an empty -.Vt OCSP_RESPDATA -object, representing an ASN.1 -.Vt ResponseData -structure defined in RFC 6960. -Such an object is used inside -.Vt OCSP_BASICRESP . -.Fn OCSP_RESPDATA_free -frees -.Fa respdata . -.Pp -.Fn OCSP_RESPID_new -allocates and initializes an empty -.Vt OCSP_RESPID -object, representing an ASN.1 -.Vt ResponderID -structure defined in RFC 6960. -Such an object is used inside -.Vt OCSP_RESPDATA . -.Fn OCSP_RESPID_free -frees -.Fa respid . -.Pp -.Fn OCSP_response_create -creates an -.Vt OCSP_RESPONSE -object for -.Fa status -and optionally including the basic response -.Fa bs . -.Pp -.Fn OCSP_response_status -returns the OCSP response status of -.Fa resp . -It returns one of the values -.Dv OCSP_RESPONSE_STATUS_SUCCESSFUL , -.Dv OCSP_RESPONSE_STATUS_MALFORMEDREQUEST , -.Dv OCSP_RESPONSE_STATUS_INTERNALERROR , -.Dv OCSP_RESPONSE_STATUS_TRYLATER , -.Dv OCSP_RESPONSE_STATUS_SIGREQUIRED , -or -.Dv OCSP_RESPONSE_STATUS_UNAUTHORIZED . -.Pp -.Fn OCSP_response_status_str -converts one of the -.Fa status -codes returned by -.Fn OCSP_response_status -to a string consisting of one word. -.Pp -.Fn OCSP_response_get1_basic -decodes and returns the -.Vt OCSP_BASICRESP -object contained in -.Fa resp . -It is only called if the status of a response is -.Dv OCSP_RESPONSE_STATUS_SUCCESSFUL . -.Pp -.Fn OCSP_basic_sign -signs the OCSP response -.Fa bs -using the certificate -.Fa signer , -the private key -.Fa key , -the digest -.Fa dgst , -and the additional certificates -.Fa certs . -If the -.Fa flags -option -.Dv OCSP_NOCERTS -is set, then no certificates will be included in the request. -If the -.Fa flags -option -.Dv OCSP_RESPID_KEY -is set, then the responder is identified by key ID -rather than by name. -.Sh RETURN VALUES -.Fn OCSP_RESPONSE_new -and -.Fn OCSP_response_create -return a pointer to an -.Vt OCSP_RESPONSE -object or -.Dv NULL -if an error occurred. -.Pp -.Fn OCSP_BASICRESP_new -and -.Fn OCSP_response_get1_basic -return a pointer to an -.Vt OCSP_BASICRESP -object or -.Dv NULL -if an error occurred. -.Pp -.Fn OCSP_RESPBYTES_new , -.Fn OCSP_RESPDATA_new , -and -.Fn OCSP_RESPID_new -return a pointer to an empty -.Vt OCSP_RESPBYTES , -.Vt OCSP_RESPDATA , -or -.Vt OCSP_RESPID -object, respectively, or -.Dv NULL -if an error occurred. -.Pp -.Fn OCSP_response_status -returns a status value. -.Pp -.Fn OCSP_response_status_str -returns a pointer to a static string. -.Pp -.Fn OCSP_basic_sign -return 1 on success or 0 on failure. -.Sh SEE ALSO -.Xr EVP_DigestInit 3 , -.Xr OCSP_cert_to_id 3 , -.Xr OCSP_request_add1_nonce 3 , -.Xr OCSP_REQUEST_new 3 , -.Xr OCSP_resp_find_status 3 , -.Xr OCSP_sendreq_new 3 -.Sh STANDARDS -RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate -Status Protocol, section 4.2: Response Syntax -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OCSP_sendreq_new.3 b/src/lib/libcrypto/man/OCSP_sendreq_new.3 deleted file mode 100644 index c8107c4d58..0000000000 --- a/src/lib/libcrypto/man/OCSP_sendreq_new.3 +++ /dev/null @@ -1,323 +0,0 @@ -.\" $OpenBSD: OCSP_sendreq_new.3,v 1.9 2019/08/27 10:48:41 schwarze Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018, 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 27 2019 $ -.Dt OCSP_SENDREQ_NEW 3 -.Os -.Sh NAME -.Nm OCSP_sendreq_new , -.Nm OCSP_sendreq_nbio , -.Nm OCSP_REQ_CTX_free , -.Nm OCSP_REQ_CTX_add1_header , -.Nm OCSP_REQ_CTX_set1_req , -.Nm OCSP_parse_url , -.Nm OCSP_sendreq_bio -.Nd OCSP responder query functions -.Sh SYNOPSIS -.In openssl/ocsp.h -.Ft OCSP_REQ_CTX * -.Fo OCSP_sendreq_new -.Fa "BIO *io" -.Fa "const char *path" -.Fa "OCSP_REQUEST *req" -.Fa "int maxline" -.Fc -.Ft int -.Fo OCSP_sendreq_nbio -.Fa "OCSP_RESPONSE **presp" -.Fa "OCSP_REQ_CTX *rctx" -.Fc -.Ft void -.Fo OCSP_REQ_CTX_free -.Fa "OCSP_REQ_CTX *rctx" -.Fc -.Ft int -.Fo OCSP_REQ_CTX_add1_header -.Fa "OCSP_REQ_CTX *rctx" -.Fa "const char *name" -.Fa "const char *value" -.Fc -.Ft int -.Fo OCSP_REQ_CTX_set1_req -.Fa "OCSP_REQ_CTX *rctx" -.Fa "OCSP_REQUEST *req" -.Fc -.Ft int -.Fo OCSP_parse_url -.Fa "const char *url" -.Fa "char **phost" -.Fa "char **pport" -.Fa "char **ppath" -.Fa "int *pssl" -.Fc -.Ft OCSP_RESPONSE * -.Fo OCSP_sendreq_bio -.Fa "BIO *io" -.Fa "const char *path" -.Fa "OCSP_REQUEST *req" -.Fc -.Sh DESCRIPTION -The function -.Fn OCSP_sendreq_new -returns an -.Vt OCSP_REQ_CTX -structure using the responder -.Fa io , -the URI path -.Fa path , -the OCSP request -.Fa req -and with a response header maximum line length of -.Fa maxline . -If -.Fa maxline -is zero, a default value of 4k is used. -The OCSP request -.Fa req -may be set to -.Dv NULL -and provided later if required. -.Pp -The arguments to -.Fn OCSP_sendreq_new -correspond to the components of the URI. -For example, if the responder URI is -.Pa http://ocsp.com/ocspreq , -the BIO -.Fa io -should be connected to host -.Pa ocsp.com -on port 80 and -.Fa path -should be set to -.Qq /ocspreq . -.Pp -.Fn OCSP_sendreq_nbio -performs non-blocking I/O on the OCSP request context -.Fa rctx . -When the operation is complete it returns the response in -.Pf * Fa presp . -If -.Fn OCSP_sendreq_nbio -indicates an operation should be retried, the corresponding BIO can -be examined to determine which operation (read or write) should be -retried and appropriate action can be taken, for example a -.Xr select 2 -call on the underlying socket. -.Pp -.Fn OCSP_REQ_CTX_free -frees up the OCSP context -.Fa rctx . -.Pp -.Fn OCSP_REQ_CTX_add1_header -adds header -.Fa name -with value -.Fa value -to the context -.Fa rctx . -The added headers are of the form -.Qq Fa name : value -or just -.Qq Fa name -if -.Fa value -is -.Dv NULL . -.Fn OCSP_REQ_CTX_add1_header -can be called more than once to add multiple headers. -It must be called before any calls to -.Fn OCSP_sendreq_nbio . -The -.Fa req -parameter in the initial to -.Fn OCSP_sendreq_new -call must be set to -.Dv NULL -if additional headers are set. -.Pp -.Fn OCSP_REQ_CTX_set1_req -sets the OCSP request in -.Fa rctx -to -.Fa req . -This function should be called after any calls to -.Fn OCSP_REQ_CTX_add1_header . -.Pp -.Fn OCSP_parse_url -is a utility function to parse a -.Fa url -of the form -.Sm off -.Sy http Op Sy s -.Pf :// Ar host -.Op : Ar port -.Op / Ar path -.Sm on -and store pointers to newly allocated copies of the strings -.Ar host , -.Ar port , -and -.Ar path -in -.Pf * phost , -.Pf * pport , -and -.Pf * ppath , -respectively. -By default, -.Pf * ppath -is set to -.Qq / -and -.Pf * pport -to -.Qq 443 -for -.Sy https -or -.Qq 80 -for -.Sy http . -For -.Sy https , -.Pf * Fa pssl -is set to 1; otherwise, to 0. -.Pp -.Fn OCSP_sendreq_bio -performs an OCSP request using the responder -.Fa io , -the URI path -.Fa path , -the OCSP request -.Fa req . -It does not support retries and so cannot handle non-blocking I/O -efficiently. -It is retained for compatibility and its use in new applications -is not recommended. -.Sh RETURN VALUES -.Fn OCSP_sendreq_new -returns a valid -.Vt OCSP_REQ_CTX -structure or -.Dv NULL -if an error occurred. -.Pp -.Fn OCSP_sendreq_nbio -returns 1 if the operation was completed successfully, --1 if the operation should be retried, -or 0 if an error occurred. -.Pp -.Fn OCSP_REQ_CTX_add1_header , -.Fn OCSP_REQ_CTX_set1_req , -and -.Fn OCSP_parse_url -return 1 for success or 0 for failure. -.Pp -.Fn OCSP_sendreq_bio -returns the -.Vt OCSP_RESPONSE -structure sent by the responder or -.Dv NULL -if an error occurred. -.Sh EXAMPLES -Add a Host header for -.Pa ocsp.com : -.Pp -.Dl OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); -.Sh SEE ALSO -.Xr OCSP_cert_to_id 3 , -.Xr OCSP_request_add1_nonce 3 , -.Xr OCSP_REQUEST_new 3 , -.Xr OCSP_resp_find_status 3 , -.Xr OCSP_response_status 3 , -.Xr X509_get1_ocsp 3 -.Sh HISTORY -.Fn OCSP_parse_url -and -.Fn OCSP_sendreq_bio -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn OCSP_sendreq_new , -.Fn OCSP_sendreq_nbio , -and -.Fn OCSP_REQ_CTX_free -first appeared in OpenSSL 0.9.8h and have been available since -.Ox 4.5 . -.Pp -.Fn OCSP_REQ_CTX_add1_header -and -.Fn OCSP_REQ_CTX_set1_req -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Sh CAVEATS -These functions only perform a minimal HTTP query to a responder. -If an application wishes to support more advanced features, it -should use an alternative, more complete, HTTP library. -.Pp -Currently only HTTP POST queries to responders are supported. diff --git a/src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 deleted file mode 100644 index 06ca558489..0000000000 --- a/src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ /dev/null @@ -1,281 +0,0 @@ -.\" $OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.12 2019/06/06 01:06:58 schwarze Exp $ -.\" full merge up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2017, 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Ulf Moeller , -.\" Richard Levitte , and -.\" Bodo Moeller . -.\" Copyright (c) 2000, 2002, 2015, 2016, 2017 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt OPENSSL_VERSION_NUMBER 3 -.Os -.Sh NAME -.Nm OPENSSL_VERSION_NUMBER , -.Nm LIBRESSL_VERSION_NUMBER , -.Nm LIBRESSL_VERSION_TEXT , -.Nm OPENSSL_VERSION_TEXT , -.Nm OpenSSL_version_num , -.Nm OpenSSL_version , -.Nm SSLeay , -.Nm SSLeay_version -.Nd get OpenSSL version number -.Sh SYNOPSIS -.In openssl/opensslv.h -.Fd #define OPENSSL_VERSION_NUMBER 0x020000000L -.Fd #define LIBRESSL_VERSION_NUMBER 0x02nnnn00fL -.Fd #define LIBRESSL_VERSION_TEXT \(dqLibreSSL 2.n.n\(dq -.Fd #define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT -.In openssl/crypto.h -.Ft unsigned long -.Fn OpenSSL_version_num void -.Ft const char * -.Fo OpenSSL_version -.Fa "int t" -.Fc -.Ft long -.Fn SSLeay void -.Ft const char * -.Fo SSLeay_version -.Fa "int t" -.Fc -.Sh DESCRIPTION -.Dv OPENSSL_VERSION_NUMBER -and -.Dv LIBRESSL_VERSION_NUMBER -are numeric release version identifiers. -The first two digits contain the major release number, -the third and fourth digits the minor release number, -and the fifth and sixth digits the fix release number. -For OpenSSL, the seventh and eight digits contain the patch release number -and the final digit is 0 for development, 1 to e for betas 1 to 14, or f -for release. -For LibreSSL, -.Dv OPENSSL_VERSION_NUMBER -is always 0x020000000, -and -.Dv LIBRESSL_VERSION_NUMBER -always ends with 00f. -.Pp -For example: -.Bd -literal -offset indent -OPENSSL_VERSION_NUMBER: -0x000906000 == 0.9.6 dev -0x000906023 == 0.9.6b beta 3 -0x00090605f == 0.9.6e release -0x020000000 == 2.0.0 for any version of LibreSSL - -LIBRESSL_VERSION_NUMBER: -0x02070000f == LibreSSL 2.7.0 -.Ed -.Pp -OpenSSL versions prior to 0.9.3 had identifiers < 0x0930. -For versions between 0.9.3 and 0.9.5, -the seventh digit was 1 for release and 0 otherwise, -and the eighth and ninth digits were the patch release number. -.Pp -For example: -.Bd -literal -0x000904100 == 0.9.4 release -0x000905000 == 0.9.5 dev -.Ed -.Pp -OpenSSL version 0.9.5a had an interim interpretation that is like the current -one, except the patch level got the highest bit set, to keep continuity. -The number was therefore 0x0090581f. -.Pp -.Fn OpenSSL_version_num -returns -.Dv OPENSSL_VERSION_NUMBER . -.Pp -.Fn OpenSSL_version -returns different strings depending on -.Fa t : -.Bl -tag -width Ds -.It Dv OPENSSL_VERSION -The text variant of the version number, -.Dv OPENSSL_VERSION_TEXT . -For OpenSSL, it includes the release date, for example -.Qq OpenSSL 0.9.5a 1 Apr 2000 . -For LibreSSL, -.Dv LIBRESSL_VERSION_TEXT -is returned. -.It Dv OPENSSL_CFLAGS -The compiler flags set for the compilation process in the form -.Qq compiler: ... -if available or -.Qq compiler: information not available -otherwise. -LibreSSL never provides compiler information. -.It Dv OPENSSL_BUILT_ON -The date of the build process in the form -.Qq built on: ... -if available or -.Qq built on: date not available -otherwise. -LibreSSL never provides information on the build date. -.It Dv OPENSSL_PLATFORM -The Configure target of the library build in the form -.Qq platform: ... -if available or -.Qq platform: information not available -otherwise. -LibreSSL never provides platform information. -.It Dv OPENSSL_DIR -The -.Dv OPENSSLDIR -setting of the library build in the form -.Qq OPENSSLDIR: Qq ... -if available or -.Qq OPENSSLDIR: N/A -otherwise. -For LibreSSL, the default is -.Qq OPENSSLDIR: Qq /etc/ssl . -.It Dv OPENSSL_ENGINES_DIR -The -.Dv ENGINESDIR -setting of the library build in the form -.Qq ENGINESDIR: Qq ... -if available or -.Qq ENGINESDIR: N/A -otherwise. -LibreSSL never provides or uses an -.Dv ENGINESDIR . -.El -.Pp -For an unknown -.Fa t , -the text -.Qq not available -is returned. -.Pp -For backward compatibility, -.Dv SSLEAY_VERSION_NUMBER -is an alias for -.Dv OPENSSL_VERSION_NUMBER -and -.Fn SSLeay -for -.Dv OpenSSL_version_num . -The legacy function -.Fn SSLeay_version -is similar to -.Fn OpenSSL_version -except that it takes arguments -.Dv SSLEAY_VERSION , -.Dv SSLEAY_CFLAGS , -.Dv SSLEAY_BUILT_ON , -.Dv SSLEAY_PLATFORM , -and -.Dv SSLEAY_DIR -which expand to -.Em other -numerical values than the corresponding -.Dv OPENSSL_* -macros. -.Sh RETURN VALUES -.Fn OpenSSL_version_num -and -.Fn SSLeay -return a constant version number. -.Pp -.Fn OpenSSL_version -and -.Fn SSLeay_version -return pointers to static strings. -.Sh SEE ALSO -.Xr crypto 3 , -.Xr OPENSSL_config 3 -.Sh HISTORY -.Fn SSLeay , -.Fn SSLeay_version , -and -.Dv SSLEAY_VERSION_NUMBER -first appeared in SSLeay 0.6.0 and have been available since -.Ox 2.4 . -.Pp -.Dv OPENSSL_VERSION_NUMBER -first appeared in the first OpenSSL release, OpenSSL 0.9.1c, -and has been available since -.Ox 2.6 . -.Pp -.Dv SSLEAY_DIR -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Dv LIBRESSL_VERSION_NUMBER -first appeared in LibreSSL 2.0.0 and -.Ox 5.6 -and got its final format in LibreSSL 2.3.2 and -.Ox 5.9 . -.Dv LIBRESSL_VERSION_TEXT -first appeared in LibreSSL 2.2.2 and -.Ox 5.8 . -.Pp -.Fn OpenSSL_version_num -and -.Fn OpenSSL_version -first appeared in OpenSSL 1.1.0 -and have been available since LibreSSL 2.7.1 and -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/OPENSSL_cleanse.3 b/src/lib/libcrypto/man/OPENSSL_cleanse.3 deleted file mode 100644 index 95fe6b86fd..0000000000 --- a/src/lib/libcrypto/man/OPENSSL_cleanse.3 +++ /dev/null @@ -1,42 +0,0 @@ -.\" $OpenBSD: OPENSSL_cleanse.3,v 1.4 2019/06/10 09:49:48 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt OPENSSL_CLEANSE 3 -.Os -.Sh NAME -.Nm OPENSSL_cleanse -.Nd OpenSSL memory cleaning operation -.Sh SYNOPSIS -.In openssl/crypto.h -.Ft void -.Fo OPENSSL_cleanse -.Fa "void *ptr" -.Fa "size_t len" -.Fc -.Sh DESCRIPTION -Do not use the interface documented here. -It is provided purely for compatibility with legacy application code. -.Pp -.Fn OPENSSL_cleanse -has the same semantics as, and is a wrapper around, -.Xr explicit_bzero 3 . -.Sh SEE ALSO -.Xr crypto 3 -.Sh HISTORY -.Fn OPENSSL_cleanse -first appeared in OpenSSL 0.9.6h and has been available since -.Ox 3.4 . diff --git a/src/lib/libcrypto/man/OPENSSL_config.3 b/src/lib/libcrypto/man/OPENSSL_config.3 deleted file mode 100644 index 2960e2389a..0000000000 --- a/src/lib/libcrypto/man/OPENSSL_config.3 +++ /dev/null @@ -1,153 +0,0 @@ -.\" $OpenBSD: OPENSSL_config.3,v 1.15 2019/06/14 13:41:31 schwarze Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2004 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt OPENSSL_CONFIG 3 -.Os -.Sh NAME -.Nm OPENSSL_config , -.Nm OPENSSL_no_config -.Nd simple crypto and ssl library configuration -.Sh SYNOPSIS -.In openssl/conf.h -.Ft void -.Fo OPENSSL_config -.Fa "const char *appname" -.Fc -.Ft void -.Fn OPENSSL_no_config void -.Sh DESCRIPTION -.Fn OPENSSL_config -initializes the crypto library and calls -.Xr CONF_modules_load_file 3 -with the standard configuration file and the given -.Fa appname . -If -.Fa appname -is -.Dv NULL , -then the default name -.Sy openssl_conf -is used. -Any errors are ignored. -Further calls to -.Fn OPENSSL_config -have no effect. -.Pp -.Fn OPENSSL_no_config -suppresses the loading of the standard configuration file, so that any -future calls to -.Fn OPENSSL_config -or to -.Xr OPENSSL_init_crypto 3 -will ensure the library is initialized but no configuration -file will be loaded. -.Pp -Calling these functions is optional. -All required initialization of the crypto libraries happens -automatically when needed. -.Pp -To use a non-standard configuration file, refer to -.Xr CONF_modules_load_file 3 . -.Pp -Internally, -.Fn OPENSSL_config -calls -.Xr OPENSSL_init_crypto 3 , -.Xr OPENSSL_load_builtin_modules 3 , -and -.Xr ENGINE_load_builtin_engines 3 . -.Pp -If an application is compiled with the preprocessor symbol -.Dv OPENSSL_LOAD_CONF -#define'd, -.Xr OpenSSL_add_all_algorithms 3 -automatically calls -.Fn OPENSSL_config . -.Pp -Applications should free up configuration at application closedown by -calling -.Xr CONF_modules_free 3 . -.Sh FILES -.Bl -tag -width /etc/ssl/openssl.cnf -compact -.It Pa /etc/ssl/openssl.cnf -standard configuration file -.El -.Sh SEE ALSO -.Xr CONF_modules_free 3 , -.Xr CONF_modules_load_file 3 , -.Xr crypto 3 , -.Xr OPENSSL_load_builtin_modules 3 , -.Xr OPENSSL_VERSION_NUMBER 3 , -.Xr openssl.cnf 5 , -.Xr x509v3.cnf 5 -.Sh HISTORY -.Fn OPENSSL_config -and -.Fn OPENSSL_no_config -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OPENSSL_init_crypto.3 b/src/lib/libcrypto/man/OPENSSL_init_crypto.3 deleted file mode 100644 index 6f38c7bda2..0000000000 --- a/src/lib/libcrypto/man/OPENSSL_init_crypto.3 +++ /dev/null @@ -1,115 +0,0 @@ -.\" $OpenBSD: OPENSSL_init_crypto.3,v 1.5 2020/05/24 12:21:31 schwarze Exp $ -.\" Copyright (c) 2018, 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: May 24 2020 $ -.Dt OPENSSL_INIT_CRYPTO 3 -.Os -.Sh NAME -.Nm OPENSSL_init_crypto , -.Nm OPENSSL_init -.Nd initialise the crypto library -.Sh SYNOPSIS -.In openssl/crypto.h -.Ft int -.Fo OPENSSL_init_crypto -.Fa "uint64_t options" -.Fa "const void *dummy" -.Fc -.Ft void -.Fn OPENSSL_init void -.Sh DESCRIPTION -These functions are deprecated. -It is never useful for an application program -to call either of them explicitly. -.Pp -The library automatically calls -.Fn OPENSSL_init_crypto -internally with an -.Fa options -argument of 0 whenever needed. -It is safest to assume that any function may do so. -.Pp -To enable or disable the standard configuration file, instead use -.Xr OPENSSL_config 3 -or -.Xr OPENSSL_no_config 3 , -respectively. -To load a non-standard configuration file, refer to -.Xr CONF_modules_load_file 3 . -.Pp -If -.Fn OPENSSL_init_crypto -is called before any other crypto or ssl functions, the crypto -library is initialised by allocating various internal resources, -in particular calling -.Xr ERR_load_crypto_strings 3 , -.Xr OpenSSL_add_all_ciphers 3 , -and -.Xr OpenSSL_add_all_digests 3 . -.Pp -The following -.Fa options -are supported: -.Bl -tag -width Ds -.It Dv OPENSSL_INIT_LOAD_CONFIG -At the end of the initialization, call -.Xr OPENSSL_config 3 -with a -.Dv NULL -argument, loading the default configuration file. -.It Dv OPENSSL_INIT_NO_LOAD_CONFIG -Ignore any later calls to -.Xr OPENSSL_config 3 . -.El -.Pp -The other -.Fa options -flags defined by OpenSSL are all ignored by LibreSSL. -The -.Fa dummy -argument has no effect. -.Pp -If this function is called more than once, none of the calls except -the first one have any effect. -.Pp -.Fn OPENSSL_init -has no effect at all. -.Sh RETURN VALUES -.Fn OPENSSL_init_crypto -is intended to return 1 on success or 0 on error. -.Sh SEE ALSO -.Xr CONF_modules_load_file 3 , -.Xr OPENSSL_config 3 , -.Xr OPENSSL_load_builtin_modules 3 , -.Xr openssl.cnf 5 -.Sh HISTORY -.Fn OPENSSL_init -first appeared in OpenSSL 1.0.0e and has been available since -.Ox 5.3 . -It stopped having any effect in OpenSSL 1.1.1 and in -.Ox 5.6 . -.Pp -.Fn OPENSSL_init_crypto -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . -.Sh BUGS -.Fn OPENSSL_init_crypto -silently ignores almost all kinds of errors. -In particular, if memory allocation fails, initialisation is likely -to remain incomplete, the library may be in an inconsistent internal -state, but the return value will usually indicate success anyway. -There is no way for the application program to find out whether -library initialisation is actually complete, nor to get back to a -consistent state if it isn't. diff --git a/src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 deleted file mode 100644 index bcfb363ca4..0000000000 --- a/src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ /dev/null @@ -1,107 +0,0 @@ -.\" $OpenBSD: OPENSSL_load_builtin_modules.3,v 1.6 2019/06/14 13:41:31 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2004, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt OPENSSL_LOAD_BUILTIN_MODULES 3 -.Os -.Sh NAME -.Nm OPENSSL_load_builtin_modules , -.Nm ASN1_add_oid_module , -.Nm ENGINE_add_conf_module -.Nd add standard configuration modules -.Sh SYNOPSIS -.In openssl/conf.h -.Ft void -.Fn OPENSSL_load_builtin_modules void -.Ft void -.Fn ASN1_add_oid_module void -.Ft void -.Fn ENGINE_add_conf_module void -.Sh DESCRIPTION -The function -.Fn OPENSSL_load_builtin_modules -adds all the standard OpenSSL configuration modules to the internal -list. -They can then be used by the OpenSSL configuration code. -.Pp -.Fn ASN1_add_oid_module -adds just the ASN.1 OBJECT module. -.Pp -.Fn ENGINE_add_conf_module -adds just the ENGINE configuration module. -.Pp -If the simple configuration function -.Xr OPENSSL_config 3 -is called then -.Fn OPENSSL_load_builtin_modules -is called automatically. -.Pp -Applications which use configuration functions like -.Xr CONF_modules_load_file 3 -directly need to call -.Fn OPENSSL_load_builtin_modules -themselves -.Em before -any other configuration code. -.Pp -Applications should call -.Xr OPENSSL_config 3 -or -.Fn OPENSSL_load_builtin_modules -to load all configuration modules instead of adding modules selectively: -otherwise functionality may be missing from the application when -new modules are added. -.Sh SEE ALSO -.Xr CONF_modules_load_file 3 , -.Xr OPENSSL_config 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OPENSSL_malloc.3 b/src/lib/libcrypto/man/OPENSSL_malloc.3 deleted file mode 100644 index e6dba165f8..0000000000 --- a/src/lib/libcrypto/man/OPENSSL_malloc.3 +++ /dev/null @@ -1,110 +0,0 @@ -.\" $OpenBSD: OPENSSL_malloc.3,v 1.9 2019/06/10 09:49:48 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt OPENSSL_MALLOC 3 -.Os -.Sh NAME -.Nm OPENSSL_malloc , -.Nm OPENSSL_realloc , -.Nm OPENSSL_free , -.Nm OPENSSL_strdup , -.Nm CRYPTO_malloc , -.Nm CRYPTO_realloc , -.Nm CRYPTO_free , -.Nm CRYPTO_strdup -.Nd legacy OpenSSL memory allocation wrappers -.Sh SYNOPSIS -.In openssl/crypto.h -.Ft void * -.Fo OPENSSL_malloc -.Fa "size_t num" -.Fc -.Ft void * -.Fo OPENSSL_realloc -.Fa "void *addr" -.Fa "size_t num" -.Fc -.Ft void -.Fo OPENSSL_free -.Fa "void *addr" -.Fc -.Ft char * -.Fo OPENSSL_strdup -.Fa "const char *str" -.Fc -.Ft void * -.Fo CRYPTO_malloc -.Fa "size_t num" -.Fa "const char *file" -.Fa "int line" -.Fc -.Ft void * -.Fo CRYPTO_realloc -.Fa "void *p" -.Fa "size_t num" -.Fa "const char *file" -.Fa "int line" -.Fc -.Ft void -.Fo CRYPTO_free -.Fa "void *str" -.Fa "const char *" -.Fa int -.Fc -.Ft char * -.Fo CRYPTO_strdup -.Fa "const char *p" -.Fa "const char *file" -.Fa "int line" -.Fc -.Sh DESCRIPTION -Do not use any of the interfaces documented here in new code. -They are provided purely for compatibility with legacy application code. -.Pp -All 8 of these functions are wrappers around the corresponding -standard -.Xr malloc 3 , -.Xr realloc 3 , -.Xr free 3 , -and -.Xr strdup 3 -functions. -.Sh RETURN VALUES -These functions return the same type and value as the corresponding -standard functions. -.Sh SEE ALSO -.Xr crypto 3 -.Sh HISTORY -.Fn CRYPTO_malloc , -.Fn CRYPTO_realloc , -and -.Fn CRYPTO_free -first appeared in SSLeay 0.6.4 and have been available since -.Ox 2.4 . -.Pp -.Fn OPENSSL_malloc , -.Fn OPENSSL_realloc , -and -.Fn OPENSSL_free -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . -.Pp -.Fn CRYPTO_strdup -and -.Fn OPENSSL_strdup -first appeared in OpenSSL 0.9.8j and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/OPENSSL_sk_new.3 b/src/lib/libcrypto/man/OPENSSL_sk_new.3 deleted file mode 100644 index 5df45534f7..0000000000 --- a/src/lib/libcrypto/man/OPENSSL_sk_new.3 +++ /dev/null @@ -1,597 +0,0 @@ -.\" $OpenBSD: OPENSSL_sk_new.3,v 1.12 2021/03/12 05:18:00 jsg Exp $ -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 12 2021 $ -.Dt OPENSSL_SK_NEW 3 -.Os -.Sh NAME -.Nm sk_new_null , -.Nm sk_new , -.Nm sk_set_cmp_func , -.Nm sk_dup , -.Nm sk_free , -.Nm sk_pop_free , -.Nm sk_num , -.Nm sk_value , -.Nm sk_find , -.Nm sk_find_ex , -.Nm sk_sort , -.Nm sk_is_sorted , -.Nm sk_push , -.Nm sk_unshift , -.Nm sk_insert , -.Nm sk_set , -.Nm sk_pop , -.Nm sk_shift , -.Nm sk_delete , -.Nm sk_delete_ptr , -.Nm sk_zero -.Nd variable-sized arrays of void pointers, called OpenSSL stacks -.Sh SYNOPSIS -.In openssl/stack.h -.Ft _STACK * -.Fn sk_new_null void -.Ft _STACK * -.Fo sk_new -.Fa "int (*compfunc)(const void *, const void *)" -.Fc -.Ft old_function_pointer -.Fo sk_set_cmp_func -.Fa "_STACK *stack" -.Fa "int (*compfunc)(const void *, const void *)" -.Fc -.Ft _STACK * -.Fo sk_dup -.Fa "_STACK *stack" -.Fc -.Ft void -.Fo sk_free -.Fa "_STACK *stack" -.Fc -.Ft void -.Fo sk_pop_free -.Fa "_STACK *stack" -.Fa "void (*freefunc)(void *)" -.Fc -.Ft int -.Fo sk_num -.Fa "const _STACK *stack" -.Fc -.Ft void * -.Fo sk_value -.Fa "const _STACK *stack" -.Fa "int index" -.Fc -.Ft int -.Fo sk_find -.Fa "_STACK *stack" -.Fa "void *wanted" -.Fc -.Ft int -.Fo sk_find_ex -.Fa "_STACK *stack" -.Fa "void *wanted" -.Fc -.Ft void -.Fo sk_sort -.Fa "_STACK *stack" -.Fc -.Ft int -.Fo sk_is_sorted -.Fa "const _STACK *stack" -.Fc -.Ft int -.Fo sk_push -.Fa "_STACK *stack" -.Fa "void *new_item" -.Fc -.Ft int -.Fo sk_unshift -.Fa "_STACK *stack" -.Fa "void *new_item" -.Fc -.Ft int -.Fo sk_insert -.Fa "_STACK *stack" -.Fa "void *new_item" -.Fa "int index" -.Fc -.Ft void * -.Fo sk_set -.Fa "_STACK *stack" -.Fa "int index" -.Fa "void *new_item" -.Fc -.Ft void * -.Fo sk_pop -.Fa "_STACK *stack" -.Fc -.Ft void * -.Fo sk_shift -.Fa "_STACK *stack" -.Fc -.Ft void * -.Fo sk_delete -.Fa "_STACK *stack" -.Fa "int index" -.Fc -.Ft void * -.Fo sk_delete_ptr -.Fa "_STACK *stack" -.Fa "void *wanted" -.Fc -.Ft void -.Fo sk_zero -.Fa "_STACK *stack" -.Fc -.Sh DESCRIPTION -OpenSSL introduced an idiosyncratic concept of variable sized arrays -of pointers and somewhat misleadingly called such an array a -.Dq stack . -Intrinsically, and as documented in this manual page, OpenSSL stacks -are not type safe but only handle -.Vt void * -function arguments and return values. -.Pp -OpenSSL also provides a fragile, unusually complicated system of -macro-generated wrappers that offers superficial type safety at the -expense of extensive obfuscation, implemented using large amounts -of autogenerated code involving exceedingly ugly, nested -.Xr cpp 1 -macros; see the -.Xr STACK_OF 3 -manual page for details. -.Pp -The fundamental data type is the -.Vt _STACK -structure. -It stores a variable number of void pointers -and remembers the number of pointers currently stored. -It can optionally hold a pointer to a comparison function. -As long as no comparison function is installed, the order of pointers -is meaningful; as soon as a comparison function is installed, it -becomes ill-defined. -.Pp -.Fn sk_new_null -allocates and initializes a new, empty stack. -.Fn sk_new -is identical except that it also installs -.Fa compfunc -as the comparison function for the new stack object. -.Fn sk_set_cmp_func -installs -.Fa compfunc -for the existing -.Fa stack . -The -.Fa compfunc -is allowed to be -.Dv NULL , -but the -.Fa stack -is not. -.Pp -.Fn sk_dup -creates a shallow copy of the given -.Fa stack , -which must not be a -.Dv NULL -pointer. -It neither copies the objects pointed to from the stack nor -increases their reference counts, but merely copies the pointers. -Extreme care must be taken in order to avoid freeing the memory twice, -for example by calling -.Fn sk_free -on one copy and only calling -.Fn sk_pop_free -on the other. -.Pp -.Fn sk_free -frees the given -.Fa stack . -It does not free any of the pointers stored on the stack. -Unless these pointers are merely copies of pointers owned by -other objects, they must be freed before calling -.Fn sk_free , -in order to avoid leaking memory. -If -.Fa stack -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn sk_pop_free -is severely misnamed. -It does not at all do what one would expect from a function called -.Dq pop . -Instead, it does the same as -.Fn sk_free , -except that it also calls the function -.Fa freefunc -on each of the pointers contained in the -.Fa stack . -If the calls to -.Fa freefunc -are intended to free the memory in use by the objects on the stack, -ensure that no other pointers to the same objects remain elsewhere. -.Pp -.Fn sk_find -searches the -.Fa stack -for the -.Fa wanted -pointer. -If the -.Fa stack -contains more than one copy of the -.Fa wanted -pointer, only the first match is found. -If a comparison function is installed for the stack, the stack is -first sorted with -.Fn sk_sort , -and instead of comparing pointers, two pointers are considered to match -if the comparison function returns 0. -.Pp -.Fn sk_find_ex -is identical to -.Fn sk_find -except that if the -.Fa stack -is not empty but no match is found, -the index of some pointer considered closest to -.Fa wanted -is returned. -.Pp -.Fn sk_sort -sorts the -.Fa stack -using -.Xr qsort 3 -and the installed comparison function. -If -.Fa stack -is a -.Dv NULL -pointer or already considered sorted, no action occurs. -This function can only be called if a comparison function is installed. -.Pp -.Fn sk_is_sorted -reports whether the -.Fa stack -is considered sorted. -Calling -.Fn sk_new_null -or -.Fn sk_new , -successfully calling -.Fn sk_push , -.Fn sk_unshift , -.Fn sk_insert , -or -.Fn sk_set , -or changing the comparison function sets the state to unsorted. -If a comparison function is installed, calling -.Fn sk_sort , -.Fn sk_find , -or -.Fn sk_find_ex -sets the state to sorted. -.Pp -.Fn sk_push -pushes -.Fa new_item -onto the end of the -.Fa stack , -increasing the number of pointers by 1. -If -.Fa stack -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn sk_unshift -inserts -.Fa new_item -at the beginning of the -.Fa stack , -such that it gets the index 0. -The number of pointers increases by 1. -If -.Fa stack -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn sk_insert -inserts the -.Fa new_item -into the -.Fa stack -such that it gets the given -.Fa index . -If -.Fa index -is less than 0 or greater than or equal to -.Fn sk_num stack , -the effect is the same as for -.Fn sk_push . -If -.Fa stack -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn sk_set -replaces the pointer with the given -.Fa index -on the -.Fa stack -with the -.Fa new_item . -The old pointer is not freed, -which may leak memory if no copy of it exists elsewhere. -If -.Fa stack -is a -.Dv NULL -pointer or if -.Fa index -is less than 0 or greater than or equal to -.Fn sk_num stack , -no action occurs. -.Pp -.Fn sk_pop -and -.Fn sk_shift -remove the pointer with the highest or lowest index from the -.Fa stack , -respectively, reducing the number of pointers by 1. -If -.Fa stack -is a -.Dv NULL -pointer or if it is empty, no action occurs. -.Pp -.Fn sk_delete -removes the pointer with the given -.Fa index -from the -.Fa stack , -reducing the number of pointers by 1. -If -.Fa stack -is a -.Dv NULL -pointer or the -.Fa index -is less than 0 or greater than or equal to -.Fn sk_num stack , -no action occurs. -.Pp -.Fn sk_delete_ptr -removes the -.Fa wanted -pointer from the -.Fa stack , -reducing the number of pointers by 1 if it is found. -It never uses a comparison function -but only compares pointers themselves. -The -.Fa stack -pointer must not be -.Dv NULL . -.Pp -.Fn sk_zero -removes all pointers from the -.Fa stack . -It does not free any of the pointers. -Unless these pointers are merely copies of pointers owned by other -objects, they must be freed before calling -.Fn sk_zero , -in order to avoid leaking memory. -If -.Fa stack -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -.Fn sk_new_null , -.Fn sk_new , -and -.Fn sk_dup -return a pointer to the newly allocated stack object or -.Dv NULL -if insufficient memory is available. -.Pp -.Fn sk_set_cmp_func -returns a pointer to the comparison function -that was previously installed for the -.Fa stack -or -.Dv NULL -if none was installed. -.Pp -.Fn sk_num -returns the number of pointers currently stored on the -.Fa stack , -or \-1 if -.Fa stack -is a -.Dv NULL -pointer. -.Pp -.Fn sk_value -returns the pointer with the given -.Fa index -from the -.Fa stack , -or -.Dv NULL -if -.Fa stack -is a -.Dv NULL -pointer or if the -.Fa index -is less than 0 or greater than or equal to -.Fn sk_num stack . -.Pp -.Fn sk_find -returns the lowest index considered to match or \-1 if -.Fa stack -is a -.Dv NULL -pointer or if no match is found. -.Pp -.Fn sk_find_ex -returns some index or \-1 if -.Fa stack -is a -.Dv NULL -pointer or empty. -.Pp -.Fn sk_is_sorted -returns 1 if the -.Fa stack -is considered sorted or if it is a -.Dv NULL -pointer, or 0 otherwise. -.Pp -.Fn sk_push , -.Fn sk_unshift , -and -.Fn sk_insert -return the new number of pointers on the -.Fa stack -or 0 if -.Fa stack -is a -.Dv NULL -pointer or if memory allocation fails. -.Pp -.Fn sk_set -returns -.Fa new_item -or -.Dv NULL -if -.Fa stack -is a -.Dv NULL -pointer or if the -.Fa index -is less than 0 or greater than or equal to -.Fn sk_num stack . -.Pp -.Fn sk_pop -and -.Fn sk_shift -return the deleted pointer or -.Dv NULL -if -.Fa stack -is a -.Dv NULL -pointer or if it is empty. -.Pp -.Fn sk_delete -returns the deleted pointer or -.Dv NULL -if -.Fa stack -is a -.Dv NULL -pointer or if the -.Fa index -is less than 0 or greater than or equal to -.Fn sk_num stack . -.Pp -.Fn sk_delete_ptr -returns -.Fa wanted -or -.Dv NULL -if it is not found. -.Sh SEE ALSO -.Xr STACK_OF 3 -.Sh HISTORY -.Fn sk_new_null , -.Fn sk_new , -.Fn sk_free , -.Fn sk_pop_free , -.Fn sk_num , -.Fn sk_value , -.Fn sk_find , -.Fn sk_push , -.Fn sk_unshift , -.Fn sk_insert , -.Fn sk_pop , -.Fn sk_shift , -.Fn sk_delete , -and -.Fn sk_delete_ptr -first appeared in SSLeay 0.5.1. -.Fn sk_set_cmp_func , -.Fn sk_dup , -and -.Fn sk_zero -first appeared in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn sk_set -first appeared in OpenSSL 0.9.3. -.Fn sk_sort -first appeared in OpenSSL 0.9.4. -Both functions have been available since -.Ox 2.6 . -.Pp -.Fn sk_is_sorted -first appeared in OpenSSL 0.9.7e and has been available since -.Ox 3.8 . -.Pp -.Fn sk_find_ex -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . -.Sh BUGS -Even if a comparison function is installed, empty stacks and -stacks containing a single pointer are sometimes considered -sorted and sometimes considered unsorted. -.Pp -If a comparison function is installed, the concept of -.Dq first match -in -.Fn sk_find -and -.Fn sk_find_ex -is ill-defined because -.Xr qsort 3 -is not a stable sorting function. -It is probably best to only assume that they return an arbitrary match. -.Pp -The concept of -.Dq closest -for -.Fn sk_find_ex -is even less clearly defined. -The match may sometimes be smaller and sometimes larger than -.Fa wanted , -even if both smaller and larger pointers exist in the -.Fa stack . -Besides, it is again ill-defined -which of several pointers that compare equal is selected. -It is probably best to not assume anything about the selection -for cases where there is no match. diff --git a/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 deleted file mode 100644 index 9ef19e7163..0000000000 --- a/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ /dev/null @@ -1,127 +0,0 @@ -.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.8 2019/06/14 13:41:31 schwarze Exp $ -.\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2000, 2003, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt OPENSSL_ADD_ALL_ALGORITHMS 3 -.Os -.Sh NAME -.Nm OpenSSL_add_all_algorithms , -.Nm OpenSSL_add_all_ciphers , -.Nm OpenSSL_add_all_digests , -.Nm EVP_cleanup -.Nd add algorithms to internal table -.Sh SYNOPSIS -.In openssl/evp.h -.Ft void -.Fn OpenSSL_add_all_algorithms void -.Ft void -.Fn OpenSSL_add_all_ciphers void -.Ft void -.Fn OpenSSL_add_all_digests void -.Ft void -.Fn EVP_cleanup void -.Sh DESCRIPTION -These functions are deprecated. -It is never useful for any application program -to call any of them explicitly. -The library automatically calls them internally whenever needed. -.Pp -OpenSSL keeps an internal table of digest algorithms and ciphers. -It uses this table to look up ciphers via functions such as -.Xr EVP_get_cipherbyname 3 . -.Pp -.Fn OpenSSL_add_all_algorithms -adds all algorithms to the table (digests and ciphers). -If an application is compiled with the preprocessor symbol -.Dv OPENSSL_LOAD_CONF -#define'd, it also calls -.Xr OPENSSL_config 3 -with a -.Dv NULL -argument, loading the default configuration file. -.Pp -.Fn OpenSSL_add_all_digests -adds all digest algorithms to the table. -.Pp -.Fn OpenSSL_add_all_ciphers -adds all encryption algorithms to the table including password based -encryption algorithms. -.Pp -If any of the above functions is called more than once, -only the first call has an effect. -.Pp -.Fn EVP_cleanup -removes all ciphers and digests from the table. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_EncryptInit 3 , -.Xr OPENSSL_config 3 -.Sh HISTORY -.Fn EVP_cleanup -and precursor functions -.Fn SSLeay_add_all_algorithms , -.Fn SSLeay_add_all_ciphers , -and -.Fn SSLeay_add_all_digests -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn OpenSSL_add_all_algorithms , -.Fn OpenSSL_add_all_ciphers , -and -.Fn OpenSSL_add_all_digests -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Sh BUGS -Although the functions do not return error codes, it is possible for them -to fail. -This will only happen as a result of a memory allocation failure so this -is not too much of a problem in practice. diff --git a/src/lib/libcrypto/man/PEM_ASN1_read.3 b/src/lib/libcrypto/man/PEM_ASN1_read.3 deleted file mode 100644 index 53ebe5ada4..0000000000 --- a/src/lib/libcrypto/man/PEM_ASN1_read.3 +++ /dev/null @@ -1,172 +0,0 @@ -.\" $OpenBSD: PEM_ASN1_read.3,v 1.2 2020/07/23 17:34:53 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 23 2020 $ -.Dt PEM_ASN1_READ 3 -.Os -.Sh NAME -.Nm d2i_of_void , -.Nm PEM_ASN1_read , -.Nm PEM_ASN1_read_bio -.Nd PEM and DER decode an arbitrary ASN.1 value -.Sh SYNOPSIS -.In openssl/pem.h -.Ft typedef void * -.Fo d2i_of_void -.Fa "void **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft void * -.Fo PEM_ASN1_read -.Fa "d2i_of_void *d2i" -.Fa "const char *name" -.Fa "FILE *in_fp" -.Fa "void **val_out" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft void * -.Fo PEM_ASN1_read_bio -.Fa "d2i_of_void *d2i" -.Fa "const char *name" -.Fa "BIO *in_bp" -.Fa "void **val_out" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Sh DESCRIPTION -These functions read one object from -.Fa in_fp -or -.Fa in_bp -and perform both PEM and DER decoding. -They are needed when more specific decoding functions -like those documented in -.Xr PEM_read_bio_PrivateKey 3 -and -.Xr PEM_read_SSL_SESSION 3 -are inadequate for the type -.Fa name . -.Pp -For PEM decoding, -.Xr PEM_bytes_read_bio 3 -is called internally. -Consequently, the first object of type -.Fa name -is returned and preceding objects of other types are discarded. -If necessary, data is decrypted, using -.Fa cb -and/or -.Fa u -if they are not -.Dv NULL , -as described in the -.Xr pem_password_cb 3 -manual page. -.Pp -For subsequent DER decoding, pass a -.Fa d2i -callback function that is adequate for the type -.Fa name , -typically returning a pointer of a type more specific than -.Ft void * . -For example, -.Xr d2i_ASN1_TYPE 3 -can always be used and its manual page describes the required -behaviour of the callback function to be passed. -Normally, passing a more specific function is more useful; -candidate functions can be found with -.Ql man -k Nm~^d2i_ . -.Pp -For the -.Fa name -argument, the -.Dv PEM_STRING_* -string constants defined in -.In openssl/pem.h -can be used. -.Pp -The -.Fa val_out -argument is useless and its many dangers are described in detail in the -.Xr d2i_ASN1_TYPE 3 -manual page. -To reduce the risk of bugs, always passing -.Dv NULL -is recommended. -.Sh RETURN VALUES -These functions return a pointer to the decoded object or -.Dv NULL -if an error occurs. -They fail if -.Xr PEM_bytes_read_bio 3 -fails, for example because of invalid syntax in the input, an unknown -encryption, or an invalid passphrase entered by the user. -They also fail if -.Fa d2i -returns -.Dv NULL , -for example due to DER decoding errors. -.Pp -.Fn PEM_ASN1_read -may also fail if memory is exhausted. -.Sh EXAMPLES -Typical usage of -.Fn PEM_ASN1_read -is demonstrated by the implementation of the more specific function -to PEM and DER decode an X.509 certificate: -.Bd -literal -offset 2n -X509 * -PEM_read_X509(FILE *fp, X509 **val_out, pem_password_cb *cb, void *u) -{ - return PEM_ASN1_read((d2i_of_void *)d2i_X509, PEM_STRING_X509, - fp, (void **)val_out, cb, u); -} -.Ed -.Sh ERRORS -Diagnostics that can be retrieved with -.Xr ERR_get_error 3 , -.Xr ERR_GET_REASON 3 , -and -.Xr ERR_reason_error_string 3 -include: -.Bl -tag -width Ds -.It Dv ERR_R_BUF_LIB Qq "BUF lib" -.Fn PEM_ASN1_read -failed to set up a temporary BIO, -for example because memory was exhausted. -.It Dv ERR_R_ASN1_LIB Qq "ASN1 lib" -.Fa d2i -returned -.Dv NULL , -for example due to a DER syntax error. -.El -.Pp -Additional types of errors can result from -.Xr PEM_bytes_read_bio 3 . -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr d2i_ASN1_TYPE 3 , -.Xr PEM_bytes_read_bio 3 , -.Xr PEM_read 3 , -.Xr PEM_read_bio_PrivateKey 3 , -.Xr PEM_read_SSL_SESSION 3 , -.Xr PEM_X509_INFO_read 3 -.Sh HISTORY -These functions first appeared in SSLeay 0.5.1 -and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/PEM_X509_INFO_read.3 b/src/lib/libcrypto/man/PEM_X509_INFO_read.3 deleted file mode 100644 index 0e908b7988..0000000000 --- a/src/lib/libcrypto/man/PEM_X509_INFO_read.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" $OpenBSD: PEM_X509_INFO_read.3,v 1.3 2021/07/31 14:54:33 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 31 2021 $ -.Dt PEM_X509_INFO_READ 3 -.Os -.Sh NAME -.Nm PEM_X509_INFO_read , -.Nm PEM_X509_INFO_read_bio -.Nd PEM and DER decode X.509 certificates, private keys, and revocation lists -.Sh SYNOPSIS -.In openssl/pem.h -.Ft STACK_OF(X509_INFO) * -.Fo PEM_X509_INFO_read -.Fa "FILE *in_fp" -.Fa "STACK_OF(X509_INFO) *sk" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft STACK_OF(X509_INFO) * -.Fo PEM_X509_INFO_read_bio -.Fa "BIO *in_bp" -.Fa "STACK_OF(X509_INFO) *sk" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Sh DESCRIPTION -These functions read zero or more objects -related to X.509 certificates from -.Fa in_fp -or -.Fa in_bp , -perform both PEM and DER decoding, -and wrap the resulting objects in newly allocated -.Vt X509_INFO -containers. -.Pp -Setting -.Fa sk -to -.Dv NULL -is recommended, in which case -a new stack is allocated, populated, and returned. -If an existing -.Fa sk -is passed in, the created -.Vt X509_INFO -objects are pushed onto that stack. -.Pp -For PEM decoding, -.Xr PEM_read_bio 3 -is used internally, implying that any non-PEM data -before, between, and after the objects is silently discarded. -.Pp -For subsequent DER decoding, -the decoding function and the field of the -.Vt X509_INFO -structure to store the new object in -are selected according to the PEM type name: -.Bl -column "TRUSTED CERTIFICATE" "d2i_PrivateKey()" "revocation list" -.It PEM type name Ta decoder Ta Vt X509_INFO No field -.It CERTIFICATE Ta Xr d2i_X509 3 Ta certificate -.It X509 CERTIFICATE Ta Xr d2i_X509 3 Ta certificate -.It TRUSTED CERTIFICATE Ta Xr d2i_X509_AUX 3 Ta certificate -.It X509 CRL Ta Xr d2i_X509_CRL 3 Ta revocation list -.It RSA PRIVATE KEY Ta Xr d2i_PrivateKey 3 Ta private key -.It DSA PRIVATE KEY Ta Xr d2i_PrivateKey 3 Ta private key -.It EC PRIVATE KEY Ta Xr d2i_PrivateKey 3 Ta private key -.El -.Pp -Whenever the selected field is already occupied, another new -.Vt X509_INFO -container is allocated and pushed onto the stack. -Depending on the sequence of objects in the input, this can result -in several partially populated -.Vt X509_INFO -containers being pushed onto the stack. -.Pp -PEM objects of types not listed in the above table are silently skipped. -.Pp -Encrypted certificates and revocation lists are decrypted by calling -.Xr PEM_do_header 3 -internally, passing through the optional arguments -.Fa cb -and -.Fa u . -Encrypted private keys are not decrypted. -Instead, the encrypted form is stored as read. -All the same, -.Xr PEM_get_EVP_CIPHER_INFO 3 -is called internally to check that PEM headers, if there are any, -are valid and specify an encryption the library is prepared to handle. -.Pp -If any error occurs, objects that had already been read -during the same call are deleted again and -.Fa sk -is left unchanged. -.Sh RETURN VALUES -These functions return a pointer to the stack -the objects read were pushed onto or -.Dv NULL -if an error occurs. -They fail if -.Xr PEM_read_bio 3 , -.Xr PEM_get_EVP_CIPHER_INFO 3 , -.Xr PEM_do_header 3 , -or DER decoding fails or if memory is exhausted. -.Sh ERRORS -Diagnostics that can be retrieved with -.Xr ERR_get_error 3 , -.Xr ERR_GET_REASON 3 , -and -.Xr ERR_reason_error_string 3 -include: -.Bl -tag -width Ds -.It Dv ERR_R_ASN1_LIB Qq "ASN1 lib" -DER decoding of a PEM object failed. -.It Dv ERR_R_BUF_LIB Qq BUF lib -.Fn PEM_X509_INFO_read -failed to set up a temporary BIO, for example because memory was exhausted. -.It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure" -.Fn PEM_X509_INFO_read_bio -failed to allocate a new -.Vt X509_INFO , -.Vt STACK_OF(X509_INFO) , -or -.Vt X509_PKEY -object. -.El -.Pp -Additional types of errors can result from -.Xr PEM_read_bio 3 , -.Xr PEM_get_EVP_CIPHER_INFO 3 , -and -.Xr PEM_do_header 3 . -.Pp -After these functions failed due to memory exhaustion, -.Xr ERR_get_error 3 -may sometimes return 0 anyway. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr d2i_PrivateKey 3 , -.Xr d2i_X509 3 , -.Xr d2i_X509_CRL 3 , -.Xr EVP_PKEY_new 3 , -.Xr PEM_read 3 , -.Xr PEM_read_bio_PrivateKey 3 , -.Xr STACK_OF 3 , -.Xr X509_CRL_new 3 , -.Xr X509_INFO_new 3 , -.Xr X509_LOOKUP_new 3 , -.Xr X509_new 3 -.Sh HISTORY -.Fn PEM_X509_INFO_read -first appeared in SSLeay 0.5.1 and -.Fn PEM_X509_INFO_read_bio -in SSLeay 0.6.0. -Both functions have been available since -.Ox 2.4 . -.Sh CAVEATS -It is not an error -if the input does not contain any objects of the desired types. -In that case, nothing is added to -.Fa sk , -or if -.Fa sk -is -.Dv NULL , -a newly allocated, empty stack is returned. -The only way to detect this situation is by comparing -the number of objects on the stack before and after the call. -.Sh BUGS -When reaching the end of the input, these functions call -.Xr ERR_clear_error 3 , -which may hide errors that occurred before calling these functions. diff --git a/src/lib/libcrypto/man/PEM_bytes_read_bio.3 b/src/lib/libcrypto/man/PEM_bytes_read_bio.3 deleted file mode 100644 index 20ad6b8a4d..0000000000 --- a/src/lib/libcrypto/man/PEM_bytes_read_bio.3 +++ /dev/null @@ -1,184 +0,0 @@ -.\" $OpenBSD: PEM_bytes_read_bio.3,v 1.6 2020/07/23 17:34:53 schwarze Exp $ -.\" selective merge up to: -.\" OpenSSL PEM_bytes_read_bio.pod 7671342e Feb 29 15:47:12 2016 -0600 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Benjamin Kaduk . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 23 2020 $ -.Dt PEM_BYTES_READ_BIO 3 -.Os -.Sh NAME -.Nm PEM_bytes_read_bio -.Nd read a PEM-encoded data structure from a BIO -.Sh SYNOPSIS -.In openssl/pem.h -.Ft int -.Fo PEM_bytes_read_bio -.Fa "unsigned char **pdata" -.Fa "long *plen" -.Fa "char **pnm" -.Fa "const char *name" -.Fa "BIO *in_bp" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Sh DESCRIPTION -.Fn PEM_bytes_read_bio -reads and PEM decodes the first object of type -.Fa name -.Pq e.g. RSA PRIVATE KEY, CERTIFICATE, etc.\& -from -.Fa in_bp . -If multiple PEM-encoded data structures are present in the same stream, -it skips non-matching data types and continues reading. -Before reading each PEM object, lines not starting with -.Qq "-----BEGIN " -are also skipped; see -.Xr PEM_read_bio 3 -for details of PEM parsing. -.Pp -The PEM header may indicate that the following data is encrypted; if so, -the data is decrypted, optionally using -.Fa cb -and -.Fa u , -as described in -.Xr pem_password_cb 3 . -.Pp -Some data types have compatibility aliases, such as a file containing -X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE. -The actual type indicated by the file is returned in -.Em *pnm -if -.Fa pnm -is -.Pf non- Dv NULL . -The caller must free the storage pointed to by -.Em *pnm . -.Pp -The returned data is the DER-encoded form of the requested type, in -.Em *pdata -with length -.Em *plen . -The caller must free the storage pointed to by -.Em *pdata . -.Sh RETURN VALUES -.Fn PEM_bytes_read_bio -returns 1 for success or 0 for failure. -.Sh ERRORS -Diagnostics that can be retrieved with -.Xr ERR_get_error 3 , -.Xr ERR_GET_REASON 3 , -and -.Xr ERR_reason_error_string 3 -include: -.Bl -tag -width Ds -.It Dv PEM_R_NO_START_LINE Qq no start line -No more PEM objects were found in the input. -This can happen when the input contains no PEM objects at all, -or only objects that do not match the type -.Fa name . -.It Dv PEM_R_NOT_PROC_TYPE Qq not proc type -The first PEM header does not start with -.Qq "Proc-Type: " . -.It Dv PEM_R_NOT_ENCRYPTED Qq not encrypted -The Proc-Type header differs from -.Qq 4,ENCRYPTED . -.It Dv PEM_R_SHORT_HEADER Qq short header -The Proc-Type header is the last header line. -.It Dv PEM_R_NOT_DEK_INFO Qq not dek info -The second PEM header does not start with -.Qq "DEK-Info: " . -.It Dv PEM_R_UNSUPPORTED_ENCRYPTION Qq unsupported encryption -The cipher name given in the DEK-Info header is unknown to -.Xr EVP_get_cipherbyname 3 . -.It Dv PEM_R_BAD_IV_CHARS Qq "bad iv chars" -The word following the cipher name in the DEK-Info header -contains bytes that are not hexadecimal digits. -This also happens when the initialization vector is missing or too short. -.It Dv PEM_R_BAD_PASSWORD_READ Qq bad password read -.Fa cb -reported failure. -This may for example happen when the user mistypes the password. -.It Dv PEM_R_BAD_DECRYPT Qq bad decrypt -.Xr EVP_DecryptInit_ex 3 , -.Xr EVP_DecryptUpdate 3 , -or -.Xr EVP_DecryptFinal_ex 3 -failed. -.El -.Pp -Additional types of errors can result from -.Xr PEM_read_bio 3 . -.Sh SEE ALSO -.Xr PEM_ASN1_read 3 , -.Xr PEM_read 3 , -.Xr PEM_read_bio_PrivateKey 3 , -.Xr PEM_X509_INFO_read 3 -.Sh STANDARDS -RFC 1421: Privacy Enhancement for Internet Electronic Mail (PEM), Part I -.Sh HISTORY -.Fn PEM_bytes_read_bio -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/PEM_read.3 b/src/lib/libcrypto/man/PEM_read.3 deleted file mode 100644 index df1c84ee17..0000000000 --- a/src/lib/libcrypto/man/PEM_read.3 +++ /dev/null @@ -1,410 +0,0 @@ -.\" $OpenBSD: PEM_read.3,v 1.13 2021/03/12 05:18:00 jsg Exp $ -.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Viktor Dukhovni -.\" and by Rich Salz . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 12 2021 $ -.Dt PEM_READ 3 -.Os -.Sh NAME -.Nm PEM_write , -.Nm PEM_write_bio , -.Nm PEM_read , -.Nm PEM_read_bio , -.Nm PEM_get_EVP_CIPHER_INFO , -.Nm PEM_do_header , -.Nm PEM_def_callback , -.Nm pem_password_cb -.Nd PEM encoding routines -.Sh SYNOPSIS -.In openssl/pem.h -.Ft int -.Fo PEM_write -.Fa "FILE *fp" -.Fa "const char *name" -.Fa "const char *header" -.Fa "const unsigned char *data" -.Fa "long len" -.Fc -.Ft int -.Fo PEM_write_bio -.Fa "BIO *bp" -.Fa "const char *name" -.Fa "const char *header" -.Fa "ocnst unsigned char *data" -.Fa "long len" -.Fc -.Ft int -.Fo PEM_read -.Fa "FILE *fp" -.Fa "char **name" -.Fa "char **header" -.Fa "unsigned char **data" -.Fa "long *len" -.Fc -.Ft int -.Fo PEM_read_bio -.Fa "BIO *bp" -.Fa "char **name" -.Fa "char **header" -.Fa "unsigned char **data" -.Fa "long *len" -.Fc -.Ft int -.Fo PEM_get_EVP_CIPHER_INFO -.Fa "char *header" -.Fa "EVP_CIPHER_INFO *cinfo" -.Fc -.Ft int -.Fo PEM_do_header -.Fa "EVP_CIPHER_INFO *cinfo" -.Fa "unsigned char *data" -.Fa "long *len" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_def_callback -.Fa "char *password" -.Fa "int size" -.Fa "int verify" -.Fa "void *u" -.Fc -.Ft typedef int -.Fo pem_password_cb -.Fa "char *password" -.Fa "int size" -.Fa "int verify" -.Fa "void *u" -.Fc -.Sh DESCRIPTION -These functions read and write PEM-encoded objects, using the PEM type -.Fa name , -any additional -.Fa header -information, and the raw -.Fa data -of length -.Fa len . -.Pp -PEM is the binary content encoding first defined in IETF RFC 1421. -The content is a series of base64-encoded lines, surrounded by -begin/end markers each on their own line. -For example: -.Bd -literal -offset indent ------BEGIN PRIVATE KEY----- -MIICdg.... -\&... bhTQ== ------END PRIVATE KEY----- -.Ed -.Pp -Optional header line(s) may appear after the begin line, and their -existence depends on the type of object being written or read. -.Pp -.Fn PEM_write -writes to the file -.Fa fp , -while -.Fn PEM_write_bio -writes to the BIO -.Fa bp . -The -.Fa name -is the name to use in the marker, the -.Fa header -is the header value or -.Dv NULL , -and -.Fa data -and -.Fa len -specify the data and its length. -.Pp -The final -.Fa data -buffer is typically an ASN.1 object which can be decoded with the -.Fn d2i_* -function appropriate to the type -.Fa name ; -see -.Xr d2i_X509 3 -for examples. -.Pp -.Fn PEM_read -reads from the file -.Fa fp , -while -.Fn PEM_read_bio -reads from the BIO -.Fa bp . -Both skip any non-PEM data that precedes the start of the next PEM -object. -When an object is successfully retrieved, the type name from the -"----BEGIN -----" is returned via the -.Fa name -argument, any encapsulation headers are returned in -.Fa header , -and the base64-decoded content and its length are returned via -.Fa data -and -.Fa len , -respectively. -The -.Fa name , -.Fa header , -and -.Fa data -pointers should be freed by the caller when no longer needed. -.Pp -The remaining functions are deprecated because the underlying PEM -encryption format is obsolete and should be avoided. -It uses an encryption format with an OpenSSL-specific key-derivation -function, which employs MD5 with an iteration count of 1. -Instead, private keys should be stored in PKCS#8 form, with a strong -PKCS#5 v2.0 PBE; see -.Xr PEM_write_PrivateKey 3 -and -.Xr d2i_PKCS8PrivateKey_bio 3 . -.Pp -.Fn PEM_get_EVP_CIPHER_INFO -can be used to determine the -.Fa data -returned by -.Fn PEM_read -or -.Fn PEM_read_bio -is encrypted and to retrieve the associated cipher and IV. -The caller passes a pointer to a structure of type -.Vt EVP_CIPHER_INFO -via the -.Fa cinfo -argument and the -.Fa header -returned via -.Fn PEM_read -or -.Fn PEM_read_bio . -If the call is successful, 1 is returned and the cipher and IV are -stored at the address pointed to by -.Fa cinfo . -When the header is malformed or not supported or when the cipher is -unknown or some internal error happens, 0 is returned. -.Pp -.Fn PEM_do_header -can then be used to decrypt the data if the header indicates encryption. -The -.Fa cinfo -argument is a pointer to the structure initialized by a preceding call -to -.Fn PEM_get_EVP_CIPHER_INFO . -If that structure indicates the absence of encryption, -.Fn PEM_do_header -returns successfully without taking any action. -The -.Fa data -and -.Fa len -arguments are used both to pass in the encrypted data that was -returned in the same arguments from the preceding call to -.Fn PEM_read -or -.Fn PEM_read_bio -and to pass out the decrypted data. -.Pp -The callback function -.Fa cb -is used to obtain the encryption -.Fa password ; -if -.Fa cb -is -.Dv NULL , -.Fn PEM_def_callback -is used instead. -The -.Fa password -buffer needs to be at least -.Fa size -bytes long. -.Fn PEM_def_callback -silently truncates the NUL-terminated byte string -.Fa u -to at most -.Fa num -bytes and copies it into -.Fa password -without a terminating NUL byte. -If -.Fa u -is -.Dv NULL , -.Fn PEM_def_callback -instead prompts the user for the password with echoing turned off -by calling -.Xr EVP_read_pw_string_min 3 -internally. -In this case, the -.Fa size -is silently reduced to at most -.Dv BUFSIZ -and at most -.Fa size No \- 1 -bytes are accepted from the user and copied into the byte string buffer -.Fa password . -A callback function -.Fa cb -supplied by the application may use -.Fa u -for a different purpose than -.Fn PEM_def_callback -does, e.g., as auxiliary data to use while acquiring the password. -For example, a GUI application might pass a window handle. -If the -.Fa verify -flag is non-zero, the user is prompted twice for the password to -make typos less likely and it is checked that both inputs agree. -This flag is not set by -.Fn PEM_do_header -nor by other read functions. -.Pp -If the data is a priori known to not be encrypted, then neither -.Fn PEM_get_EVP_CIPHER_INFO -nor -.Fn PEM_do_header -need to be called. -.Sh RETURN VALUES -.Fn PEM_read -and -.Fn PEM_read_bio -return 1 on success or 0 on failure. -The latter includes the case when no more PEM objects remain in the -input file. -To distinguish end of file from more serious errors, the caller -must peek at the error stack and check for -.Dv PEM_R_NO_START_LINE , -which indicates that no more PEM objects were found. -See -.Xr ERR_peek_last_error 3 -and -.Xr ERR_GET_REASON 3 . -.Pp -.Fn PEM_get_EVP_CIPHER_INFO -and -.Fn PEM_do_header -return 1 on success or 0 on failure. -The -.Fa data -is likely meaningless if these functions fail. -.Pp -.Fn PEM_def_callback -returns the number of bytes stored into -.Fa buf -or a negative value on failure, and -.Fa cb -is expected to behave in the same way. -If -.Fa u -is -.Dv NULL , -.Fn PEM_def_callback -fails if -.Fa num -is less than 5 -or if an error occurs trying to prompt the user for the password. -Otherwise, it fails when -.Fa num -is negative. -The details of the circumstances that cause -.Fa cb -to fail may differ. -.Sh SEE ALSO -.Xr crypto 3 , -.Xr d2i_PKCS8PrivateKey_bio 3 , -.Xr PEM_ASN1_read 3 , -.Xr PEM_bytes_read_bio 3 , -.Xr PEM_read_bio_PrivateKey 3 , -.Xr PEM_read_SSL_SESSION 3 , -.Xr PEM_write_bio_CMS_stream 3 , -.Xr PEM_write_bio_PKCS7_stream 3 , -.Xr PEM_X509_INFO_read 3 -.Sh HISTORY -.Fn PEM_write , -.Fn PEM_read , -and -.Fn PEM_do_header -appeared in SSLeay 0.4 or earlier. -.Fn PEM_get_EVP_CIPHER_INFO -first appeared in SSLeay 0.5.1. -.Fn PEM_write_bio -and -.Fn PEM_read_bio -first appeared in SSLeay 0.6.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn PEM_def_callback -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 b/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 deleted file mode 100644 index b097bbbecc..0000000000 --- a/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 +++ /dev/null @@ -1,1379 +0,0 @@ -.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.20 2021/07/24 14:33:14 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL man3/PEM_read_bio_PrivateKey.pod 18bad535 Apr 9 15:13:55 2019 +0100 -.\" OpenSSL man3/PEM_read_CMS.pod 83cf7abf May 29 13:07:08 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2001-2004, 2009, 2013-2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 24 2021 $ -.Dt PEM_READ_BIO_PRIVATEKEY 3 -.Os -.Sh NAME -.Nm PEM_read_bio_PrivateKey , -.Nm PEM_read_PrivateKey , -.Nm PEM_write_bio_PrivateKey , -.Nm PEM_write_PrivateKey , -.Nm PEM_write_bio_PKCS8PrivateKey , -.Nm PEM_write_PKCS8PrivateKey , -.Nm PEM_write_bio_PKCS8PrivateKey_nid , -.Nm PEM_write_PKCS8PrivateKey_nid , -.Nm PEM_read_bio_PKCS8 , -.Nm PEM_read_PKCS8 , -.Nm PEM_write_bio_PKCS8 , -.Nm PEM_write_PKCS8 , -.Nm PEM_read_bio_PKCS8_PRIV_KEY_INFO , -.Nm PEM_read_PKCS8_PRIV_KEY_INFO , -.Nm PEM_write_bio_PKCS8_PRIV_KEY_INFO , -.Nm PEM_write_PKCS8_PRIV_KEY_INFO , -.Nm PEM_read_bio_PUBKEY , -.Nm PEM_read_PUBKEY , -.Nm PEM_write_bio_PUBKEY , -.Nm PEM_write_PUBKEY , -.Nm PEM_read_bio_RSAPrivateKey , -.Nm PEM_read_RSAPrivateKey , -.Nm PEM_write_bio_RSAPrivateKey , -.Nm PEM_write_RSAPrivateKey , -.Nm PEM_read_bio_RSAPublicKey , -.Nm PEM_read_RSAPublicKey , -.Nm PEM_write_bio_RSAPublicKey , -.Nm PEM_write_RSAPublicKey , -.Nm PEM_read_bio_RSA_PUBKEY , -.Nm PEM_read_RSA_PUBKEY , -.Nm PEM_write_bio_RSA_PUBKEY , -.Nm PEM_write_RSA_PUBKEY , -.Nm PEM_read_bio_DSAPrivateKey , -.Nm PEM_read_DSAPrivateKey , -.Nm PEM_write_bio_DSAPrivateKey , -.Nm PEM_write_DSAPrivateKey , -.Nm PEM_read_bio_DSA_PUBKEY , -.Nm PEM_read_DSA_PUBKEY , -.Nm PEM_write_bio_DSA_PUBKEY , -.Nm PEM_write_DSA_PUBKEY , -.Nm PEM_read_bio_DSAparams , -.Nm PEM_read_DSAparams , -.Nm PEM_write_bio_DSAparams , -.Nm PEM_write_DSAparams , -.Nm PEM_read_bio_DHparams , -.Nm PEM_read_DHparams , -.Nm PEM_write_bio_DHparams , -.Nm PEM_write_DHparams , -.Nm PEM_read_bio_ECPKParameters , -.Nm PEM_read_ECPKParameters , -.Nm PEM_write_bio_ECPKParameters , -.Nm PEM_write_ECPKParameters , -.Nm PEM_read_bio_ECPrivateKey , -.Nm PEM_read_ECPrivateKey , -.Nm PEM_write_bio_ECPrivateKey , -.Nm PEM_write_ECPrivateKey , -.Nm PEM_read_bio_EC_PUBKEY , -.Nm PEM_read_EC_PUBKEY , -.Nm PEM_write_bio_EC_PUBKEY , -.Nm PEM_write_EC_PUBKEY , -.Nm PEM_read_bio_X509 , -.Nm PEM_read_X509 , -.Nm PEM_write_bio_X509 , -.Nm PEM_write_X509 , -.Nm PEM_read_bio_X509_AUX , -.Nm PEM_read_X509_AUX , -.Nm PEM_write_bio_X509_AUX , -.Nm PEM_write_X509_AUX , -.Nm PEM_read_bio_X509_REQ , -.Nm PEM_read_X509_REQ , -.Nm PEM_write_bio_X509_REQ , -.Nm PEM_write_X509_REQ , -.Nm PEM_write_bio_X509_REQ_NEW , -.Nm PEM_write_X509_REQ_NEW , -.Nm PEM_read_bio_X509_CRL , -.Nm PEM_read_X509_CRL , -.Nm PEM_write_bio_X509_CRL , -.Nm PEM_write_X509_CRL , -.Nm PEM_read_bio_PKCS7 , -.Nm PEM_read_PKCS7 , -.Nm PEM_write_bio_PKCS7 , -.Nm PEM_write_PKCS7 , -.Nm PEM_read_bio_NETSCAPE_CERT_SEQUENCE , -.Nm PEM_read_NETSCAPE_CERT_SEQUENCE , -.Nm PEM_write_bio_NETSCAPE_CERT_SEQUENCE , -.Nm PEM_write_NETSCAPE_CERT_SEQUENCE , -.Nm PEM_read_CMS , -.Nm PEM_read_bio_CMS , -.Nm PEM_write_CMS , -.Nm PEM_write_bio_CMS -.Nd PEM routines -.Sh SYNOPSIS -.In openssl/pem.h -.Ft EVP_PKEY * -.Fo PEM_read_bio_PrivateKey -.Fa "BIO *bp" -.Fa "EVP_PKEY **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft EVP_PKEY * -.Fo PEM_read_PrivateKey -.Fa "FILE *fp" -.Fa "EVP_PKEY **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_PrivateKey -.Fa "BIO *bp" -.Fa "EVP_PKEY *x" -.Fa "const EVP_CIPHER *enc" -.Fa "unsigned char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_PrivateKey -.Fa "FILE *fp" -.Fa "EVP_PKEY *x" -.Fa "const EVP_CIPHER *enc" -.Fa "unsigned char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_PKCS8PrivateKey -.Fa "BIO *bp" -.Fa "EVP_PKEY *x" -.Fa "const EVP_CIPHER *enc" -.Fa "char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_PKCS8PrivateKey -.Fa "FILE *fp" -.Fa "EVP_PKEY *x" -.Fa "const EVP_CIPHER *enc" -.Fa "char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_PKCS8PrivateKey_nid -.Fa "BIO *bp" -.Fa "EVP_PKEY *x" -.Fa "int nid" -.Fa "char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_PKCS8PrivateKey_nid -.Fa "FILE *fp" -.Fa "EVP_PKEY *x" -.Fa "int nid" -.Fa "char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft X509_SIG * -.Fo PEM_read_bio_PKCS8 -.Fa "BIO *bp" -.Fa "X509_SIG **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft X509_SIG * -.Fo PEM_read_PKCS8 -.Fa "FILE *fp" -.Fa "X509_SIG **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_PKCS8 -.Fa "BIO *bp" -.Fa "X509_SIG *x" -.Fc -.Ft int -.Fo PEM_write_PKCS8 -.Fa "FILE *fp" -.Fa "X509_SIG *x" -.Fc -.Ft PKCS8_PRIV_KEY_INFO * -.Fo PEM_read_bio_PKCS8_PRIV_KEY_INFO -.Fa "BIO *bp" -.Fa "PKCS8_PRIV_KEY_INFO **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft PKCS8_PRIV_KEY_INFO * -.Fo PEM_read_PKCS8_PRIV_KEY_INFO -.Fa "FILE *fp" -.Fa "PKCS8_PRIV_KEY_INFO **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_PKCS8_PRIV_KEY_INFO -.Fa "BIO *bp" -.Fa "PKCS8_PRIV_KEY_INFO *x" -.Fc -.Ft int -.Fo PEM_write_PKCS8_PRIV_KEY_INFO -.Fa "FILE *fp" -.Fa "PKCS8_PRIV_KEY_INFO *x" -.Fc -.Ft EVP_PKEY * -.Fo PEM_read_bio_PUBKEY -.Fa "BIO *bp" -.Fa "EVP_PKEY **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft EVP_PKEY * -.Fo PEM_read_PUBKEY -.Fa "FILE *fp" -.Fa "EVP_PKEY **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_PUBKEY -.Fa "BIO *bp" -.Fa "EVP_PKEY *x" -.Fc -.Ft int -.Fo PEM_write_PUBKEY -.Fa "FILE *fp" -.Fa "EVP_PKEY *x" -.Fc -.Ft RSA * -.Fo PEM_read_bio_RSAPrivateKey -.Fa "BIO *bp" -.Fa "RSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft RSA * -.Fo PEM_read_RSAPrivateKey -.Fa "FILE *fp" -.Fa "RSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_RSAPrivateKey -.Fa "BIO *bp" -.Fa "RSA *x" -.Fa "const EVP_CIPHER *enc" -.Fa "unsigned char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_RSAPrivateKey -.Fa "FILE *fp" -.Fa "RSA *x" -.Fa "const EVP_CIPHER *enc" -.Fa "unsigned char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft RSA * -.Fo PEM_read_bio_RSAPublicKey -.Fa "BIO *bp" -.Fa "RSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft RSA * -.Fo PEM_read_RSAPublicKey -.Fa "FILE *fp" -.Fa "RSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_RSAPublicKey -.Fa "BIO *bp" -.Fa "RSA *x" -.Fc -.Ft int -.Fo PEM_write_RSAPublicKey -.Fa "FILE *fp" -.Fa "RSA *x" -.Fc -.Ft RSA * -.Fo PEM_read_bio_RSA_PUBKEY -.Fa "BIO *bp" -.Fa "RSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft RSA * -.Fo PEM_read_RSA_PUBKEY -.Fa "FILE *fp" -.Fa "RSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_RSA_PUBKEY -.Fa "BIO *bp" -.Fa "RSA *x" -.Fc -.Ft int -.Fo PEM_write_RSA_PUBKEY -.Fa "FILE *fp" -.Fa "RSA *x" -.Fc -.Ft DSA * -.Fo PEM_read_bio_DSAPrivateKey -.Fa "BIO *bp" -.Fa "DSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft DSA * -.Fo PEM_read_DSAPrivateKey -.Fa "FILE *fp" -.Fa "DSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_DSAPrivateKey -.Fa "BIO *bp" -.Fa "DSA *x" -.Fa "const EVP_CIPHER *enc" -.Fa "unsigned char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_DSAPrivateKey -.Fa "FILE *fp" -.Fa "DSA *x" -.Fa "const EVP_CIPHER *enc" -.Fa "unsigned char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft DSA * -.Fo PEM_read_bio_DSA_PUBKEY -.Fa "BIO *bp" -.Fa "DSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft DSA * -.Fo PEM_read_DSA_PUBKEY -.Fa "FILE *fp" -.Fa "DSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_DSA_PUBKEY -.Fa "BIO *bp" -.Fa "DSA *x" -.Fc -.Ft int -.Fo PEM_write_DSA_PUBKEY -.Fa "FILE *fp" -.Fa "DSA *x" -.Fc -.Ft DSA * -.Fo PEM_read_bio_DSAparams -.Fa "BIO *bp" -.Fa "DSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft DSA * -.Fo PEM_read_DSAparams -.Fa "FILE *fp" -.Fa "DSA **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_DSAparams -.Fa "BIO *bp" -.Fa "DSA *x" -.Fc -.Ft int -.Fo PEM_write_DSAparams -.Fa "FILE *fp" -.Fa "DSA *x" -.Fc -.Ft DH * -.Fo PEM_read_bio_DHparams -.Fa "BIO *bp" -.Fa "DH **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft DH * -.Fo PEM_read_DHparams -.Fa "FILE *fp" -.Fa "DH **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_DHparams -.Fa "BIO *bp" -.Fa "DH *x" -.Fc -.Ft int -.Fo PEM_write_DHparams -.Fa "FILE *fp" -.Fa "DH *x" -.Fc -.Ft EC_GROUP * -.Fo PEM_read_bio_ECPKParameters -.Fa "BIO *bp" -.Fa "EC_GROUP **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft EC_GROUP * -.Fo PEM_read_ECPKParameters -.Fa "FILE *fp" -.Fa "EC_GROUP **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_ECPKParameters -.Fa "BIO *bp" -.Fa "const EC_GROUP *x" -.Fc -.Ft int -.Fo PEM_write_ECPKParameters -.Fa "FILE *fp" -.Fa "const EC_GROUP *x" -.Fc -.Ft EC_KEY * -.Fo PEM_read_bio_ECPrivateKey -.Fa "BIO *bp" -.Fa "EC_KEY **key" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft EC_KEY * -.Fo PEM_read_ECPrivateKey -.Fa "FILE *fp" -.Fa "EC_KEY **eckey" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_ECPrivateKey -.Fa "BIO *bp" -.Fa "EC_KEY *x" -.Fa "const EVP_CIPHER *enc" -.Fa "unsigned char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_ECPrivateKey -.Fa "FILE *fp" -.Fa "EC_KEY *x" -.Fa "const EVP_CIPHER *enc" -.Fa "unsigned char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft EC_KEY * -.Fo PEM_read_bio_EC_PUBKEY -.Fa "BIO *bp" -.Fa "EC_KEY **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft EC_KEY * -.Fo PEM_read_EC_PUBKEY -.Fa "FILE *fp" -.Fa "EC_KEY **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_EC_PUBKEY -.Fa "BIO *bp" -.Fa "EC_KEY *x" -.Fc -.Ft int -.Fo PEM_write_EC_PUBKEY -.Fa "FILE *fp" -.Fa "EC_KEY *x" -.Fc -.Ft X509 * -.Fo PEM_read_bio_X509 -.Fa "BIO *bp" -.Fa "X509 **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft X509 * -.Fo PEM_read_X509 -.Fa "FILE *fp" -.Fa "X509 **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_X509 -.Fa "BIO *bp" -.Fa "X509 *x" -.Fc -.Ft int -.Fo PEM_write_X509 -.Fa "FILE *fp" -.Fa "X509 *x" -.Fc -.Ft X509 * -.Fo PEM_read_bio_X509_AUX -.Fa "BIO *bp" -.Fa "X509 **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft X509 * -.Fo PEM_read_X509_AUX -.Fa "FILE *fp" -.Fa "X509 **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_X509_AUX -.Fa "BIO *bp" -.Fa "X509 *x" -.Fc -.Ft int -.Fo PEM_write_X509_AUX -.Fa "FILE *fp" -.Fa "X509 *x" -.Fc -.Ft X509_REQ * -.Fo PEM_read_bio_X509_REQ -.Fa "BIO *bp" -.Fa "X509_REQ **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft X509_REQ * -.Fo PEM_read_X509_REQ -.Fa "FILE *fp" -.Fa "X509_REQ **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_X509_REQ -.Fa "BIO *bp" -.Fa "X509_REQ *x" -.Fc -.Ft int -.Fo PEM_write_X509_REQ -.Fa "FILE *fp" -.Fa "X509_REQ *x" -.Fc -.Ft int -.Fo PEM_write_bio_X509_REQ_NEW -.Fa "BIO *bp" -.Fa "X509_REQ *x" -.Fc -.Ft int -.Fo PEM_write_X509_REQ_NEW -.Fa "FILE *fp" -.Fa "X509_REQ *x" -.Fc -.Ft X509_CRL * -.Fo PEM_read_bio_X509_CRL -.Fa "BIO *bp" -.Fa "X509_CRL **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft X509_CRL * -.Fo PEM_read_X509_CRL -.Fa "FILE *fp" -.Fa "X509_CRL **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_X509_CRL -.Fa "BIO *bp" -.Fa "X509_CRL *x" -.Fc -.Ft int -.Fo PEM_write_X509_CRL -.Fa "FILE *fp" -.Fa "X509_CRL *x" -.Fc -.Ft PKCS7 * -.Fo PEM_read_bio_PKCS7 -.Fa "BIO *bp" -.Fa "PKCS7 **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft PKCS7 * -.Fo PEM_read_PKCS7 -.Fa "FILE *fp" -.Fa "PKCS7 **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_PKCS7 -.Fa "BIO *bp" -.Fa "PKCS7 *x" -.Fc -.Ft int -.Fo PEM_write_PKCS7 -.Fa "FILE *fp" -.Fa "PKCS7 *x" -.Fc -.Ft NETSCAPE_CERT_SEQUENCE * -.Fo PEM_read_bio_NETSCAPE_CERT_SEQUENCE -.Fa "BIO *bp" -.Fa "NETSCAPE_CERT_SEQUENCE **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft NETSCAPE_CERT_SEQUENCE * -.Fo PEM_read_NETSCAPE_CERT_SEQUENCE -.Fa "FILE *fp" -.Fa "NETSCAPE_CERT_SEQUENCE **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_bio_NETSCAPE_CERT_SEQUENCE -.Fa "BIO *bp" -.Fa "NETSCAPE_CERT_SEQUENCE *x" -.Fc -.Ft int -.Fo PEM_write_NETSCAPE_CERT_SEQUENCE -.Fa "FILE *fp" -.Fa "NETSCAPE_CERT_SEQUENCE *x" -.Fc -.In openssl/cms.h -.Ft CMS_ContentInfo * -.Fo PEM_read_CMS -.Fa "FILE *fp" -.Fa "CMS_ContentInfo **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft CMS_ContentInfo * -.Fo PEM_read_bio_CMS -.Fa "BIO *bp" -.Fa "CMS_ContentInfo **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo PEM_write_CMS -.Fa "FILE *fp" -.Fa "const CMS_ContentInfo *x" -.Fc -.Ft int -.Fo PEM_write_bio_CMS -.Fa "BIO *bp" -.Fa "const CMS_ContentInfo *x" -.Fc -.Sh DESCRIPTION -The PEM functions read or write structures in PEM format. -In this sense PEM format is simply base64-encoded data surrounded by -header lines; see -.Xr PEM_read 3 -for more details. -.Pp -For more details about the meaning of arguments see the -.Sx PEM function arguments -section. -.Pp -Each operation has four functions associated with it. -For brevity the term -.Dq Ar TYPE No functions -will be used to collectively refer to the -.Fn PEM_read_bio_TYPE , -.Fn PEM_read_TYPE , -.Fn PEM_write_bio_TYPE , -and -.Fn PEM_write_TYPE -functions. -If no set of specific functions exists for a given type, -.Xr PEM_ASN1_read 3 -can be used instead. -.Pp -The -.Sy PrivateKey -functions read or write a private key in PEM format using an -.Vt EVP_PKEY -structure. -The write routines use "traditional" private key format and can handle -both RSA and DSA private keys. -The read functions can additionally transparently handle PKCS#8 format -encrypted and unencrypted keys too. -.Pp -.Fn PEM_write_bio_PKCS8PrivateKey -and -.Fn PEM_write_PKCS8PrivateKey -write a private key in an -.Vt EVP_PKEY -structure in PKCS#8 -.Vt EncryptedPrivateKeyInfo -format using PKCS#5 v2.0 password based encryption algorithms. -The -.Fa enc -argument specifies the encryption algorithm to use: unlike all other PEM -routines, the encryption is applied at the PKCS#8 level and not in the -PEM headers. -If -.Fa enc -is -.Dv NULL , -then no encryption is used and a PKCS#8 -.Vt PrivateKeyInfo -structure is used instead. -.Pp -.Fn PEM_write_bio_PKCS8PrivateKey_nid -and -.Fn PEM_write_PKCS8PrivateKey_nid -also write out a private key as a PKCS#8 -.Vt EncryptedPrivateKeyInfo . -However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. -The algorithm to use is specified in the -.Fa nid -parameter and should be the NID of the corresponding OBJECT IDENTIFIER. -.Pp -The -.Sy PKCS8 -functions process an encrypted private key using an -.Vt X509_SIG -structure and the -.Xr d2i_X509_SIG 3 -function. -.Pp -The -.Sy PKCS8_PRIV_KEY_INFO -functions process a private key using a -.Vt PKCS8_PRIV_KEY_INFO -structure. -.Pp -The -.Sy PUBKEY -functions process a public key using an -.Vt EVP_PKEY -structure. -The public key is encoded as an ASN.1 -.Vt SubjectPublicKeyInfo -structure. -.Pp -The -.Sy RSAPrivateKey -functions process an RSA private key using an -.Vt RSA -structure. -They handle the same formats as the -.Sy PrivateKey -functions, but an error occurs if the private key is not RSA. -.Pp -The -.Sy RSAPublicKey -functions process an RSA public key using an -.Vt RSA -structure. -The public key is encoded using a PKCS#1 -.Vt RSAPublicKey -structure. -.Pp -The -.Sy RSA_PUBKEY -functions also process an RSA public key using an -.Vt RSA -structure. -However the public key is encoded using an ASN.1 -.Vt SubjectPublicKeyInfo -structure and an error occurs if the public key is not RSA. -.Pp -The -.Sy DSAPrivateKey -functions process a DSA private key using a -.Vt DSA -structure. -They handle the same formats as the -.Sy PrivateKey -functions but an error occurs if the private key is not DSA. -.Pp -The -.Sy DSA_PUBKEY -functions process a DSA public key using a -.Vt DSA -structure. -The public key is encoded using an ASN.1 -.Vt SubjectPublicKeyInfo -structure and an error occurs if the public key is not DSA. -.Pp -The -.Sy DSAparams -functions process DSA parameters using a -.Vt DSA -structure. -The parameters are encoded using a Dss-Parms structure as defined in RFC 2459. -.Pp -The -.Sy DHparams -functions process DH parameters using a -.Vt DH -structure. -The parameters are encoded using a PKCS#3 DHparameter structure. -.Pp -The -.Sy ECPKParameters -functions process EC parameters using an -.Vt EC_GROUP -structure and the -.Xr d2i_ECPKParameters 3 -function. -.Pp -The -.Sy ECPrivateKey -functions process an EC private key using an -.Vt EC_KEY -structure. -.Pp -The -.Sy EC_PUBKEY -functions process an EC public key using an -.Vt EC_KEY -structure. -.Pp -The -.Sy X509 -functions process an X509 certificate using an -.Vt X509 -structure. -They will also process a trusted X509 certificate but any trust settings -are discarded. -.Pp -The -.Sy X509_AUX -functions process a trusted X509 certificate using an -.Vt X509 -structure. -The -.Xr X509_check_trust 3 -manual explains how the auxiliary trust information is used. -.Pp -The -.Sy X509_REQ -and -.Sy X509_REQ_NEW -functions process a PKCS#10 certificate request using an -.Vt X509_REQ -structure. -The -.Sy X509_REQ -write functions use CERTIFICATE REQUEST in the header whereas the -.Sy X509_REQ_NEW -functions use NEW CERTIFICATE REQUEST (as required by some CAs). -The -.Sy X509_REQ -read functions will handle either form so there are no -.Sy X509_REQ_NEW -read functions. -.Pp -The -.Sy X509_CRL -functions process an X509 CRL using an -.Vt X509_CRL -structure. -.Pp -The -.Sy PKCS7 -functions process a PKCS#7 -.Vt ContentInfo -using a -.Vt PKCS7 -structure. -.Pp -The -.Sy NETSCAPE_CERT_SEQUENCE -functions process a Netscape Certificate Sequence using a -.Vt NETSCAPE_CERT_SEQUENCE -structure. -.Pp -The -.Sy CMS -functions process a -.Vt CMS_ContentInfo -structure. -.Pp -The old -.Sy PrivateKey -write routines are retained for compatibility. -New applications should write private keys using the -.Fn PEM_write_bio_PKCS8PrivateKey -or -.Fn PEM_write_PKCS8PrivateKey -routines because they are more secure (they use an iteration count of -2048 whereas the traditional routines use a count of 1) unless -compatibility with older versions of OpenSSL is important. -.Pp -The -.Sy PrivateKey -read routines can be used in all applications because they handle all -formats transparently. -.Ss PEM function arguments -The PEM functions have many common arguments. -.Pp -The -.Fa bp -parameter specifies the -.Vt BIO -to read from or write to. -.Pp -The -.Fa fp -parameter specifies the -.Vt FILE -pointer to read from or write to. -.Pp -The PEM read functions all take a pointer to pointer argument -.Fa x -and return a pointer of the same type. -If -.Fa x -is -.Dv NULL , -then the parameter is ignored. -If -.Fa x -is not -.Dv NULL -but -.Pf * Fa x -is -.Dv NULL , -then the structure returned will be written to -.Pf * Fa x . -If neither -.Fa x -nor -.Pf * Fa x -are -.Dv NULL , -then an attempt is made to reuse the structure at -.Pf * Fa x , -but see the -.Sx BUGS -and -.Sx EXAMPLES -sections. -Irrespective of the value of -.Fa x , -a pointer to the structure is always returned, or -.Dv NULL -if an error occurred. -.Pp -The PEM functions which write private keys take an -.Fa enc -parameter, which specifies the encryption algorithm to use. -Encryption is done at the PEM level. -If this parameter is set to -.Dv NULL , -then the private key is written in unencrypted form. -.Pp -The optional arguments -.Fa u -and -.Fa cb -are a passphrase used for encrypting a PEM structure -or a callback to obtain the passphrase; see -.Xr pem_password_cb 3 -for details. -.Pp -For the PEM write routines, if the -.Fa kstr -parameter is not -.Dv NULL , -then -.Fa klen -bytes at -.Fa kstr -are used as the passphrase and -.Fa cb -is ignored. -.Ss PEM encryption format -This old -.Sy PrivateKey -routines use a non-standard technique for encryption. -.Pp -The private key (or other data) takes the following form: -.Bd -literal -offset indent ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89 - -\&...base64 encoded data... ------END RSA PRIVATE KEY----- -.Ed -.Pp -The line beginning with -.Dq DEK-Info -contains two comma separated pieces of information: -the encryption algorithm name as used by -.Xr EVP_get_cipherbyname 3 -and an 8-byte salt encoded as a set of hexadecimal digits. -.Pp -After this is the base64-encoded encrypted data. -.Pp -The encryption key is determined using -.Xr EVP_BytesToKey 3 , -using the salt and an iteration count of 1. -The IV used is the value of the salt and *not* the IV returned by -.Xr EVP_BytesToKey 3 . -.Sh RETURN VALUES -The read routines return either a pointer to the structure read or -.Dv NULL -if an error occurred. -.Pp -The write routines return 1 for success or 0 for failure. -.Sh EXAMPLES -Although the PEM routines take several arguments, in almost all -applications most of them are set to 0 or -.Dv NULL . -.Pp -Read a certificate in PEM format from a -.Vt BIO : -.Bd -literal -offset indent -X509 *x; -x = PEM_read_bio_X509(bp, NULL, 0, NULL); -if (x == NULL) { - /* Error */ -} -.Ed -.Pp -Alternative method: -.Bd -literal -offset indent -X509 *x = NULL; -if (!PEM_read_bio_X509(bp, &x, 0, NULL)) { - /* Error */ -} -.Ed -.Pp -Write a certificate to a -.Vt BIO : -.Bd -literal -offset indent -if (!PEM_write_bio_X509(bp, x)) { - /* Error */ -} -.Ed -.Pp -Write an unencrypted private key to a -.Vt FILE : -.Bd -literal -offset indent -if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) { - /* Error */ -} -.Ed -.Pp -Write a private key (using traditional format) to a -.Vt BIO -using triple DES encryption; the pass phrase is prompted for: -.Bd -literal -offset indent -if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), - NULL, 0, 0, NULL)) { - /* Error */ -} -.Ed -.Pp -Write a private key (using PKCS#8 format) to a -.Vt BIO -using triple DES encryption, using the pass phrase "hello": -.Bd -literal -offset indent -if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), - NULL, 0, 0, "hello")) { - /* Error */ -} -.Ed -.Pp -Read a private key from a -.Vt BIO -using the pass phrase "hello": -.Bd -literal -offset indent -key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello"); -if (key == NULL) { - /* Error */ -} -.Ed -.Pp -Read a private key from a -.Vt BIO -using a pass phrase callback: -.Bd -literal -offset indent -key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); -if (key == NULL) { - /* Error */ -} -.Ed -.Pp -Skeleton pass phrase callback: -.Bd -literal -offset indent -int -pass_cb(char *buf, int size, int rwflag, void *u) -{ - char *tmp; - size_t len; - - /* We'd probably do something else if 'rwflag' is 1 */ - printf("Enter pass phrase for \e"%s\e"\en", u); - - /* - * Instead of the following line, get the passphrase - * from the user in some way. - */ - tmp = "hello"; - if (tmp == NULL) /* An error occurred. */ - return -1; - - len = strlen(tmp); - if (len == 0) /* Treat an empty passphrase as an error, too. */ - return -1; - - /* if too long, truncate */ - if (len > size) - len = size; - memcpy(buf, tmp, len); - return len; -} -.Ed -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr DSA_new 3 , -.Xr PEM_ASN1_read 3 , -.Xr PEM_bytes_read_bio 3 , -.Xr PEM_read 3 , -.Xr PEM_read_SSL_SESSION 3 , -.Xr PEM_write_bio_CMS_stream 3 , -.Xr PEM_write_bio_PKCS7_stream 3 , -.Xr PEM_X509_INFO_read 3 , -.Xr RSA_new 3 , -.Xr X509_CRL_new 3 , -.Xr X509_REQ_new 3 , -.Xr X509_SIG_new 3 -.Sh HISTORY -.Fn PEM_read_X509 -and -.Fn PEM_write_X509 -appeared in SSLeay 0.4 or earlier. -.Fn PEM_read_X509_REQ , -.Fn PEM_write_X509_REQ , -.Fn PEM_read_X509_CRL , -and -.Fn PEM_write_X509_CRL -first appeared in SSLeay 0.4.4. -.Fn PEM_read_RSAPrivateKey , -.Fn PEM_write_RSAPrivateKey , -.Fn PEM_read_DHparams , -.Fn PEM_write_DHparams , -.Fn PEM_read_PKCS7 , -and -.Fn PEM_write_PKCS7 -first appeared in SSLeay 0.5.1. -.Fn PEM_read_bio_PrivateKey , -.Fn PEM_read_PrivateKey , -.Fn PEM_read_bio_RSAPrivateKey , -.Fn PEM_write_bio_RSAPrivateKey , -.Fn PEM_read_bio_DSAPrivateKey , -.Fn PEM_read_DSAPrivateKey , -.Fn PEM_write_bio_DSAPrivateKey , -.Fn PEM_write_DSAPrivateKey , -.Fn PEM_read_bio_DHparams , -.Fn PEM_write_bio_DHparams , -.Fn PEM_read_bio_X509 , -.Fn PEM_write_bio_X509 , -.Fn PEM_read_bio_X509_REQ , -.Fn PEM_write_bio_X509_REQ , -.Fn PEM_read_bio_X509_CRL , -.Fn PEM_write_bio_X509_CRL , -.Fn PEM_read_bio_PKCS7 , -and -.Fn PEM_write_bio_PKCS7 -first appeared in SSLeay 0.6.0. -.Fn PEM_write_bio_PrivateKey , -.Fn PEM_write_PrivateKey , -.Fn PEM_read_bio_DSAparams , -.Fn PEM_read_DSAparams , -.Fn PEM_write_bio_DSAparams , -and -.Fn PEM_write_DSAparams -first appeared in SSLeay 0.8.0. -.Fn PEM_read_bio_RSAPublicKey , -.Fn PEM_read_RSAPublicKey , -.Fn PEM_write_bio_RSAPublicKey , -and -.Fn PEM_write_RSAPublicKey -first appeared in SSLeay 0.8.1. -All these functions have been available since -.Ox 2.4 . -.Pp -.Fn PEM_write_bio_PKCS8PrivateKey , -.Fn PEM_write_PKCS8PrivateKey , -.Fn PEM_read_bio_PKCS8 , -.Fn PEM_read_PKCS8 , -.Fn PEM_write_bio_PKCS8 , -.Fn PEM_write_PKCS8 , -.Fn PEM_read_bio_PKCS8_PRIV_KEY_INFO , -.Fn PEM_read_PKCS8_PRIV_KEY_INFO , -.Fn PEM_write_bio_PKCS8_PRIV_KEY_INFO , -.Fn PEM_write_PKCS8_PRIV_KEY_INFO , -.Fn PEM_read_bio_NETSCAPE_CERT_SEQUENCE , -.Fn PEM_read_NETSCAPE_CERT_SEQUENCE , -.Fn PEM_write_bio_NETSCAPE_CERT_SEQUENCE , -and -.Fn PEM_write_NETSCAPE_CERT_SEQUENCE -first appeared in OpenSSL 0.9.4 and have been available since -.Ox 2.6 . -.Pp -.Fn PEM_write_bio_PKCS8PrivateKey_nid , -.Fn PEM_write_PKCS8PrivateKey_nid , -.Fn PEM_read_bio_PUBKEY , -.Fn PEM_read_PUBKEY , -.Fn PEM_write_bio_PUBKEY , -.Fn PEM_write_PUBKEY , -.Fn PEM_read_bio_RSA_PUBKEY , -.Fn PEM_read_RSA_PUBKEY , -.Fn PEM_write_bio_RSA_PUBKEY , -.Fn PEM_write_RSA_PUBKEY , -.Fn PEM_read_bio_DSA_PUBKEY , -.Fn PEM_read_DSA_PUBKEY , -.Fn PEM_write_bio_DSA_PUBKEY , -.Fn PEM_write_DSA_PUBKEY , -.Fn PEM_write_bio_X509_REQ_NEW , -.Fn PEM_write_X509_REQ_NEW , -.Fn PEM_read_bio_X509_AUX , -.Fn PEM_read_X509_AUX , -.Fn PEM_write_bio_X509_AUX , -and -.Fn PEM_write_X509_AUX -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn PEM_read_bio_ECPKParameters , -.Fn PEM_read_ECPKParameters , -.Fn PEM_write_bio_ECPKParameters , -.Fn PEM_write_ECPKParameters , -.Fn PEM_read_bio_ECPrivateKey , -.Fn PEM_read_ECPrivateKey , -.Fn PEM_write_bio_ECPrivateKey , -.Fn PEM_write_ECPrivateKey , -.Fn PEM_read_bio_EC_PUBKEY , -.Fn PEM_read_EC_PUBKEY , -.Fn PEM_write_bio_EC_PUBKEY , -and -.Fn PEM_write_EC_PUBKEY -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn PEM_read_CMS , -.Fn PEM_read_bio_CMS , -.Fn PEM_write_CMS , -and -.Fn PEM_write_bio_CMS -first appeared in OpenSSL 0.9.8h and have been available since -.Ox 6.7 . -.Sh CAVEATS -A frequent cause of problems is attempting to use the PEM routines like -this: -.Bd -literal -offset indent -X509 *x; -PEM_read_bio_X509(bp, &x, 0, NULL); -.Ed -.Pp -This is a bug because an attempt will be made to reuse the data at -.Fa x , -which is an uninitialised pointer. -.Pp -These functions make no assumption regarding the pass phrase received -from the password callback. -It will simply be treated as a byte sequence. -.Sh BUGS -The PEM read routines in some versions of OpenSSL will not correctly -reuse an existing structure. -Therefore -.Pp -.Dl PEM_read_bio_X509(bp, &x, 0, NULL); -.Pp -where -.Fa x -already contains a valid certificate may not work, whereas -.Bd -literal -offset indent -X509_free(x); -x = PEM_read_bio_X509(bp, NULL, 0, NULL); -.Ed -.Pp -is guaranteed to work. diff --git a/src/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/src/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 deleted file mode 100644 index 0a6b4d31d8..0000000000 --- a/src/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 +++ /dev/null @@ -1,95 +0,0 @@ -.\" $OpenBSD: PEM_write_bio_CMS_stream.3,v 1.4 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt PEM_WRITE_BIO_CMS_STREAM 3 -.Os -.Sh NAME -.Nm PEM_write_bio_CMS_stream -.Nd output CMS_ContentInfo structure in PEM format -.Sh SYNOPSIS -.In openssl/cms.h -.Ft int -.Fo PEM_write_bio_CMS_stream -.Fa "BIO *out" -.Fa "CMS_ContentInfo *cms" -.Fa "BIO *data" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn PEM_write_bio_CMS_stream -outputs a -.Vt CMS_ContentInfo -structure in PEM format. -.Pp -It is otherwise identical to the function -.Xr SMIME_write_CMS 3 . -.Pp -This function is effectively a version of -.Xr PEM_write_bio_CMS 3 -supporting streaming. -.Sh RETURN VALUES -.Fn PEM_write_bio_CMS_stream -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_decrypt 3 , -.Xr CMS_encrypt 3 , -.Xr CMS_sign 3 , -.Xr CMS_verify 3 , -.Xr ERR_get_error 3 , -.Xr i2d_CMS_bio_stream 3 , -.Xr PEM_write 3 , -.Xr SMIME_write_CMS 3 -.Sh HISTORY -.Fn PEM_write_bio_CMS_stream -first appeared in OpenSSL 1.0.0 -and has been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/src/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 deleted file mode 100644 index dba2a42a70..0000000000 --- a/src/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 +++ /dev/null @@ -1,90 +0,0 @@ -.\" $OpenBSD: PEM_write_bio_PKCS7_stream.3,v 1.10 2020/06/03 13:41:27 schwarze Exp $ -.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2007, 2009, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 3 2020 $ -.Dt PEM_WRITE_BIO_PKCS7_STREAM 3 -.Os -.Sh NAME -.Nm PEM_write_bio_PKCS7_stream -.Nd output PKCS7 structure in PEM format -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft int -.Fo PEM_write_bio_PKCS7_stream -.Fa "BIO *out" -.Fa "PKCS7 *p7" -.Fa "BIO *data" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn PEM_write_bio_PKCS7_stream -outputs a PKCS7 structure in PEM format. -.Pp -It is otherwise identical to the function -.Xr SMIME_write_PKCS7 3 . -.Pp -This function is effectively a version of -.Xr PEM_write_bio_PKCS7 3 -supporting streaming. -.Sh RETURN VALUES -Upon successful completion, 1 is returned; -otherwise 0 is returned and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr i2d_PKCS7_bio_stream 3 , -.Xr PEM_write_PKCS7 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_new 3 , -.Xr SMIME_write_PKCS7 3 -.Sh HISTORY -.Fn PEM_write_bio_PKCS7_stream -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 b/src/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 deleted file mode 100644 index e7d20ea7f6..0000000000 --- a/src/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 +++ /dev/null @@ -1,104 +0,0 @@ -.\" $OpenBSD: PKCS12_SAFEBAG_new.3,v 1.4 2019/06/06 01:06:58 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt PKCS12_SAFEBAG_NEW 3 -.Os -.Sh NAME -.Nm PKCS12_SAFEBAG_new , -.Nm PKCS12_SAFEBAG_free , -.Nm PKCS12_BAGS_new , -.Nm PKCS12_BAGS_free -.Nd PKCS#12 container for one piece of information -.Sh SYNOPSIS -.In openssl/pkcs12.h -.Ft PKCS12_SAFEBAG * -.Fn PKCS12_SAFEBAG_new void -.Ft void -.Fn PKCS12_SAFEBAG_free "PKCS12_SAFEBAG *safebag" -.Ft PKCS12_BAGS * -.Fn PKCS12_BAGS_new void -.Ft void -.Fn PKCS12_BAGS_free "PKCS12_BAGS *bag" -.Sh DESCRIPTION -.Fn PKCS12_SAFEBAG_new -allocates and initializes an empty -.Vt PKCS12_SAFEBAG -object, representing an ASN.1 -.Vt SafeBag -structure defined in RFC 7292 section 4.2. -It can hold a pointer to a -.Vt PKCS12_BAGS -object together with a type identifier and optional attributes. -.Fn PKCS12_SAFEBAG_free -frees -.Fa safebag . -.Pp -.Fn PKCS12_BAGS_new -allocates and initializes an empty -.Vt PKCS12_BAGS -object, representing the bagValue field of an ASN.1 -.Vt SafeBag -structure. -It is used in -.Vt PKCS12_SAFEBAG -and can hold a DER-encoded X.509 certificate, -a base64-encoded SDSI certificate, -a DER-encoded X.509 CRL, -or other user-defined information. -.Pp -If an instance of -.Vt PKCS12_SAFEBAG -contains -.Vt PKCS8_PRIV_KEY_INFO , -.Vt X509_SIG , -or nested -.Vt PKCS12_SAFEBAG -objects, the respective pointers are stored directly in the -.Vt PKCS12_SAFEBAG -object rather than in the contained -.Vt PKCS12_BAGS -object as required by RFC 7292. -.Sh RETURN VALUES -.Fn PKCS12_SAFEBAG_new -and -.Fn PKCS12_BAGS_new -return the new -.Vt PKCS12_SAFEBAG -or -.Vt PKCS12_BAGS -object, respectively, or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr PKCS12_create 3 , -.Xr PKCS12_new 3 , -.Xr PKCS8_PRIV_KEY_INFO_new 3 , -.Xr X509_ATTRIBUTE_new 3 , -.Xr X509_CRL_new 3 , -.Xr X509_new 3 , -.Xr X509_SIG_new 3 -.Sh STANDARDS -RFC 7292: PKCS #12: Personal Information Exchange Syntax, -section 4.2: The SafeBag Type -.Sh HISTORY -.Fn PKCS12_SAFEBAG_new , -.Fn PKCS12_SAFEBAG_free , -.Fn PKCS12_BAGS_new , -and -.Fn PKCS12_BAGS_free -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/PKCS12_create.3 b/src/lib/libcrypto/man/PKCS12_create.3 deleted file mode 100644 index 1f44ef9b67..0000000000 --- a/src/lib/libcrypto/man/PKCS12_create.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" $OpenBSD: PKCS12_create.3,v 1.10 2021/07/09 12:07:27 schwarze Exp $ -.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 9 2021 $ -.Dt PKCS12_CREATE 3 -.Os -.Sh NAME -.Nm PKCS12_create -.Nd create a PKCS#12 structure -.Sh SYNOPSIS -.In openssl/pkcs12.h -.Ft PKCS12 * -.Fo PKCS12_create -.Fa "const char *pass" -.Fa "const char *name" -.Fa "EVP_PKEY *pkey" -.Fa "X509 *cert" -.Fa "STACK_OF(X509) *ca" -.Fa "int nid_key" -.Fa "int nid_cert" -.Fa "int iter" -.Fa "int mac_iter" -.Fa "int keytype" -.Fc -.Sh DESCRIPTION -.Fn PKCS12_create -creates a PKCS#12 structure. -.Pp -.Fa pass -is the passphrase to use. -.Fa name -is the -.Sy friendlyName -to use for the supplied certificate and key. -.Fa pkey -is the private key to include in the structure and -.Fa cert -its corresponding certificates. -.Fa ca -is an optional set of certificates to also include in the structure. -.Fa pkey , -.Fa cert , -or both can be -.Dv NULL -to indicate that no key or certificate is required. -.Pp -.Fa nid_key -and -.Fa nid_cert -are the encryption algorithms that should be used for the key and -certificate, respectively. -If either -.Fa nid_key -or -.Fa nid_cert -is set to -1, no encryption will be used. -.Pp -.Fa iter -is the encryption algorithm iteration count to use and -.Fa mac_iter -is the MAC iteration count to use. -If -.Fa mac_iter -is set to -1, the MAC will be omitted entirely. -.Pp -.Fa keytype -is the type of key. -.Pp -The parameters -.Fa nid_key , -.Fa nid_cert , -.Fa iter , -.Fa mac_iter , -and -.Fa keytype -can all be set to zero and sensible defaults will be used. -.Pp -These defaults are: 40-bit RC2 encryption for certificates, triple DES -encryption for private keys, a key iteration count of -PKCS12_DEFAULT_ITER (currently 2048) and a MAC iteration count of 1. -.Pp -The default MAC iteration count is 1 in order to retain compatibility -with old software which did not interpret MAC iteration counts. -If such compatibility is not required then -.Fa mac_iter -should be set to PKCS12_DEFAULT_ITER. -.Pp -.Fa keytype -adds a flag to the store private key. -This is a non-standard extension that is only currently interpreted by -MSIE. -If set to zero the flag is omitted; if set to -.Dv KEY_SIG -the key can be used for signing only; and if set to -.Dv KEY_EX -it can be used for signing and encryption. -This option was useful for old export grade software which could use -signing only keys of arbitrary size but had restrictions on the -permissible sizes of keys which could be used for encryption. -.Pp -If a certificate contains an -.Sy alias -or -.Sy keyid -then this will be used for the corresponding -.Sy friendlyName -or -.Sy localKeyID -in the PKCS12 structure. -.Sh RETURN VALUES -.Fn PKCS12_create -returns a valid -.Vt PKCS12 -structure or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr crypto 3 , -.Xr d2i_PKCS12 3 , -.Xr PKCS12_new 3 , -.Xr PKCS12_newpass 3 , -.Xr PKCS12_parse 3 , -.Xr PKCS12_SAFEBAG_new 3 , -.Xr X509_keyid_set1 3 -.Sh HISTORY -.Fn PKCS12_create -first appeared in OpenSSL 0.9.3 and has been available since -.Ox 2.6 . -.Pp -Before OpenSSL 0.9.8, neither -.Fa pkey -nor -.Fa cert -were allowed to be -.Dv NULL , -and a value of -1 was not allowed for -.Fa nid_key , -.Fa nid_cert , -and -.Fa mac_iter . diff --git a/src/lib/libcrypto/man/PKCS12_new.3 b/src/lib/libcrypto/man/PKCS12_new.3 deleted file mode 100644 index c7ccdb4911..0000000000 --- a/src/lib/libcrypto/man/PKCS12_new.3 +++ /dev/null @@ -1,99 +0,0 @@ -.\" $OpenBSD: PKCS12_new.3,v 1.4 2019/06/06 01:06:58 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt PKCS12_NEW 3 -.Os -.Sh NAME -.Nm PKCS12_new , -.Nm PKCS12_free , -.Nm PKCS12_MAC_DATA_new , -.Nm PKCS12_MAC_DATA_free -.Nd PKCS#12 personal information exchange (PFX) -.Sh SYNOPSIS -.In openssl/pkcs12.h -.Ft PKCS12 * -.Fn PKCS12_new void -.Ft void -.Fn PKCS12_free "PKCS12 *pfx" -.Ft PKCS12_MAC_DATA * -.Fn PKCS12_MAC_DATA_new void -.Ft void -.Fn PKCS12_MAC_DATA_free "PKCS12_MAC_DATA *mac_data" -.Sh DESCRIPTION -.Fn PKCS12_new -allocates and initializes an empty -.Vt PKCS12 -object, representing an ASN.1 -.Vt PFX -.Pq personal information exchange -structure defined in RFC 7292 section 4. -It can hold a pointer to a -.Vt PKCS7 -object described in -.Xr PKCS7_new 3 -and optionally an instance of -.Vt PKCS12_MAC_DATA -described below. -.Fn PKCS12_free -frees -.Fa pfx . -.Pp -.Fn PKCS12_MAC_DATA_new -allocates and initializes an empty -.Vt PKCS12_MAC_DATA -object, representing an ASN.1 -.Vt MacData -structure defined in RFC 7292 section 4. -It is used inside -.Vt PKCS12 -and can hold a pointer to an -.Vt X509_SIG -object described in -.Xr X509_SIG_new 3 -together with a salt value and an iteration count. -.Fn PKCS12_MAC_DATA_free -frees -.Fa mac_data . -.Sh RETURN VALUES -.Fn PKCS12_new -and -.Fn PKCS12_MAC_DATA_new -return the new -.Vt PKCS12 -or -.Vt PKCS12_MAC_DATA -object, respectively, or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_PKCS12 3 , -.Xr PKCS12_create 3 , -.Xr PKCS12_newpass 3 , -.Xr PKCS12_parse 3 , -.Xr PKCS12_SAFEBAG_new 3 , -.Xr PKCS7_new 3 , -.Xr X509_SIG_new 3 -.Sh STANDARDS -RFC 7292: PKCS #12: Personal Information Exchange Syntax -.Sh HISTORY -.Fn PKCS12_new , -.Fn PKCS12_free , -.Fn PKCS12_MAC_DATA_new , -and -.Fn PKCS12_MAC_DATA_free -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/PKCS12_newpass.3 b/src/lib/libcrypto/man/PKCS12_newpass.3 deleted file mode 100644 index b5642c96ea..0000000000 --- a/src/lib/libcrypto/man/PKCS12_newpass.3 +++ /dev/null @@ -1,155 +0,0 @@ -.\" $OpenBSD: PKCS12_newpass.3,v 1.4 2019/06/14 13:59:32 schwarze Exp $ -.\" OpenSSL c95a8b4e May 5 14:26:26 2016 +0100 -.\" -.\" This file was written by Jeffrey Walton . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt PKCS12_NEWPASS 3 -.Os -.Sh NAME -.Nm PKCS12_newpass -.Nd change the password of a PKCS#12 structure -.Sh SYNOPSIS -.In openssl/pkcs12.h -.Ft int -.Fo PKCS12_newpass -.Fa "PKCS12 *p12" -.Fa "const char *oldpass" -.Fa "const char *newpass" -.Fc -.Sh DESCRIPTION -.Fn PKCS12_newpass -changes the password of a PKCS#12 structure. -.Pp -.Fa p12 -is a pointer to a PKCS#12 structure. -.Fa oldpass -is the existing password and -.Fa newpass -is the new password. -.Pp -If the PKCS#12 structure does not have a password, use the empty -string -.Qq \& -for -.Fa oldpass . -Passing -.Dv NULL -for -.Fa oldpass -results in a -.Fn PKCS12_newpass -failure. -.Pp -If the wrong password is used for -.Fa oldpass , -the function will fail with a MAC verification error. -In rare cases, the PKCS#12 structure does not contain a MAC: -in this case it will usually fail with a decryption padding error. -.Sh RETURN VALUES -Upon successful completion, 1 is returned; -otherwise 0 is returned and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Sh EXAMPLES -This example loads a PKCS#12 file, changes its password, -and writes out the result to a new file. -.Bd -literal -#include -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - FILE *fp; - PKCS12 *p12; - if (argc != 5) { - fprintf(stderr, - "Usage: pkread p12file password newpass opfile\en"); - return 1; - } - if ((fp = fopen(argv[1], "rb")) == NULL) { - fprintf(stderr, "Error opening file %s\en", argv[1]); - return 1; - } - p12 = d2i_PKCS12_fp(fp, NULL); - fclose(fp); - if (p12 == NULL) { - fprintf(stderr, "Error reading PKCS#12 file\en"); - ERR_print_errors_fp(stderr); - return 1; - } - if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { - fprintf(stderr, "Error changing password\en"); - ERR_print_errors_fp(stderr); - PKCS12_free(p12); - return 1; - } - if ((fp = fopen(argv[4], "wb")) == NULL) { - fprintf(stderr, "Error opening file %s\en", argv[4]); - PKCS12_free(p12); - return 1; - } - i2d_PKCS12_fp(fp, p12); - PKCS12_free(p12); - fclose(fp); - return 0; -} -.Ed -.Sh SEE ALSO -.Xr PKCS12_create 3 , -.Xr PKCS12_new 3 -.Sh HISTORY -.Fn PKCS12_newpass -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Sh BUGS -The password format is a NUL terminated ASCII string which is -converted to Unicode form internally. -As a result, some passwords cannot be supplied to this function. diff --git a/src/lib/libcrypto/man/PKCS12_parse.3 b/src/lib/libcrypto/man/PKCS12_parse.3 deleted file mode 100644 index 4e92d303c7..0000000000 --- a/src/lib/libcrypto/man/PKCS12_parse.3 +++ /dev/null @@ -1,145 +0,0 @@ -.\" $OpenBSD: PKCS12_parse.3,v 1.7 2021/07/09 12:07:27 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2009 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 9 2021 $ -.Dt PKCS12_PARSE 3 -.Os -.Sh NAME -.Nm PKCS12_parse -.Nd parse a PKCS#12 structure -.Sh SYNOPSIS -.In openssl/pkcs12.h -.Ft int -.Fo PKCS12_parse -.Fa "PKCS12 *p12" -.Fa "const char *pass" -.Fa "EVP_PKEY **pkey" -.Fa "X509 **cert" -.Fa "STACK_OF(X509) **ca" -.Fc -.Sh DESCRIPTION -.Fn PKCS12_parse -parses a PKCS12 structure. -.Pp -.Fa p12 -is the -.Vt PKCS12 -structure to parse. -.Fa pass -is the passphrase to use. -If successful, the private key will be written to -.Pf * Fa pkey , -the corresponding certificate to -.Pf * Fa cert , -and any additional certificates to -.Pf * Fa ca . -.Pp -The parameters -.Fa pkey -and -.Fa cert -cannot be -.Dv NULL . -.Fa ca -can be -.Dv NULL , -in which case additional certificates will be discarded. -.Pf * Fa ca -can also be a valid STACK, in which case additional certificates are -appended to -.Pf * Fa ca . -If -.Pf * Fa ca -is -.Dv NULL , -a new STACK will be allocated. -.Pp -The -.Sy friendlyName -and -.Sy localKeyID -attributes (if present) of each certificate will be stored in the -.Fa alias -and -.Fa keyid -attributes of the -.Vt X509 -structure. -.Sh RETURN VALUES -.Fn PKCS12_parse -returns 1 for success and 0 if an error occurred. -.Pp -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr d2i_PKCS12 3 , -.Xr PKCS12_create 3 , -.Xr PKCS12_new 3 , -.Xr X509_keyid_set1 3 -.Sh HISTORY -.Fn PKCS12_parse -first appeared in OpenSSL 0.9.3 and has been available since -.Ox 2.6 . -.Sh BUGS -Only a single private key and corresponding certificate is returned by -this function. -More complex PKCS#12 files with multiple private keys will only return -the first match. -.Pp -Only -.Sy friendlyName -and -.Sy localKeyID -attributes are currently stored in certificates. -Other attributes are discarded. -.Pp -Attributes currently cannot be stored in the private key -.Vt EVP_PKEY -structure. diff --git a/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 b/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 deleted file mode 100644 index 3a448b92a7..0000000000 --- a/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 +++ /dev/null @@ -1,163 +0,0 @@ -.\" $OpenBSD: PKCS5_PBKDF2_HMAC.3,v 1.9 2019/06/07 20:46:25 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Jeffrey Walton . -.\" Copyright (c) 2014, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 7 2019 $ -.Dt PKCS5_PBKDF2_HMAC 3 -.Os -.Sh NAME -.Nm PKCS5_PBKDF2_HMAC , -.Nm PKCS5_PBKDF2_HMAC_SHA1 -.Nd password based derivation routines with salt and iteration count -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo PKCS5_PBKDF2_HMAC -.Fa "const char *pass" -.Fa "int passlen" -.Fa "const unsigned char *salt" -.Fa "int saltlen" -.Fa "int iter" -.Fa "const EVP_MD *digest" -.Fa "int keylen" -.Fa "unsigned char *out" -.Fc -.Ft int -.Fo PKCS5_PBKDF2_HMAC_SHA1 -.Fa "const char *pass" -.Fa "int passlen" -.Fa "const unsigned char *salt" -.Fa "int saltlen" -.Fa "int iter" -.Fa "int keylen" -.Fa "unsigned char *out" -.Fc -.Sh DESCRIPTION -.Fn PKCS5_PBKDF2_HMAC -derives a key from a password using a salt and iteration count as -specified in RFC 2898. -.Pp -.Fa pass -is the password used in the derivation of length -.Fa passlen . -.Fa pass -is an optional parameter and can be -.Dv NULL . -If -.Fa passlen -is -1, then the function will calculate the length of -.Fa pass -using -.Xr strlen 3 . -.Pp -.Fa salt -is the salt used in the derivation of length -.Fa saltlen . -If the -.Fa salt -is -.Dv NULL , -then -.Fa saltlen -must be 0. -The function will not attempt to calculate the length of the -.Fa salt -because it is not assumed to be NUL terminated. -.Pp -.Fa iter -is the iteration count and its value should be greater than or equal to 1. -RFC 2898 suggests an iteration count of at least 1000. -Any -.Fa iter -less than 1 is treated as a single iteration. -.Pp -.Fa digest -is the message digest function used in the derivation. -Values include any of the EVP_* message digests. -.Fn PKCS5_PBKDF2_HMAC_SHA1 -calls -.Fn PKCS5_PBKDF2_HMAC -with -.Xr EVP_sha1 3 . -.Pp -The derived key will be written to -.Fa out . -The size of the -.Fa out -buffer is specified via -.Fa keylen . -.Pp -A typical application of this function is to derive keying material for -an encryption algorithm from a password in the -.Fa pass , -a salt in -.Fa salt , -and an iteration count. -.Pp -Increasing the -.Fa iter -parameter slows down the algorithm which makes it harder for an attacker -to perform a brute force attack using a large number of candidate -passwords. -.Sh RETURN VALUES -.Fn PKCS5_PBKDF2_HMAC -and -.Fn PBKCS5_PBKDF2_HMAC_SHA1 -return 1 on success or 0 on error. -.Sh SEE ALSO -.Xr EVP_BytesToKey 3 , -.Xr EVP_DigestInit 3 -.Sh HISTORY -.Fn PKCS5_PBKDF2_HMAC_SHA1 -first appeared in OpenSSL 0.9.4 and has been available since -.Ox 2.6 . -.Pp -.Fn PKCS5_PBKDF2_HMAC -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/PKCS7_add_attribute.3 b/src/lib/libcrypto/man/PKCS7_add_attribute.3 deleted file mode 100644 index 4a1c350f98..0000000000 --- a/src/lib/libcrypto/man/PKCS7_add_attribute.3 +++ /dev/null @@ -1,365 +0,0 @@ -.\" $OpenBSD: PKCS7_add_attribute.3,v 1.3 2020/06/10 11:39:12 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 10 2020 $ -.Dt PKCS7_ADD_ATTRIBUTE 3 -.Os -.Sh NAME -.Nm PKCS7_add_attribute , -.Nm PKCS7_set_attributes , -.Nm PKCS7_get_attribute , -.Nm PKCS7_add_signed_attribute , -.Nm PKCS7_set_signed_attributes , -.Nm PKCS7_get_signed_attribute , -.Nm PKCS7_add_attrib_content_type , -.Nm PKCS7_add1_attrib_digest , -.Nm PKCS7_add0_attrib_signing_time , -.Nm PKCS7_add_attrib_smimecap -.Nd attributes of SignerInfo objects -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft int -.Fo PKCS7_add_attribute -.Fa "PKCS7_SIGNER_INFO *si" -.Fa "int nid" -.Fa "int attrtype" -.Fa "void *value" -.Fc -.Ft int -.Fo PKCS7_set_attributes -.Fa "PKCS7_SIGNER_INFO *si" -.Fa "STACK_OF(X509_ATTRIBUTE) *sk" -.Fc -.Ft ASN1_TYPE * -.Fo PKCS7_get_attribute -.Fa "PKCS7_SIGNER_INFO *si" -.Fa "int nid" -.Fc -.Ft int -.Fo PKCS7_add_signed_attribute -.Fa "PKCS7_SIGNER_INFO *si" -.Fa "int nid" -.Fa "int attrtype" -.Fa "void *value" -.Fc -.Ft int -.Fo PKCS7_set_signed_attributes -.Fa "PKCS7_SIGNER_INFO *si" -.Fa "STACK_OF(X509_ATTRIBUTE) *sk" -.Fc -.Ft ASN1_TYPE * -.Fo PKCS7_get_signed_attribute -.Fa "PKCS7_SIGNER_INFO *si" -.Fa "int nid" -.Fc -.Ft int -.Fo PKCS7_add_attrib_content_type -.Fa "PKCS7_SIGNER_INFO *si" -.Fa "ASN1_OBJECT *coid" -.Fc -.Ft int -.Fo PKCS7_add1_attrib_digest -.Fa "PKCS7_SIGNER_INFO *si" -.Fa "const unsigned char *md" -.Fa "int mdlen" -.Fc -.Ft int -.Fo PKCS7_add0_attrib_signing_time -.Fa "PKCS7_SIGNER_INFO *si" -.Fa "ASN1_TIME *t" -.Fc -.Ft int -.Fo PKCS7_add_attrib_smimecap -.Fa "PKCS7_SIGNER_INFO *si" -.Fa "STACK_OF(X509_ALGOR) *cap" -.Fc -.Sh DESCRIPTION -.Fn PKCS7_add_attribute -appends a new attribute of type -.Fa nid -to the -.Fa unauthenticatedAttributes -list of -.Fa si , -and it adds a new ASN.1 ANY object of type -.Fa attrtype -with the given -.Fa value -to the new attribute. -Ownership of the -.Fa value -is transferred into the new attribute object, so the calling code -must not -.Xr free 3 -the -.Fa value . -If the list already contains an unauthenticated attribute of type -.Fa nid -before the call, the new attribute replaces the old one -instead of being appended to the end of the list. -.Pp -.Fn PKCS7_set_attributes -frees the -.Fa unauthenticatedAttributes -list of -.Fa si -and all the attributes contained in it and replaces it with a deep copy of -.Fa sk . -.Pp -.Fn PKCS7_get_attribute -retrieves the first ASN.1 ANY member of the attribute of type -.Fa nid -from the -.Fa unauthenticatedAttributes -list of -.Fa si . -.Pp -The behaviour of -.Fn PKCS7_add_signed_attribute , -.Fn PKCS7_set_signed_attributes , -and -.Fn PKCS7_get_signed_attribute -is identical except that they operate on the list of -.Fa authenticatedAttributes . -.Pp -The normal way to use -.Fn PKCS7_add_signed_attribute -is to first create a -.Vt SignedInfo -object with -.Xr PKCS7_sign 3 -using the -.Dv PKCS7_PARTIAL -or -.Dv PKCS7_STREAM -flag, retrieve the -.Vt PKCS7_SIGNER_INFO -object with -.Xr PKCS7_get_signer_info 3 -or add an additional one with -.Xr PKCS7_sign_add_signer 3 , -call -.Fn PKCS7_add_signed_attribute -for each desired additional attribute, then do the signing with -.Xr PKCS7_final 3 -or with another finalizing function. -.Pp -The four remaining functions are wrappers around -.Fn PKCS7_add_signed_attribute . -.Pp -.Fn PKCS7_add_attrib_content_type -sets the -.Dv NID_pkcs9_contentType -attribute to -.Fa coid , -which specifies the content type of the -.Vt ContentInfo -value to be signed. -This attribute is mandatory and automatically added by -.Xr PKCS7_sign 3 -and -.Xr PKCS7_sign_add_signer 3 -unless the -.Dv PKCS7_NOATTR -flag is present. -Objects suitable as -.Fa coid -arguments can for example be obtained with -.Xr OBJ_nid2obj 3 . -If -.Fa coid -is -.Dv NULL , -the content type defaults to -.Dv NID_pkcs7_data . -.Pp -.Fn PKCS7_add1_attrib_digest -sets or replaces the -.Dv NID_pkcs9_messageDigest -attribute, which is the message digest of the contents octets -of the DER-encoding of the content field of the -.Vt ContentInfo -value being signed, to a copy of -.Fa md , -which is assumed to be -.Fa mdlen -bytes long. -If -.Fa mdlen -is -1, then -.Fn strlen md -is used instead of -.Fa mdlen . -This attribute is mandatory and automatically added by -.Xr PKCS7_dataFinal 3 -and -.Xr PKCS7_final 3 . -.Pp -.Fn PKCS7_add0_attrib_signing_time -sets or replaces the optional -.Dv NID_pkcs9_signingTime -attribute to -.Fa t , -specifying the time at which the signer performed the signing process. -Ownership of -.Fa t -is transferred into the new attribute object, so the calling code -must not -.Xr free 3 -.Fa t . -If -.Fa t -is -.Dv NULL , -a new -.Vt ASN1_TIME -structure is allocated. -This attribute is automatically added by -.Xr PKCS7_dataFinal 3 -and -.Xr PKCS7_final 3 . -.Pp -.Fn PKCS7_add_attrib_smimecap -sets or replaces the optional -.Dv NID_SMIMECapabilities -attribute, indicating algorithms the sender is prepared to handle. -The -.Fa cap -pointer is not stored in the new attribute object and can be passed to -.Fn sk_X509_ALGOR_pop_free -after the call. -This attribute is automatically added by -.Xr PKCS7_sign 3 -and -.Xr PKCS7_sign_add_signer 3 -unless the -.Dv PKCS7_NOATTR -or -.Dv PKCS7_NOSMIMECAP -flag is present. -.Sh RETURN VALUES -.Fn PKCS7_add_attribute , -.Fn PKCS7_set_attributes , -.Fn PKCS7_add_signed_attribute , -.Fn PKCS7_set_signed_attributes , -.Fn PKCS7_add_attrib_content_type , -.Fn PKCS7_add1_attrib_digest , -.Fn PKCS7_add0_attrib_signing_time , -and -.Fn PKCS7_add_attrib_smimecap -return 1 on success or 0 on failure. -The most common reason for failure is lack of memory. -.Fn PKCS7_add_attribute -and -.Fn PKCS7_add_signed_attribute -also fail if -.Fa nid -is invalid, and -.Fn PKCS7_add_attrib_content_type -if -.Fa si -already contains an authenticated attribute of type -.Dv NID_pkcs9_contentType . -.Pp -.Fn PKCS7_get_attribute -and -.Fn PKCS7_get_signed_attribute -return an internal pointer to an ASN.1 ANY object or -.Dv NULL -on failure. -They fail if -.Fa nid -is invalid, if the respective list in -.Fa si -contains no attribute of the requested type, or if an invalid element -is found in the list before finding the attribute of the requested type. -.Sh SEE ALSO -.Xr ASN1_TIME_new 3 , -.Xr ASN1_TYPE_new 3 , -.Xr OBJ_nid2obj 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_get_signer_info 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_sign 3 , -.Xr PKCS7_sign_add_signer 3 , -.Xr STACK_OF 3 , -.Xr X509_ALGOR_new 3 , -.Xr X509_ATTRIBUTE_new 3 -.Sh STANDARDS -RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5, -section 9.2: SignerInfo type -.Pp -RFC 2985: PKCS #9: Selected Object Classes and Attribute Types Version 2.0, -section 5.3: Attribute types for use in PKCS #7 data -and section 5.6: Attributes defined in S/MIME -.Pp -RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME) -Version 4.0 Message Specification, -section 2.5.2: SMIMECapabilities Attribute -.Sh HISTORY -.Fn PKCS7_add_attribute , -.Fn PKCS7_set_attributes , -.Fn PKCS7_get_attribute , -.Fn PKCS7_add_signed_attribute , -.Fn PKCS7_set_signed_attributes , -and -.Fn PKCS7_get_signed_attribute -first appeared in OpenSSL 0.9.1 and have been available since -.Ox 2.6 . -.Pp -.Fn PKCS7_add_attrib_smimecap -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn PKCS7_add_attrib_content_type , -.Fn PKCS7_add1_attrib_digest , -and -.Fn PKCS7_add0_attrib_signing_time -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Sh CAVEATS -.Fn PKCS7_set_signed_attributes -does not validate that -.Fa sk -contains the PKCS #9 content type and message digest attributes -required by RFC 2315. -It succeeds even when -.Fa sk -is empty, leaving -.Fa si -in a state that violates the standard. -.Pp -.Fn PKCS7_add0_attrib_signing_time -does not validate -.Fa t -in any way. -In particular, it may set the signing time to the future -or to the remote past. -.Sh BUGS -A function to remove individual attributes from these lists -does not appear to exist. -A program desiring to do that might have to manually iterate the fields -.Fa auth_attr -and -.Fa unauth_attr -of -.Fa si , -which are both of type -.Vt STACK_OF(X509_ATTRIBUTE) , -using the facilities described in -.Xr STACK_OF 3 -and -.Xr OPENSSL_sk_new 3 . diff --git a/src/lib/libcrypto/man/PKCS7_dataFinal.3 b/src/lib/libcrypto/man/PKCS7_dataFinal.3 deleted file mode 100644 index e2e088d9d9..0000000000 --- a/src/lib/libcrypto/man/PKCS7_dataFinal.3 +++ /dev/null @@ -1,158 +0,0 @@ -.\" $OpenBSD: PKCS7_dataFinal.3,v 1.2 2020/06/03 13:41:27 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 3 2020 $ -.Dt PKCS7_DATAFINAL 3 -.Os -.Sh NAME -.Nm PKCS7_dataFinal -.Nd move data from a BIO chain to a ContentInfo object -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft int -.Fo PKCS7_dataFinal -.Fa "PKCS7 *p7" -.Fa "BIO *chain" -.Fc -.Sh DESCRIPTION -.Fn PKCS7_dataFinal -transfers the data from the memory BIO at the end of the given -.Fa chain -into the appropriate content field of -.Fa p7 -itself or of its appropriate substructure. -It is typically used as the final step of populating -.Fa p7 , -after creating the -.Fa chain -with -.Xr PKCS7_dataInit 3 -and after writing the data into it. -.Pp -After calling -.Fn PKCS7_dataFinal , -the program can call -.Xr BIO_free_all 3 -on the -.Fa chain -because such chains are not designed for reuse. -.Pp -Depending on the -.Fa contentType -of -.Fa p7 , -.Fn PKCS7_dataFinal -sets the following fields: -.Bl -tag -width Ds -.It for Vt SignedData No or Vt DigestedData : -in substructures of the -.Fa content -field of -.Fa p7 : -the -.Fa content -field in the -.Vt ContentInfo -structure (unless -.Fa p7 -is configured to store a detached signature) and the -.Fa encryptedDigest -fields in all the -.Vt SignerInfo -structures -.It for Vt EnvelopedData No or Vt SignedAndEnvelopedData : -the -.Fa encryptedContent -field in the -.Vt EncryptedContentInfo -structure contained in the -.Fa content -field of -.Fa p7 -.It for arbitrary data : -the -.Fa content -field of -.Fa p7 -itself -.El -.Sh RETURN VALUES -.Fn PKCS7_dataFinal -returns 1 on success or 0 on failure. -.Pp -Possible reasons for failure include: -.Pp -.Bl -dash -compact -offset 2n -width 1n -.It -.Fa p7 -is -.Dv NULL . -.It -The -.Fa content -field of -.Fa p7 -is empty. -.It -The -.Fa contentType -of -.Fa p7 -is unsupported. -.It -The -.Fa chain -does not contain the expected memory BIO. -.It -Signing or digesting is requested and -.Fa p7 -is not configured to store a detached signature, -but does not contain the required field to store the content either. -.It -At least one signer lacks a useable digest algorithm. -.It -Signing or digesting fails. -.It -Memory allocation fails. -.El -.Pp -Signers lacking private keys do not cause failure -but are silently skipped. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr PKCS7_dataInit 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_sign 3 -.Sh HISTORY -.Fn PKCS7_dataFinal -first appeared in SSLeay 0.9.1 and has been available since -.Ox 2.6 . -.Sh CAVEATS -This function does not support -.Vt EncryptedData . -.Pp -Even though this function is typically used after -.Xr PKCS7_dataInit 3 -and even though -.Xr PKCS7_dataInit 3 -also supports reading from -.Vt ContentInfo -structures that are already fully populated, do not use -.Fn PKCS7_dataFinal -on fully populated structures. -It is only intended for putting data into new structures -and it is neither needed nor suitable for reading. diff --git a/src/lib/libcrypto/man/PKCS7_dataInit.3 b/src/lib/libcrypto/man/PKCS7_dataInit.3 deleted file mode 100644 index cb54d3f95c..0000000000 --- a/src/lib/libcrypto/man/PKCS7_dataInit.3 +++ /dev/null @@ -1,226 +0,0 @@ -.\" $OpenBSD: PKCS7_dataInit.3,v 1.2 2020/06/03 13:41:27 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 3 2020 $ -.Dt PKCS7_DATAINIT 3 -.Os -.Sh NAME -.Nm PKCS7_dataInit -.Nd construct a BIO chain for adding or retrieving content -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft BIO * -.Fo PKCS7_dataInit -.Fa "PKCS7 *p7" -.Fa "BIO *indata" -.Fc -.Sh DESCRIPTION -.Fn PKCS7_dataInit -constructs a BIO chain in preparation for putting data into -or retrieving data out of -.Fa p7 . -Depending on the -.Fa contentType -of -.Fa p7 , -the created chain starts with: -.Bl -tag -width Ds -.It for Vt SignedData : -one or more -.Xr BIO_f_md 3 -message digest filters -.It for Vt EnvelopedData : -one -.Xr BIO_f_cipher 3 -encryption filter -.It for Vt SignedAndEnvelopedData : -one or more -.Xr BIO_f_md 3 -message digest filters followed by one -.Xr BIO_f_cipher 3 -encryption filter -.It for Vt DigestedData : -one -.Xr BIO_f_md 3 -message digest filter -.It for arbitrary data : -no filter BIO -.El -.Pp -One additional BIO is appended to the end of the chain, -depending on the first condition that holds in the following list: -.Bl -tag -width Ds -.It Fa indata -if the -.Fa indata -argument is not -.Dv NULL . -This only makes sense while verifying a detached signature, in which case -.Fa indata -is expected to supply the content associated with the detached signature. -.It Xr BIO_s_null 3 -if the -.Fa contentType -of -.Fa p7 -is -.Vt SignedData -and it is configured to contain a detached signature. -This only makes sense while creating the detached signature. -.It Xr BIO_new_mem_buf 3 -when reading from a -.Vt SignedData -or -.Vt DigestedData -object. -.Fn PKCS7_dataInit -attaches the end of the chain to the nested content of -.Fa p7 . -.It Xr BIO_s_mem 3 -otherwise. -This is the most common case while writing data to -.Fa p7 . -.Xr PKCS7_dataFinal 3 -can later be used to transfer the data from the memory BIO into -.Fa p7 . -.El -.Ss Adding content -Before calling -.Fn PKCS7_dataInit -in order to add content, -.Xr PKCS7_new 3 , -.Xr PKCS7_set_type 3 , -and -.Xr PKCS7_content_new 3 -are typically required to create -.Fa p7 , -to choose its desired type, and to allocate the nested -.Vt ContentInfo -structure. -Alternatively, for -.Vt SignedData , -.Xr PKCS7_sign 3 -can be used with the -.Dv PKCS7_PARTIAL -or -.Dv PKCS7_STREAM -.Fa flags -or for -.Vt EnvelopedData , -.Xr PKCS7_encrypt 3 -with the -.Dv PKCS7_STREAM -flag. -.Pp -After calling -.Fn PKCS7_dataInit , -the desired data can be written into the returned -.Vt BIO , -.Xr BIO_flush 3 -can be called on it, -.Xr PKCS7_dataFinal 3 -can be used to transfer the processed data -from the returned memory BIO to the -.Fa p7 -structure, and the chain can finally be destroyed with -.Xr BIO_free_all 3 . -.Pp -While -.Fn PKCS7_dataInit -does support the -.Vt EnvelopedData -and -.Vt SignedAndEnvelopedData -types, using it for these types is awkward and error prone -except when using -.Xr PKCS7_encrypt 3 -for the setup because -.Xr PKCS7_content_new 3 -does not support these two types. -So in addition to creating -.Fa p7 -itself and setting its type, the nested -.Fa ContentInfo -structure also needs to be constructed with -.Xr PKCS7_new 3 -and -.Xr PKCS7_set_type 3 -and manually inserted into the correct field -of the respective sub-structure of -.Fa p7 . -.Ss Retrieving content -.Fn PKCS7_dataInit -can also be called on a fully populated object of type -.Vt SignedData -or -.Vt DigestedData . -After that, -.Xr BIO_read 3 -can be used to retrieve data from it. -In this use case, do not call -.Xr PKCS7_dataFinal 3 ; -simply proceed directly to -.Xr BIO_free_all 3 -after reading the data. -.Sh RETURN VALUES -.Fn PKCS7_dataInit -returns a BIO chain on success or -.Dv NULL -on failure. -It fails if -.Fa p7 -is -.Dv NULL , -if the -.Fa content -field of -.Fa p7 -is empty, if the -.Fa contentType -of -.Fa p7 -is unsupported, if a cipher is required but none is configured, or -if any required operation fails, for example due to lack of memory -or for various other reasons. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr BIO_read 3 , -.Xr PKCS7_content_new 3 , -.Xr PKCS7_dataFinal 3 , -.Xr PKCS7_encrypt 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_set_type 3 , -.Xr PKCS7_sign 3 -.Sh HISTORY -.Fn PKCS7_dataInit -first appeared in SSLeay 0.8.1 and has been available since -.Ox 2.4 . -.Sh CAVEATS -This function does not support -.Vt EncryptedData . -.Sh BUGS -If -.Fa p7 -is a fully populated structure containing -.Vt EnvelopedData , -.Vt SignedAndEnvelopedData , -or arbitrary data, -.Fn PKCS7_dataInit -returns a BIO chain that ultimately reads from an empty memory BIO, -so reading from it will instantly return an end-of-file indication -rather than reading the actual data contained in -.Fa p7 . diff --git a/src/lib/libcrypto/man/PKCS7_decrypt.3 b/src/lib/libcrypto/man/PKCS7_decrypt.3 deleted file mode 100644 index 8d00499b57..0000000000 --- a/src/lib/libcrypto/man/PKCS7_decrypt.3 +++ /dev/null @@ -1,118 +0,0 @@ -.\" $OpenBSD: PKCS7_decrypt.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2006 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt PKCS7_DECRYPT 3 -.Os -.Sh NAME -.Nm PKCS7_decrypt -.Nd decrypt content from a PKCS#7 envelopedData structure -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft int -.Fo PKCS7_decrypt -.Fa "PKCS7 *p7" -.Fa "EVP_PKEY *pkey" -.Fa "X509 *cert" -.Fa "BIO *data" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn PKCS7_decrypt -extracts and decrypts the content from a PKCS#7 envelopedData structure. -.Fa pkey -is the private key of the recipient, -.Fa cert -is the recipient's certificate, -.Fa data -is a -.Vt BIO -to write the content to and -.Fa flags -is an optional set of flags. -.Pp -Although the recipient's certificate is not needed to decrypt the data, -it is needed to locate the appropriate recipients -in the PKCS#7 structure. -.Pp -If the -.Dv PKCS7_TEXT -.Fa flag -is set, MIME headers for type -.Sy text/plain -are deleted from the content. -If the content is not of type -.Sy text/plain , -an error is returned. -.Sh RETURN VALUES -.Fn PKCS7_decrypt -returns 1 for success or 0 for failure. -.Pp -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr PKCS7_encrypt 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_verify 3 -.Sh HISTORY -.Fn PKCS7_decrypt -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Sh BUGS -.Fn PKCS7_decrypt -must be passed the correct recipient key and certificate. -It would be better if it could look up the correct key and certificate -from a database. -.Pp -The lack of single pass processing and need to hold all data in memory -as mentioned in -.Xr PKCS7_sign 3 -also applies to -.Fn PKCS7_decrypt . diff --git a/src/lib/libcrypto/man/PKCS7_encrypt.3 b/src/lib/libcrypto/man/PKCS7_encrypt.3 deleted file mode 100644 index 700498a1de..0000000000 --- a/src/lib/libcrypto/man/PKCS7_encrypt.3 +++ /dev/null @@ -1,169 +0,0 @@ -.\" $OpenBSD: PKCS7_encrypt.3,v 1.11 2020/06/03 13:41:27 schwarze Exp $ -.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2006, 2007, 2008, 2009 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 3 2020 $ -.Dt PKCS7_ENCRYPT 3 -.Os -.Sh NAME -.Nm PKCS7_encrypt -.Nd create a PKCS#7 envelopedData structure -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft PKCS7 * -.Fo PKCS7_encrypt -.Fa "STACK_OF(X509) *certs" -.Fa "BIO *in" -.Fa "const EVP_CIPHER *cipher" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn PKCS7_encrypt -creates and returns a PKCS#7 envelopedData structure. -.Fa certs -is a list of recipient certificates. -.Fa in -is the content to be encrypted. -.Fa cipher -is the symmetric cipher to use. -.Fa flags -is an optional set of flags. -.Pp -Only RSA keys are supported in PKCS#7 and envelopedData so the recipient -certificates supplied to this function must all contain RSA public keys, -though they do not have to be signed using the RSA algorithm. -.Pp -The algorithm passed in the -.Fa cipher -parameter must support ASN.1 encoding of its parameters. -.Pp -Many browsers implement a "sign and encrypt" option which is simply an -S/MIME envelopedData containing an S/MIME signed message. -This can be readily produced by storing the S/MIME signed message in a -memory -.Vt BIO -and passing it to -.Fn PKCS7_encrypt . -.Pp -The following flags can be passed in the -.Fa flags -parameter. -.Pp -If the -.Dv PKCS7_TEXT -flag is set, MIME headers for type -.Sy text/plain -are prepended to the data. -.Pp -Normally the supplied content is translated into MIME canonical format -(as required by the S/MIME specifications). -If -.Dv PKCS7_BINARY -is set, no translation occurs. -This option should be used if the supplied data is in binary format; -otherwise, the translation will corrupt it. -If -.Dv PKCS7_BINARY -is set, then -.Dv PKCS7_TEXT -is ignored. -.Pp -If the -.Dv PKCS7_STREAM -flag is set, a partial -.Vt PKCS7 -structure is output suitable for streaming I/O: no data is read from -.Fa in . -.Pp -If the flag -.Dv PKCS7_STREAM -is set, the returned -.Vt PKCS7 -structure is -.Sy not -complete and outputting its contents via a function that does not -properly finalize the -.Vt PKCS7 -structure will give unpredictable results. -.Pp -Several functions including -.Xr PKCS7_final 3 , -.Xr SMIME_write_PKCS7 3 , -.Xr PEM_write_bio_PKCS7_stream 3 , -and -.Xr i2d_PKCS7_bio_stream 3 -finalize the structure. -Alternatively finalization can be performed by obtaining the streaming -ASN.1 -.Vt BIO -directly using -.Fn BIO_new_PKCS7 . -.Sh RETURN VALUES -.Fn PKCS7_encrypt -returns either a -.Vt PKCS7 -structure or -.Dv NULL -if an error occurred. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr PKCS7_decrypt 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_sign 3 -.Sh HISTORY -.Fn PKCS7_encrypt -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -The -.Dv PKCS7_STREAM -flag was first supported in OpenSSL 1.0.0. diff --git a/src/lib/libcrypto/man/PKCS7_final.3 b/src/lib/libcrypto/man/PKCS7_final.3 deleted file mode 100644 index 7c9e51521a..0000000000 --- a/src/lib/libcrypto/man/PKCS7_final.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" $OpenBSD: PKCS7_final.3,v 1.2 2020/06/04 10:24:27 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 4 2020 $ -.Dt PKCS7_FINAL 3 -.Os -.Sh NAME -.Nm PKCS7_final -.Nd read data from a BIO into a ContentInfo object -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft int -.Fo PKCS7_final -.Fa "PKCS7 *p7" -.Fa "BIO *data" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn PKCS7_final -reads -.Fa data -and puts it into the appropriate content field of -.Fa p7 -itself or of its appropriate substructure, which can be of type -.Vt SignedData , -.Vt EnvelopedData , -.Vt SignedAndEnvelopedData , -.Vt DigestedData , -or arbitrary data. -The -.Xr PKCS7_dataFinal 3 -manual explains which field exactly the data is put into. -.Pp -The following -.Fa flags -are recognized: -.Bl -tag -width PKCS7_BINARY -.It Dv PKCS7_BINARY -Copy the data verbatim without changing any bytes. -By default, line endings are replaced with two-byte -.Qq \er\en -sequences (ASCII CR+LF). -If this flag is set, -.Dv PKCS7_TEXT -is ignored. -.It Dv PKCS7_TEXT -Prepend -.Qq Content-Type: text/plain -followed by a blank line to the data. -This flag is ignored if -.Dv PKCS7_BINARY -is also set. -.El -.Pp -If any other bits are set in -.Fa flags , -for example -.Dv PKCS7_STREAM -or -.Dv PKCS7_PARTIAL , -they are ignored, allowing to pass the same -.Fa flags -argument that was already passed to -.Xr PKCS7_sign 3 -or -.Xr PKCS7_encrypt 3 . -.Pp -.Fn PKCS7_final -is most commonly used to finalize a -.Fa p7 -object returned from a call to -.Xr PKCS7_sign 3 -that used -.Fa flags -including -.Dv PKCS7_PARTIAL -or -.Dv PKCS7_STREAM . -With these flags, -.Xr PKCS7_sign 3 -ignores its -.Fa data -argument. -The partial -.Fa p7 -object returned can then be customized, for example setting up -multiple signers or non-default digest algorithms with -.Xr PKCS7_sign_add_signer 3 , -before calling -.Fn PKCS7_final . -.Pp -Similarly, -.Fn PKCS7_final -can be used to finalize a -.Fa p7 -object returned from a call to -.Xr PKCS7_encrypt 3 -that used -.Fa flags -including -.Dv PKCS7_STREAM . -.Pp -Since -.Fn PKCS7_final -starts by calling -.Xr PKCS7_dataInit 3 -internally, using it to finalize a -.Fa p7 -object containing -.Vt SignedAndEnvelopedData , -.Vt DigestedData , -or arbitrary data requires the setup described in the -.Xr PKCS7_dataInit 3 -manual. -For -.Vt SignedData -and -.Vt EnvelopedData , -such manual setup is also feasible, but it is more easily performed with -.Xr PKCS7_sign 3 -or -.Xr PKCS7_encrypt 3 , -respectively. -.Pp -.Fn PKCS7_final -is only one among several functions that can be used to finalize -.Fa p7 ; -alternatives include -.Xr SMIME_write_PKCS7 3 , -.Xr PEM_write_bio_PKCS7_stream 3 , -and -.Xr i2d_PKCS7_bio_stream 3 . -.Sh RETURN VALUES -.Fn PKCS7_final -returns 1 on success or 0 on failure. -.Pp -Possible reasons for failure include: -.Pp -.Bl -dash -compact -offset 2n -width 1n -.It -.Fa p7 -is -.Dv NULL . -.It -The -.Fa content -field of -.Fa p7 -is empty. -.It -The -.Fa contentType -of -.Fa p7 -is unsupported. -.It -Signing or digesting is requested and -.Fa p7 -is not configured to store a detached signature, but does not contain -the required field to store the content either. -.It -At least one signer lacks a useable digest algorithm. -.It -A cipher is required but none is configured. -.It -Any required operation fails, for example signing or digesting. -.It -Memory allocation fails. -.El -.Pp -Signers lacking private keys do not cause failure but are silently skipped. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr i2d_PKCS7_bio_stream 3 , -.Xr PEM_write_bio_PKCS7_stream 3 , -.Xr PKCS7_add_attribute 3 , -.Xr PKCS7_dataFinal 3 , -.Xr PKCS7_dataInit 3 , -.Xr PKCS7_encrypt 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_sign 3 , -.Xr SMIME_write_PKCS7 3 -.Sh HISTORY -.Fn PKCS7_final -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . -.Sh CAVEATS -This function does not support -.Vt EncryptedData . diff --git a/src/lib/libcrypto/man/PKCS7_get_signer_info.3 b/src/lib/libcrypto/man/PKCS7_get_signer_info.3 deleted file mode 100644 index 280f373ead..0000000000 --- a/src/lib/libcrypto/man/PKCS7_get_signer_info.3 +++ /dev/null @@ -1,62 +0,0 @@ -.\" $OpenBSD: PKCS7_get_signer_info.3,v 1.1 2020/06/10 11:43:08 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 10 2020 $ -.Dt PKCS7_GET_SIGNER_INFO 3 -.Os -.Sh NAME -.Nm PKCS7_get_signer_info -.Nd retrieve signerInfos from a SignedData object -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft STACK_OF(PKCS7_SIGNER_INFO) * -.Fn PKCS7_get_signer_info "PKCS7 *p7" -.Sh DESCRIPTION -This function retrieves the set of -.Vt SignerInfo -structures from the -.Fa signerInfos -field of -.Fa p7 . -.Pp -These can subsequently be manipulated with the functions documented in -.Xr PKCS7_add_attribute 3 . -.Sh RETURN VALUES -.Fn PKCS7_get_signer_info -returns an internal pointer to a -.Vt STACK_OF(PKCS7_SIGNER_INFO) -object or -.Dv NULL -on failure. -It fails if -.Fa p7 -is -.Dv NULL , -if it has no content, -or if it is of a type other than -.Vt SignedData -or -.Vt SignedAndEnvelopedData . -.Sh SEE ALSO -.Xr PKCS7_add_attribute 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_sign 3 , -.Xr PKCS7_sign_add_signer 3 -.Sh HISTORY -.Fn PKCS7_get_signer_info -first appeared in SSLeay 0.8.1 and has been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/PKCS7_new.3 b/src/lib/libcrypto/man/PKCS7_new.3 deleted file mode 100644 index 151261a312..0000000000 --- a/src/lib/libcrypto/man/PKCS7_new.3 +++ /dev/null @@ -1,269 +0,0 @@ -.\" $OpenBSD: PKCS7_new.3,v 1.12 2020/06/10 11:43:08 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 10 2020 $ -.Dt PKCS7_NEW 3 -.Os -.Sh NAME -.Nm PKCS7_new , -.Nm PKCS7_free , -.Nm PKCS7_SIGNED_new , -.Nm PKCS7_SIGNED_free , -.Nm PKCS7_ENVELOPE_new , -.Nm PKCS7_ENVELOPE_free , -.Nm PKCS7_SIGN_ENVELOPE_new , -.Nm PKCS7_SIGN_ENVELOPE_free , -.Nm PKCS7_DIGEST_new , -.Nm PKCS7_DIGEST_free , -.Nm PKCS7_ENCRYPT_new , -.Nm PKCS7_ENCRYPT_free , -.Nm PKCS7_ENC_CONTENT_new , -.Nm PKCS7_ENC_CONTENT_free , -.Nm PKCS7_SIGNER_INFO_new , -.Nm PKCS7_SIGNER_INFO_free , -.Nm PKCS7_RECIP_INFO_new , -.Nm PKCS7_RECIP_INFO_free , -.Nm PKCS7_ISSUER_AND_SERIAL_new , -.Nm PKCS7_ISSUER_AND_SERIAL_free -.Nd PKCS#7 data structures -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft PKCS7 * -.Fn PKCS7_new void -.Ft void -.Fn PKCS7_free "PKCS7 *p7" -.Ft PKCS7_SIGNED * -.Fn PKCS7_SIGNED_new void -.Ft void -.Fn PKCS7_SIGNED_free "PKCS7_SIGNED *signed" -.Ft PKCS7_ENVELOPE * -.Fn PKCS7_ENVELOPE_new void -.Ft void -.Fn PKCS7_ENVELOPE_free "PKCS7_ENVELOPE *envelope" -.Ft PKCS7_SIGN_ENVELOPE * -.Fn PKCS7_SIGN_ENVELOPE_new void -.Ft void -.Fn PKCS7_SIGN_ENVELOPE_free "PKCS7_SIGN_ENVELOPE *signed_envelope" -.Ft PKCS7_DIGEST * -.Fn PKCS7_DIGEST_new void -.Ft void -.Fn PKCS7_DIGEST_free "PKCS7_DIGEST *digested" -.Ft PKCS7_ENCRYPT * -.Fn PKCS7_ENCRYPT_new void -.Ft void -.Fn PKCS7_ENCRYPT_free "PKCS7_ENCRYPT *encrypted" -.Ft PKCS7_ENC_CONTENT * -.Fn PKCS7_ENC_CONTENT_new void -.Ft void -.Fn PKCS7_ENC_CONTENT_free "PKCS7_ENC_CONTENT *content" -.Ft PKCS7_SIGNER_INFO * -.Fn PKCS7_SIGNER_INFO_new void -.Ft void -.Fn PKCS7_SIGNER_INFO_free "PKCS7_SIGNER_INFO *signer" -.Ft PKCS7_RECIP_INFO * -.Fn PKCS7_RECIP_INFO_new void -.Ft void -.Fn PKCS7_RECIP_INFO_free "PKCS7_RECIP_INFO *recip" -.Ft PKCS7_ISSUER_AND_SERIAL * -.Fn PKCS7_ISSUER_AND_SERIAL_new void -.Ft void -.Fn PKCS7_ISSUER_AND_SERIAL_free "PKCS7_ISSUER_AND_SERIAL *cert" -.Sh DESCRIPTION -PKCS#7 is an ASN.1-based format for transmitting data that has -cryptography applied to it, in particular signed and encrypted data. -.Pp -.Fn PKCS7_new -allocates and initializes an empty -.Vt PKCS7 -object, representing an ASN.1 -.Vt ContentInfo -structure defined in RFC 2315 section 7. -It is the top-level data structure able to hold any kind of content -that can be transmitted using PKCS#7. -It can be used recursively in -.Vt PKCS7_SIGNED -and -.Vt PKCS7_DIGEST -objects. -.Fn PKCS7_free -frees -.Fa p7 . -.Pp -.Fn PKCS7_SIGNED_new -allocates and initializes an empty -.Vt PKCS7_SIGNED -object, representing an ASN.1 -.Vt SignedData -structure defined in RFC 2315 section 9. -It can be used inside -.Vt PKCS7 -objects and holds any kind of content together with signatures by -zero or more signers and information about the signing algorithm -and certificates used. -.Fn PKCS7_SIGNED_free -frees -.Fa signed . -.Pp -.Fn PKCS7_ENVELOPE_new -allocates and initializes an empty -.Vt PKCS7_ENVELOPE -object, representing an ASN.1 -.Vt EnvelopedData -structure defined in RFC 2315 section 10. -It can be used inside -.Vt PKCS7 -objects and holds any kind of encrypted content together with -content-encryption keys for one or more recipients. -.Fn PKCS7_ENVELOPE_free -frees -.Fa envelope . -.Pp -.Fn PKCS7_SIGN_ENVELOPE_new -allocates and initializes an empty -.Vt PKCS7_SIGN_ENVELOPE -object, representing an ASN.1 -.Vt SignedAndEnvelopedData -structure defined in RFC 2315 section 11. -It can be used inside -.Vt PKCS7 -objects and holds any kind of encrypted content together with -signatures by one or more signers, information about the signing -algorithm and certificates used, and content-encryption keys for -one or more recipients. -.Fn PKCS7_SIGN_ENVELOPE_free -frees -.Fa signed_envelope . -.Pp -.Fn PKCS7_DIGEST_new -allocates and initializes an empty -.Vt PKCS7_DIGEST -object, representing an ASN.1 -.Vt DigestedData -structure defined in RFC 2315 section 12. -It can be used inside -.Vt PKCS7 -objects and holds any kind of content together with a message digest -for checking its integrity and information about the algorithm used. -.Fn PKCS7_DIGEST_free -frees -.Fa digested . -.Pp -.Fn PKCS7_ENCRYPT_new -allocates and initializes an empty -.Vt PKCS7_ENCRYPT -object, representing an ASN.1 -.Vt EncryptedData -structure defined in RFC 2315 section 13. -It can be used inside -.Vt PKCS7 -objects and holds any kind of encrypted content. -Keys are not included and need to be communicated separately. -.Fn PKCS7_ENCRYPT_free -frees -.Fa encrypted . -.Pp -.Fn PKCS7_ENC_CONTENT_new -allocates and initializes an empty -.Vt PKCS7_ENC_CONTENT -object, representing an ASN.1 -.Vt EncryptedContentInfo -structure defined in RFC 2315 section 10.1. -It can be used inside -.Vt PKCS7_ENVELOPE , -.Vt PKCS7_SIGN_ENVELOPE , -and -.Vt PKCS7_ENCRYPT -objects and holds encrypted content together with information about -the encryption algorithm used. -.Fn PKCS7_ENC_CONTENT_free -frees -.Fa content . -.Pp -.Fn PKCS7_SIGNER_INFO_new -allocates and initializes an empty -.Vt PKCS7_SIGNER_INFO -object, representing an ASN.1 -.Vt SignerInfo -structure defined in RFC 2315 section 9.2. -It can be used inside -.Vt PKCS7_SIGNED -and -.Vt PKCS7_SIGN_ENVELOPE -objects and holds a signature together with information about the -signer and the algorithms used. -.Fn PKCS7_SIGNER_INFO_free -frees -.Fa signer . -.Pp -.Fn PKCS7_RECIP_INFO_new -allocates and initializes an empty -.Vt PKCS7_RECIP_INFO -object, representing an ASN.1 -.Vt RecipientInfo -structure defined in RFC 2315 section 10.2. -It can be used inside -.Vt PKCS7_ENVELOPE -and -.Vt PKCS7_SIGN_ENVELOPE -objects and holds a content-encryption key together with information -about the intended recipient and the key encryption algorithm used. -.Fn PKCS7_RECIP_INFO_free -frees -.Fa recip . -.Pp -.Fn PKCS7_ISSUER_AND_SERIAL_new -allocates and initializes an empty -.Vt PKCS7_ISSUER_AND_SERIAL -object, representing an ASN.1 -.Vt IssuerAndSerialNumber -structure defined in RFC 2315 section 6.7. -It can be used inside -.Vt PKCS7_SIGNER_INFO -and -.Vt PKCS7_RECIP_INFO -objects and identifies a certificate by holding the distinguished -name of the certificate issuer and an issuer-specific certificate -serial number. -.Fn PKCS7_ISSUER_AND_SERIAL_free -frees -.Fa cert . -.Sh SEE ALSO -.Xr crypto 3 , -.Xr d2i_PKCS7 3 , -.Xr i2d_PKCS7_bio_stream 3 , -.Xr PEM_read_PKCS7 3 , -.Xr PEM_write_bio_PKCS7_stream 3 , -.Xr PKCS7_add_attribute 3 , -.Xr PKCS7_dataFinal 3 , -.Xr PKCS7_dataInit 3 , -.Xr PKCS7_decrypt 3 , -.Xr PKCS7_encrypt 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_get_signer_info 3 , -.Xr PKCS7_ISSUER_AND_SERIAL_digest 3 , -.Xr PKCS7_set_content 3 , -.Xr PKCS7_set_type 3 , -.Xr PKCS7_sign 3 , -.Xr PKCS7_sign_add_signer 3 , -.Xr PKCS7_verify 3 , -.Xr SMIME_read_PKCS7 3 , -.Xr SMIME_write_PKCS7 3 -.Sh STANDARDS -RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5 -.Sh HISTORY -These functions first appeared in SSLeay 0.5.1 -and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/PKCS7_set_content.3 b/src/lib/libcrypto/man/PKCS7_set_content.3 deleted file mode 100644 index fa057341d5..0000000000 --- a/src/lib/libcrypto/man/PKCS7_set_content.3 +++ /dev/null @@ -1,120 +0,0 @@ -.\" $OpenBSD: PKCS7_set_content.3,v 1.2 2020/05/24 12:37:30 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: May 24 2020 $ -.Dt PKCS7_SET_CONTENT 3 -.Os -.Sh NAME -.Nm PKCS7_set_content , -.Nm PKCS7_content_new -.Nd set the nested contentInfo in a PKCS#7 structure -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft int -.Fo PKCS7_set_content -.Fa "PKCS7 *outer" -.Fa "PKCS7 *inner" -.Fc -.Ft int -.Fo PKCS7_content_new -.Fa "PKCS7 *outer" -.Fa "int inner_type" -.Fc -.Sh DESCRIPTION -If the -.Fa contentType -of the -.Fa outer -PKCS7 structure is -.Vt SignedData -or -.Vt DigestedData , -.Fn PKCS7_set_content -sets the -.Fa contentInfo -field of the -.Fa content -field of -.Fa outer -to -.Fa inner , -without copying -.Fa inner . -If there was previous -.Fa contentInfo , -it is freed rather than overwritten. -The rest of the internal state of -.Fa outer -and of its -.Fa content -remains unchanged. -.Pp -.Fn PKCS7_content_new -is similar except that it first allocates and initializes a new, empty -.Fa inner -object of the given -.Fa inner_type -using -.Xr PKCS7_new 3 -and -.Xr PKCS7_set_type 3 . -The -.Fa inner_type -can be any of the NIDs listed in the -.Xr PKCS7_set_type 3 -manual. -.Sh RETURN VALUES -These functions return 1 on success or 0 on failure. -They fail if the -.Fa contentType -of -.Fa outer -is unsupported. -.Fn PKCS7_content_new -can also fail when memory is exhausted. -In case of failure, -.Fa outer -remains unchanged. -.Sh SEE ALSO -.Xr PKCS7_dataInit 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_set_type 3 , -.Xr PKCS7_sign 3 -.Sh STANDARDS -RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5 -.Bl -bullet -compact -offset 1n -width 1n -.It -Section 7. General syntax -.It -Section 9. Signed-data content type -.It -Section 12.\& Digested-data content type -.El -.Sh HISTORY -These functions first appeared in SSLeay 0.8.1 -and have been available since -.Ox 2.4 . -.Sh CAVEATS -Despite the function names, these functions do not set the -.Fa content -field of -.Fa outer , -but only the -.Fa contentInfo -field inside it. -The rest of the -.Fa content -remains unchanged. diff --git a/src/lib/libcrypto/man/PKCS7_set_type.3 b/src/lib/libcrypto/man/PKCS7_set_type.3 deleted file mode 100644 index f414b128a2..0000000000 --- a/src/lib/libcrypto/man/PKCS7_set_type.3 +++ /dev/null @@ -1,119 +0,0 @@ -.\" $OpenBSD: PKCS7_set_type.3,v 1.2 2020/05/20 11:40:26 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: May 20 2020 $ -.Dt PKCS7_SET_TYPE 3 -.Os -.Sh NAME -.Nm PKCS7_set_type , -.Nm PKCS7_set0_type_other -.Nd initialize type of PKCS#7 ContentInfo -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft int -.Fo PKCS7_set_type -.Fa "PKCS7 *p7" -.Fa "int type" -.Fc -.Ft int -.Fo PKCS7_set0_type_other -.Fa "PKCS7 *p7" -.Fa "int type" -.Fa "ASN1_TYPE *content" -.Fc -.Sh DESCRIPTION -These functions set the -.Fa type -of an unused -.Vt ContentInfo -structure -.Fa p7 . -.Pp -The function -.Fn PKCS7_set_type -also allocates and initializes an empty child object in -.Fa p7 . -The -.Fa type -argument can be any of these NIDs, -creating a child object of the indicated data type: -.Pp -.Bl -column NID_pkcs7_signedAndEnveloped PKCS7_SIGN_ENVELOPE n.a. -compact -.It Fa type No argument Ta data type of child Ta version -.It Dv NID_pkcs7_data Ta Vt ASN1_OCTET_STRING Ta n.a. -.It Dv NID_pkcs7_digest Ta Vt PKCS7_DIGEST Ta 0 -.It Dv NID_pkcs7_encrypted Ta Vt PKCS7_ENCRYPT Ta 0 -.It Dv NID_pkcs7_enveloped Ta Vt PKCS7_ENVELOPE Ta 0 -.It Dv NID_pkcs7_signed Ta Vt PKCS7_SIGNED Ta 1 -.It Dv NID_pkcs7_signedAndEnveloped Ta Vt PKCS7_SIGN_ENVELOPE Ta 1 -.El -.Pp -If the provided -.Fa type -is invalid, -.Fa p7 -remains unchanged and -.Fn PKCS7_set_type -fails. -.Pp -If memory allocation fails, -.Fn PKCS7_set_type -fails and -.Fa p7 -may remain in an inconsistent state. -.Pp -The function -.Fn PKCS7_set0_type_other -accepts an arbitrary NID as the -.Fa type -and also sets the -.Fa content , -neither checking it in any way nor copying it. -.Pp -For both functions, the rest of the internal state of -.Fa p7 -remains unchanged. -.Sh RETURN VALUES -The function -.Fn PKCS7_set_type -returns 1 on success or 0 on failure. -.Pp -The function -.Fn PKCS7_set0_type_other -does no error handling at all and always returns 1. -.Sh SEE ALSO -.Xr ASN1_OCTET_STRING_new 3 , -.Xr ASN1_TYPE_new 3 , -.Xr PKCS7_encrypt 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_set_content 3 , -.Xr PKCS7_sign 3 -.Sh HISTORY -The function -.Fn PKCS7_set_type -first appeared in SSLeay 0.8.1 and -.Fn PKCS7_set0_type_other -in OpenSSL 0.9.8. -Both have been available since -.Ox 2.4 . -.Sh CAVEATS -If -.Fa p7 -has already been in use before being passed to one of these functions, -it will report success even though it leaks memory. -Later on, if other functions try to use -.Fa p7 -in its former role, they are likely to misbehave. diff --git a/src/lib/libcrypto/man/PKCS7_sign.3 b/src/lib/libcrypto/man/PKCS7_sign.3 deleted file mode 100644 index 37257e60fd..0000000000 --- a/src/lib/libcrypto/man/PKCS7_sign.3 +++ /dev/null @@ -1,251 +0,0 @@ -.\" $OpenBSD: PKCS7_sign.3,v 1.13 2020/06/10 11:43:08 schwarze Exp $ -.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2003, 2006-2009, 2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2020 $ -.Dt PKCS7_SIGN 3 -.Os -.Sh NAME -.Nm PKCS7_sign -.Nd create a PKCS#7 signedData structure -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft PKCS7 * -.Fo PKCS7_sign -.Fa "X509 *signcert" -.Fa "EVP_PKEY *pkey" -.Fa "STACK_OF(X509) *certs" -.Fa "BIO *data" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn PKCS7_sign -creates and returns a PKCS#7 signedData structure. -.Fa signcert -is the certificate to sign with, -.Fa pkey -is the corresponding private key. -.Fa certs -is an optional additional set of certificates to include in the PKCS#7 -structure (for example any intermediate CAs in the chain). -.Pp -The data to be signed is read from -.Vt BIO -.Fa data . -.Pp -.Fa flags -is an optional set of flags. -.Pp -Any of the following flags (OR'ed together) can be passed in the -.Fa flags -parameter. -.Pp -Many S/MIME clients expect the signed content to include valid MIME -headers. -If the -.Dv PKCS7_TEXT -flag is set, MIME headers for type -.Sy text/plain -are prepended to the data. -.Pp -If -.Dv PKCS7_NOCERTS -is set, the signer's certificate will not be included in the PKCS7 -structure, though the signer's certificate must still be supplied in the -.Fa signcert -parameter. -This can reduce the size of the signature if the signer's certificate can -be obtained by other means: for example a previously signed message. -.Pp -The data being signed is included in the -.Vt PKCS7 -structure, unless -.Dv PKCS7_DETACHED -is set, in which case it is omitted. -This is used for PKCS7 detached signatures which are used in S/MIME -plaintext signed messages for example. -.Pp -Normally the supplied content is translated into MIME canonical format -(as required by the S/MIME specifications). -If -.Dv PKCS7_BINARY -is set, no translation occurs. -This option should be used if the supplied data is in binary format; -otherwise, the translation will corrupt it. -.Pp -The signedData structure includes several PKCS#7 authenticatedAttributes -including the signing time, the PKCS#7 content type and the supported -list of ciphers in an SMIMECapabilities attribute. -If -.Dv PKCS7_NOATTR -is set, then no authenticatedAttributes will be used. -If -.Dv PKCS7_NOSMIMECAP -is set, then just the SMIMECapabilities are omitted. -.Pp -If present, the SMIMECapabilities attribute indicates support for the -following algorithms: triple DES, 128-bit RC2, 64-bit RC2, DES -and 40-bit RC2. -If any of these algorithms is disabled then it will not be included. -.Pp -If the flags -.Dv PKCS7_STREAM -is set, then the returned -.Vt PKCS7 -structure is just initialized ready to perform the signing operation. -The signing is however -.Sy not -performed and the data to be signed is not read from the -.Fa data -parameter. -Signing is deferred until after the data has been written. -In this way data can be signed in a single pass. -.Pp -If the -.Dv PKCS7_PARTIAL -flag is set, a partial -.Vt PKCS7 -structure is output to which additional signers and capabilities can be -added before finalization. -.Pp -If the flag -.Dv PKCS7_STREAM -is set, the returned -.Vt PKCS7 -structure is -.Sy not -complete and outputting its contents via a function that does not -properly finalize the -.Vt PKCS7 -structure will give unpredictable results. -.Pp -Several functions including -.Xr PKCS7_final 3 , -.Xr SMIME_write_PKCS7 3 , -.Xr PEM_write_bio_PKCS7_stream 3 , -and -.Xr i2d_PKCS7_bio_stream 3 -finalize the structure. -Alternatively finalization can be performed by obtaining the streaming -ASN.1 -.Vt BIO -directly using -.Fn BIO_new_PKCS7 . -.Pp -If a signer is specified, it will use the default digest for the -signing algorithm. -This is -.Sy SHA1 -for both RSA and DSA keys. -.Pp -In OpenSSL 1.0.0, the -.Fa certs , -.Fa signcert , -and -.Fa pkey -parameters can all be -.Dv NULL -if the -.Dv PKCS7_PARTIAL -flag is set. -One or more signers can be added using the function -.Xr PKCS7_sign_add_signer 3 -and attributes can be added using the functions described in -.Xr PKCS7_add_attribute 3 . -.Xr PKCS7_final 3 -must also be called to finalize the structure if streaming is not -enabled. -Alternative signing digests can also be specified using this method. -.Pp -In OpenSSL 1.0.0, if -.Fa signcert -and -.Fa pkey -are -.Dv NULL , -then a certificate-only PKCS#7 structure is output. -.Pp -In versions of OpenSSL before 1.0.0 the -.Fa signcert -and -.Fa pkey -parameters must -.Sy NOT -be -.Dv NULL . -.Sh RETURN VALUES -.Fn PKCS7_sign -returns either a valid -.Vt PKCS7 -structure or -.Dv NULL -if an error occurred. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr PKCS7_add_attribute 3 , -.Xr PKCS7_encrypt 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_get_signer_info 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_sign_add_signer 3 , -.Xr PKCS7_verify 3 -.Sh HISTORY -.Fn PKCS7_sign -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -The -.Dv PKCS7_PARTIAL -and -.Dv PKCS7_STREAM -flags were added in OpenSSL 1.0.0. -.Sh BUGS -Some advanced attributes such as counter signatures are not supported. diff --git a/src/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/src/lib/libcrypto/man/PKCS7_sign_add_signer.3 deleted file mode 100644 index 195d6388c9..0000000000 --- a/src/lib/libcrypto/man/PKCS7_sign_add_signer.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" $OpenBSD: PKCS7_sign_add_signer.3,v 1.13 2020/06/10 11:43:08 schwarze Exp $ -.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2007, 2008, 2009, 2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2020 $ -.Dt PKCS7_SIGN_ADD_SIGNER 3 -.Os -.Sh NAME -.Nm PKCS7_sign_add_signer -.Nd add a signer to a SignedData structure -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft PKCS7_SIGNER_INFO * -.Fo PKCS7_sign_add_signer -.Fa "PKCS7 *p7" -.Fa "X509 *signcert" -.Fa "EVP_PKEY *pkey" -.Fa "const EVP_MD *md" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn PKCS7_sign_add_signer -adds a signer with certificate -.Fa signcert -and private key -.Fa pkey -using message digest -.Fa md -to a -.Vt PKCS7 -signed data structure -.Fa p7 . -.Pp -The -.Vt PKCS7 -structure should be obtained from an initial call to -.Xr PKCS7_sign 3 -with the flag -.Dv PKCS7_PARTIAL -set or, in the case or re-signing, a valid -.Vt PKCS7 -signed data structure. -.Pp -If the -.Fa md -parameter is -.Dv NULL , -then the default digest for the public key algorithm will be used. -.Pp -Unless the -.Dv PKCS7_REUSE_DIGEST -flag is set, the returned -.Dv PKCS7 -structure is not complete and must be -finalized either by streaming (if applicable) or by a call to -.Xr PKCS7_final 3 . -.Pp -The main purpose of this function is to provide finer control over a -PKCS#7 signed data structure where the simpler -.Xr PKCS7_sign 3 -function defaults are not appropriate, for example if multiple -signers or non default digest algorithms are needed. -.Pp -Any of the following flags (OR'ed together) can be passed in the -.Fa flags -parameter. -.Pp -If -.Dv PKCS7_REUSE_DIGEST -is set, then an attempt is made to copy the content digest value from the -.Vt PKCS7 -structure: to add a signer to an existing structure. -An error occurs if a matching digest value cannot be found to copy. -The returned -.Vt PKCS7 -structure will be valid and finalized when this flag is set. -.Pp -If -.Dv PKCS7_PARTIAL -is set in addition to -.Dv PKCS7_REUSE_DIGEST , -then the -.Dv PKCS7_SIGNER_INO -structure will not be finalized, so additional attributes can be added. -In this case an explicit call to -.Fn PKCS7_SIGNER_INFO_sign -is needed to finalize it. -.Pp -If -.Dv PKCS7_NOCERTS -is set, the signer's certificate will not be included in the -.Vt PKCS7 -structure, though the signer's certificate must still be supplied in the -.Fa signcert -parameter. -This can reduce the size of the signature if the signers certificate can -be obtained by other means: for example a previously signed message. -.Pp -The signedData structure includes several PKCS#7 authenticatedAttributes -including the signing time, the PKCS#7 content type and the supported -list of ciphers in an SMIMECapabilities attribute. -If -.Dv PKCS7_NOATTR -is set, then no authenticatedAttributes will be used. -If -.Dv PKCS7_NOSMIMECAP -is set, then just the SMIMECapabilities are omitted. -.Pp -If present, the SMIMECapabilities attribute indicates support for the -following algorithms: triple DES, 128-bit RC2, 64-bit RC2, DES -and 40-bit RC2. -If any of these algorithms is disabled, then it will not be included. -.Pp -.Fn PKCS7_sign_add_signer -returns an internal pointer to the -.Vt PKCS7_SIGNER_INFO -structure just added, which can be used to set additional attributes -with the functions described in -.Xr PKCS7_add_attribute 3 -before it is finalized. -.Sh RETURN VALUES -.Fn PKCS7_sign_add_signer -returns an internal pointer to the -.Vt PKCS7_SIGNER_INFO -structure just added or -.Dv NULL -if an error occurs. -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr EVP_DigestInit 3 , -.Xr PKCS7_add_attribute 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_get_signer_info 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_sign 3 -.Sh HISTORY -.Fn PKCS7_sign_add_signer -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/PKCS7_verify.3 b/src/lib/libcrypto/man/PKCS7_verify.3 deleted file mode 100644 index 42c3338e67..0000000000 --- a/src/lib/libcrypto/man/PKCS7_verify.3 +++ /dev/null @@ -1,248 +0,0 @@ -.\" $OpenBSD: PKCS7_verify.3,v 1.9 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2006, 2013, 2014, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt PKCS7_VERIFY 3 -.Os -.Sh NAME -.Nm PKCS7_verify , -.Nm PKCS7_get0_signers -.Nd verify a PKCS#7 signedData structure -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft int -.Fo PKCS7_verify -.Fa "PKCS7 *p7" -.Fa "STACK_OF(X509) *certs" -.Fa "X509_STORE *store" -.Fa "BIO *indata" -.Fa "BIO *out" -.Fa "int flags" -.Fc -.Ft STACK_OF(X509) * -.Fo PKCS7_get0_signers -.Fa "PKCS7 *p7" -.Fa "STACK_OF(X509) *certs" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn PKCS7_verify -verifies a PKCS#7 signedData structure. -.Fa p7 -is the -.Vt PKCS7 -structure to verify. -.Fa certs -is a set of certificates in which to search for the signer's -certificate. -.Fa store -is a trusted certificate store (used for chain verification). -.Fa indata -is the signed data if the content is not present in -.Fa p7 , -that is if it is detached. -The content is written to -.Fa out -if it is not -.Dv NULL . -.Pp -.Fa flags -is an optional set of flags, which can be used to modify the verify -operation. -.Pp -.Fn PKCS7_get0_signers -retrieves the signer's certificates from -.Fa p7 . -It does -.Sy not -check their validity or whether any signatures are valid. -The -.Fa certs -and -.Fa flags -parameters have the same meanings as in -.Fn PKCS7_verify . -.Pp -Normally the verify process proceeds as follows. -.Pp -Initially some sanity checks are performed on -.Fa p7 . -The type of -.Fa p7 -must be signedData. -There must be at least one signature on the data and if the content -is detached, -.Fa indata -cannot be -.Dv NULL . -.Pp -An attempt is made to locate all the signer's certificates, first -looking in the -.Fa certs -parameter (if it is not -.Dv NULL ) -and then looking in any certificates contained in the -.Fa p7 -structure itself. -If any signer's certificates cannot be located the operation fails. -.Pp -Each signer's certificate is chain verified using the -.Sy smimesign -purpose and the supplied trusted certificate store. -Any internal certificates in the message are used as untrusted CAs. -If any chain verify fails an error code is returned. -.Pp -Finally, the signed content is read (and written to -.Fa out -if it is not -.Dv NULL ) -and the signature's checked. -.Pp -If all signature's verify correctly then the function is successful. -.Pp -Any of the following flags (OR'ed together) can be passed in the -.Fa flags -parameter to change the default verify behaviour. -Only the flag -.Dv PKCS7_NOINTERN -is meaningful to -.Fn PKCS7_get0_signers . -.Pp -If -.Dv PKCS7_NOINTERN -is set, the certificates in the message itself are not searched when -locating the signer's certificate. -This means that all the signer's certificates must be in the -.Fa certs -parameter. -.Pp -If the -.Dv PKCS7_TEXT -flag is set, MIME headers for type -.Sy text/plain -are deleted from the content. -If the content is not of type -.Sy text/plain , -then an error is returned. -.Pp -If -.Dv PKCS7_NOVERIFY -is set, the signer's certificates are not chain verified. -.Pp -If -.Dv PKCS7_NOCHAIN -is set, then the certificates contained in the message are not used as -untrusted CAs. -This means that the whole verify chain (apart from the signer's -certificate) must be contained in the trusted store. -.Pp -If -.Dv PKCS7_NOSIGS -is set, then the signatures on the data are not checked. -.Pp -One application of -.Dv PKCS7_NOINTERN -is to only accept messages signed by a small number of certificates. -The acceptable certificates would be passed in the -.Fa certs -parameter. -In this case, if the signer is not one of the certificates supplied in -.Fa certs , -then the verify will fail because the signer cannot be found. -.Pp -Care should be taken when modifying the default verify behaviour, for -example setting -.Dv PKCS7_NOVERIFY | PKCS7_NOSIGS -will totally disable all verification and any signed message will be -considered valid. -This combination is however useful if one merely wishes to write the -content to -.Fa out -and its validity is not considered important. -.Pp -Chain verification should arguably be performed using the signing time -rather than the current time. -However since the signing time is supplied by the signer, it cannot be -trusted without additional evidence (such as a trusted timestamp). -.Sh RETURN VALUES -.Fn PKCS7_verify -returns 1 for a successful verification and 0 or a negative value if -an error occurs. -.Pp -.Fn PKCS7_get0_signers -returns all signers or -.Dv NULL -if an error occurred. -.Pp -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr PKCS7_decrypt 3 , -.Xr PKCS7_new 3 , -.Xr PKCS7_sign 3 , -.Xr X509_STORE_new 3 -.Sh HISTORY -.Fn PKCS7_verify -and -.Fn PKCS7_get0_signers -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Sh BUGS -The trusted certificate store is not searched for the signer's -certificate. -This is primarily due to the inadequacies of the current -.Vt X509_STORE -functionality. -.Pp -The lack of single pass processing and the need to hold all data -in memory as mentioned in -.Xr PKCS7_sign 3 -also applies to -.Fn PKCS7_verify . diff --git a/src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 b/src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 deleted file mode 100644 index 91cd25d425..0000000000 --- a/src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 +++ /dev/null @@ -1,63 +0,0 @@ -.\" $OpenBSD: PKCS8_PRIV_KEY_INFO_new.3,v 1.4 2019/06/06 01:06:59 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt PKCS8_PRIV_KEY_INFO_NEW 3 -.Os -.Sh NAME -.Nm PKCS8_PRIV_KEY_INFO_new , -.Nm PKCS8_PRIV_KEY_INFO_free -.Nd PKCS#8 private key information -.Sh SYNOPSIS -.In openssl/x509.h -.Ft PKCS8_PRIV_KEY_INFO * -.Fn PKCS8_PRIV_KEY_INFO_new void -.Ft void -.Fn PKCS8_PRIV_KEY_INFO_free "PKCS8_PRIV_KEY_INFO *key" -.Sh DESCRIPTION -.Fn PKCS8_PRIV_KEY_INFO_new -allocates and initializes an empty -.Vt PKCS8_PRIV_KEY_INFO -object, representing an ASN.1 -.Vt PrivateKeyInfo -structure defined in RFC 5208 section 5. -It can hold a private key together with information about the -algorithm to be used with it and optional attributes. -.Pp -.Fn PKCS8_PRIV_KEY_INFO_free -frees -.Fa key . -.Sh RETURN VALUES -.Fn PKCS8_PRIV_KEY_INFO_new -returns the new -.Vt PKCS8_PRIV_KEY_INFO -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_PKCS8PrivateKey_bio 3 , -.Xr EVP_PKEY_asn1_set_private 3 , -.Xr PEM_read_PKCS8_PRIV_KEY_INFO 3 , -.Xr PKCS12_parse 3 , -.Xr X509_ATTRIBUTE_new 3 -.Sh STANDARDS -RFC 5208: PKCS#8: Private-Key Information Syntax Specification -.Sh HISTORY -.Fn PKCS8_PRIV_KEY_INFO_new -and -.Fn PKCS8_PRIV_KEY_INFO_free -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 b/src/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 deleted file mode 100644 index 40735c6f86..0000000000 --- a/src/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 +++ /dev/null @@ -1,74 +0,0 @@ -.\" $OpenBSD: PKEY_USAGE_PERIOD_new.3,v 1.5 2019/06/06 01:06:59 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt PKEY_USAGE_PERIOD_NEW 3 -.Os -.Sh NAME -.Nm PKEY_USAGE_PERIOD_new , -.Nm PKEY_USAGE_PERIOD_free -.Nd X.509 certificate private key usage period extension -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft PKEY_USAGE_PERIOD * -.Fn PKEY_USAGE_PERIOD_new void -.Ft void -.Fn PKEY_USAGE_PERIOD_free "PKEY_USAGE_PERIOD *period" -.Sh DESCRIPTION -.Fn PKEY_USAGE_PERIOD_new -allocates and initializes an empty -.Vt PKEY_USAGE_PERIOD -object, representing an ASN.1 -.Vt PrivateKeyUsagePeriod -structure defined in RFC 3280 section 4.2.1.4. -It could be used in -.Vt X509 -certificates to specify a validity period for the private key -that differed from the validity period of the certificate. -.Pp -.Fn PKEY_USAGE_PERIOD_free -frees -.Fa period . -.Sh RETURN VALUES -.Fn PKEY_USAGE_PERIOD_new -returns the new -.Vt PKEY_USAGE_PERIOD -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_PKEY_USAGE_PERIOD 3 , -.Xr EXTENDED_KEY_USAGE_new 3 , -.Xr X509_CINF_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 3280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, -section 4.2.1.4: Private Key Usage Period -.Pp -RFC 3280 was obsoleted by RFC 5280, which says: "Section 4.2.1.4 -in RFC 3280, which specified the -.Vt PrivateKeyUsagePeriod -certificate extension but deprecated its use, was removed. -Use of this ISO standard extension is neither deprecated -nor recommended for use in the Internet PKI." -.Sh HISTORY -.Fn PKEY_USAGE_PERIOD_new -and -.Fn PKEY_USAGE_PERIOD_free -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/POLICYINFO_new.3 b/src/lib/libcrypto/man/POLICYINFO_new.3 deleted file mode 100644 index 7938ed591d..0000000000 --- a/src/lib/libcrypto/man/POLICYINFO_new.3 +++ /dev/null @@ -1,218 +0,0 @@ -.\" $OpenBSD: POLICYINFO_new.3,v 1.8 2021/07/26 14:03:43 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 26 2021 $ -.Dt POLICYINFO_NEW 3 -.Os -.Sh NAME -.Nm POLICYINFO_new , -.Nm POLICYINFO_free , -.Nm CERTIFICATEPOLICIES_new , -.Nm CERTIFICATEPOLICIES_free , -.Nm POLICYQUALINFO_new , -.Nm POLICYQUALINFO_free , -.Nm USERNOTICE_new , -.Nm USERNOTICE_free , -.Nm NOTICEREF_new , -.Nm NOTICEREF_free , -.Nm POLICY_MAPPING_new , -.Nm POLICY_MAPPING_free , -.Nm POLICY_CONSTRAINTS_new , -.Nm POLICY_CONSTRAINTS_free -.Nd X.509 certificate policies -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft POLICYINFO * -.Fn POLICYINFO_new void -.Ft void -.Fn POLICYINFO_free "POLICYINFO *pi" -.Ft CERTIFICATEPOLICIES * -.Fn CERTIFICATEPOLICIES_new void -.Ft void -.Fn CERTIFICATEPOLICIES_free "CERTIFICATEPOLICIES *pis" -.Ft POLICYQUALINFO * -.Fn POLICYQUALINFO_new void -.Ft void -.Fn POLICYQUALINFO_free "POLICYQUALINFO *pqi" -.Ft USERNOTICE * -.Fn USERNOTICE_new void -.Ft void -.Fn USERNOTICE_free "USERNOTICE *usernotice" -.Ft NOTICEREF * -.Fn NOTICEREF_new void -.Ft void -.Fn NOTICEREF_free "NOTICEREF *noticeref" -.Ft POLICY_MAPPING * -.Fn POLICY_MAPPING_new void -.Ft void -.Fn POLICY_MAPPING_free "POLICY_MAPPING *pm" -.Ft POLICY_CONSTRAINTS * -.Fn POLICY_CONSTRAINTS_new void -.Ft void -.Fn POLICY_CONSTRAINTS_free "POLICY_CONSTRAINTS *pc" -.Sh DESCRIPTION -X.509 CA and end entity certificates can optionally indicate -restrictions on their intended use. -.Pp -.Fn POLICYINFO_new -allocates and initializes an empty -.Vt POLICYINFO -object, representing an ASN.1 -.Vt PolicyInformation -structure defined in RFC 5280 section 4.2.1.4. -It can hold a policy identifier and optional advisory qualifiers. -.Fn POLICYINFO_free -frees -.Fa pi . -.Pp -.Fn CERTIFICATEPOLICIES_new -allocates and initializes an empty -.Vt CERTIFICATEPOLICIES -object, which is a -.Vt STACK_OF(POLICYINFO) -and represents an ASN.1 -.Vt CertificatePolicies -structure defined in RFC 5280 section 4.2.1.4. -It can be used by -.Vt X509 -objects, both by CA certificates and end entity certificates. -.Fn CERTIFICATEPOLICIES_free -frees -.Fa pis . -.Pp -.Fn POLICYQUALINFO_new -allocates and initializes an empty -.Vt POLICYQUALINFO -object, representing an ASN.1 -.Vt PolicyQualifierInfo -structure defined in RFC 5280 section 4.2.1.4. -It can be used in -.Vt POLICYINFO -and it can hold either a uniform resource identifier of a certification -practice statement published by the CA, or a pointer to a -.Vt USERNOTICE -object, or arbitrary other information. -.Fn POLICYQUALINFO_free -frees -.Fa pqi . -.Pp -.Fn USERNOTICE_new -allocates and initializes an empty -.Vt USERNOTICE -object, representing an ASN.1 -.Vt UserNotice -structure defined in RFC 5280 section 4.2.1.4. -It can be used in -.Vt POLICYQUALINFO -and it can hold either an -.Vt ASN1_STRING -intended for display to the user or a pointer to a -.Vt NOTICEREF -object. -.Fn NOTICEREF_free -frees -.Fa usernotice . -.Pp -.Fn NOTICEREF_new -allocates and initializes an empty -.Vt NOTICEREF -object, representing an ASN.1 -.Vt NoticeReference -structure defined in RFC 5280 section 4.2.1.4. -It can be used in -.Vt USERNOTICE -and can hold an organization name and a stack of notice numbers. -.Fn NOTICEREF_free -frees -.Fa noticeref . -.Pp -.Fn POLICY_MAPPING_new -allocates and initializes an empty -.Vt POLICY_MAPPING -object, representing an ASN.1 -.Vt PolicyMappings -structure defined in RFC 5280 section 4.2.1.5. -It can be used in -.Vt X509 -CA certificates and can hold a list of pairs of policy identifiers, -declaring one of the policies in each pair as equivalent to the -other. -.Fn POLICY_MAPPING_free -frees -.Fa pm . -.Pp -.Fn POLICY_CONSTRAINTS_new -allocates and initializes an empty -.Vt POLICY_CONSTRAINTS -object, representing an ASN.1 -.Vt PolicyConstraints -structure defined in RFC 5280 section 4.2.1.11. -It can be used in -.Vt X509 -CA certificates to restrict policy mapping and/or to require explicit -certificate policies in subsequent intermediate certificates in the -certification path. -.Fn POLICY_CONSTRAINTS_free -frees -.Fa pc . -.Sh RETURN VALUES -The constructor functions return a new object of the respective -type or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr BASIC_CONSTRAINTS_new 3 , -.Xr d2i_POLICYINFO 3 , -.Xr NAME_CONSTRAINTS_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 , -.Xr X509_policy_tree_level_count 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile: -.Bl -dash -compact -.It -section 4.2.1.4: Certificate Policies -.It -section 4.2.1.5: Policy Mappings -.It -section 4.2.1.11: Policy Constraints -.El -.Sh HISTORY -.Fn POLICYINFO_new , -.Fn POLICYINFO_free , -.Fn CERTIFICATEPOLICIES_new , -.Fn CERTIFICATEPOLICIES_free , -.Fn POLICYQUALINFO_new , -.Fn POLICYQUALINFO_free , -.Fn USERNOTICE_new , -.Fn USERNOTICE_free , -.Fn NOTICEREF_new , -and -.Fn NOTICEREF_free -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . -.Pp -.Fn POLICY_MAPPING_new , -.Fn POLICY_MAPPING_free , -.Fn POLICY_CONSTRAINTS_new , -and -.Fn POLICY_CONSTRAINTS_free -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Sh BUGS -This is a lot of nested data structures, but most of them are -designed to have almost no effect. diff --git a/src/lib/libcrypto/man/PROXY_POLICY_new.3 b/src/lib/libcrypto/man/PROXY_POLICY_new.3 deleted file mode 100644 index 506b9cb2d3..0000000000 --- a/src/lib/libcrypto/man/PROXY_POLICY_new.3 +++ /dev/null @@ -1,96 +0,0 @@ -.\" $OpenBSD: PROXY_POLICY_new.3,v 1.5 2019/06/06 17:41:43 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt PROXY_POLICY_NEW 3 -.Os -.Sh NAME -.Nm PROXY_POLICY_new , -.Nm PROXY_POLICY_free , -.Nm PROXY_CERT_INFO_EXTENSION_new , -.Nm PROXY_CERT_INFO_EXTENSION_free -.Nd X.509 proxy certificate extension -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft PROXY_POLICY * -.Fn PROXY_POLICY_new void -.Ft void -.Fn PROXY_POLICY_free "PROXY_POLICY *pp" -.Ft PROXY_CERT_INFO_EXTENSION * -.Fn PROXY_CERT_INFO_EXTENSION_new void -.Ft void -.Fn PROXY_CERT_INFO_EXTENSION_free "PROXY_CERT_INFO_EXTENSION *pcie" -.Sh DESCRIPTION -If a given non-CA certificate grants any privileges, using that -certificate to issue a proxy certificate and handing that proxy -certificate over to another person, organization, or service allows -the bearer of the proxy certificate to exercise some or all of the -privileges on behalf of the subject of the original certificate. -.Pp -.Fn PROXY_POLICY_new -allocates and initializes an empty -.Vt PROXY_POLICY -object, representing an ASN.1 -.Vt ProxyPolicy -structure defined in RFC 3820 section 3.8. -It defines which privileges are to be delegated. -.Fn PROXY_POLICY_free -frees -.Fa pp . -.Pp -.Fn PROXY_CERT_INFO_EXTENSION_new -allocates and initializes an empty -.Vt PROXY_CERT_INFO_EXTENSION -object, representing an ASN.1 -.Vt ProxyCertInfo -structure defined in RFC 3820 section 3.8. -It can contain a -.Vt PROXY_POLICY -object, and it can additionally restrict the maximum depth of the -path of proxy certificates that can be signed by this proxy -certificate. -.Fn PROXY_CERT_INFO_EXTENSION_free -frees -.Fa pcie . -.Pp -If a non-CA certificate contains a -.Vt PROXY_CERT_INFO_EXTENSION , -it is a proxy certificate; otherwise, it is an end entity certificate. -.Sh RETURN VALUES -.Fn PROXY_POLICY_new -and -.Fn PROXY_CERT_INFO_EXTENSION_new -return the new -.Vt PROXY_POLICY -or -.Vt PROXY_CERT_INFO_EXTENSION -object, respectively, or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr BASIC_CONSTRAINTS_new 3 , -.Xr d2i_PROXY_POLICY 3 , -.Xr EXTENDED_KEY_USAGE_new 3 , -.Xr POLICYINFO_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy -Certificate Profile -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7g -and have been available since -.Ox 3.8 . diff --git a/src/lib/libcrypto/man/RAND_add.3 b/src/lib/libcrypto/man/RAND_add.3 deleted file mode 100644 index 5404f696a3..0000000000 --- a/src/lib/libcrypto/man/RAND_add.3 +++ /dev/null @@ -1,73 +0,0 @@ -.\" $OpenBSD: RAND_add.3,v 1.10 2018/03/27 17:35:50 schwarze Exp $ -.\" content checked up to: OpenSSL c16de9d8 Aug 31 23:16:22 2017 +0200 -.\" -.\" Copyright (c) 2014 Miod Vallat -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt RAND_ADD 3 -.Os -.Sh NAME -.Nm RAND_add , -.Nm RAND_cleanup , -.Nm RAND_poll , -.Nm RAND_seed , -.Nm RAND_status -.Nd manipulate the PRNG state -.Sh SYNOPSIS -.In openssl/rand.h -.Ft void -.Fo RAND_add -.Fa "const void *buf" -.Fa "int num" -.Fa "double entropy" -.Fc -.Ft void -.Fn RAND_cleanup void -.Ft int -.Fn RAND_poll void -.Ft void -.Fo RAND_seed -.Fa "const void *buf" -.Fa "int num" -.Fc -.Ft int -.Fn RAND_status void -.Sh DESCRIPTION -These functions used to allow for the state of the random number -generator to be controlled by external sources. -.Pp -They are kept for ABI compatibility but are no longer functional, and -should not be used in new programs. -.Sh RETURN VALUES -.Fn RAND_poll -and -.Fn RAND_status -always return 1. -.Sh HISTORY -.Fn RAND_cleanup -and -.Fn RAND_seed -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn RAND_add -and -.Fn RAND_status -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn RAND_poll -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . diff --git a/src/lib/libcrypto/man/RAND_bytes.3 b/src/lib/libcrypto/man/RAND_bytes.3 deleted file mode 100644 index 19427a82df..0000000000 --- a/src/lib/libcrypto/man/RAND_bytes.3 +++ /dev/null @@ -1,108 +0,0 @@ -.\" $OpenBSD: RAND_bytes.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt RAND_BYTES 3 -.Os -.Sh NAME -.Nm RAND_bytes , -.Nm RAND_pseudo_bytes -.Nd generate random data -.Sh SYNOPSIS -.In openssl/rand.h -.Ft int -.Fo RAND_bytes -.Fa "unsigned char *buf" -.Fa "int num" -.Fc -.Ft int -.Fo RAND_pseudo_bytes -.Fa "unsigned char *buf" -.Fa "int num" -.Fc -.Sh DESCRIPTION -These functions are deprecated and only retained for compatibility -with legacy application programs. -Use -.Xr arc4random_buf 3 -instead. -.Pp -.Fn RAND_bytes -puts -.Fa num -cryptographically strong pseudo-random bytes into -.Fa buf . -.Pp -.Fn RAND_pseudo_bytes -puts -.Fa num -pseudo-random bytes into -.Fa buf . -Pseudo-random byte sequences generated by -.Fn RAND_pseudo_bytes -will be unique if they are of sufficient length, but are not necessarily -unpredictable. -They can be used for non-cryptographic purposes and for certain purposes -in cryptographic protocols, but usually not for key generation etc. -.Sh RETURN VALUES -.Fn RAND_bytes -returns 1. -.Fn RAND_pseudo_bytes -returns 1. -.Sh HISTORY -.Fn RAND_bytes -first appeared in SSLeay 0.5.1 and has been available since -.Ox 2.4 . -It has a return value since OpenSSL 0.9.5 and -.Ox 2.7 . -.Pp -.Fn RAND_pseudo_bytes -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/RAND_load_file.3 b/src/lib/libcrypto/man/RAND_load_file.3 deleted file mode 100644 index 9227e2721b..0000000000 --- a/src/lib/libcrypto/man/RAND_load_file.3 +++ /dev/null @@ -1,119 +0,0 @@ -.\" $OpenBSD: RAND_load_file.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt RAND_LOAD_FILE 3 -.Os -.Sh NAME -.Nm RAND_file_name , -.Nm RAND_load_file , -.Nm RAND_write_file -.Nd PRNG seed file -.Sh SYNOPSIS -.In openssl/rand.h -.Ft const char * -.Fo RAND_file_name -.Fa "char *buf" -.Fa "size_t num" -.Fc -.Ft int -.Fo RAND_load_file -.Fa "const char *filename" -.Fa "long max_bytes" -.Fc -.Ft int -.Fo RAND_write_file -.Fa "const char *filename" -.Fc -.Sh DESCRIPTION -.Fn RAND_file_name -returns a default path for the random seed file. -.Fa buf -points to a buffer of size -.Fa num -in which to store the filename. -If -.Fa num -is too small for the path name, an error occurs. -.Pp -.Fn RAND_load_file -used to allow for the state of the random number generator to be -controlled by external sources. -It is kept for ABI compatibility but is no longer functional, and should -not be used in new programs. -.Pp -.Fn RAND_write_file -writes a number of random bytes (currently 1024) to file -.Fa filename . -.Sh RETURN VALUES -.Fn RAND_load_file -returns -.Fa max_bytes , -or a bogus positive value if -.Fa max_bytes -is -1. -.Pp -.Fn RAND_write_file -returns the number of bytes written, or a number less than or equal -to 1 if an error occurs. -.Pp -.Fn RAND_file_name -returns a pointer to -.Fa buf -on success or -.Dv NULL -on error. -.Sh HISTORY -.Fn RAND_load_file , -.Fn RAND_write_file , -and -.Fn RAND_file_name -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/RAND_set_rand_method.3 b/src/lib/libcrypto/man/RAND_set_rand_method.3 deleted file mode 100644 index d94d794daf..0000000000 --- a/src/lib/libcrypto/man/RAND_set_rand_method.3 +++ /dev/null @@ -1,55 +0,0 @@ -.\" $OpenBSD: RAND_set_rand_method.3,v 1.4 2018/03/21 09:03:49 schwarze Exp $ -.\" -.\" Copyright (c) 2014 Miod Vallat -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt RAND_SET_RAND_METHOD 3 -.Os -.Sh NAME -.Nm RAND_set_rand_method , -.Nm RAND_get_rand_method , -.Nm RAND_SSLeay -.Nd select RAND method -.Sh SYNOPSIS -.In openssl/rand.h -.Ft int -.Fo RAND_set_rand_method -.Fa "const RAND_METHOD *meth" -.Fc -.Ft const RAND_METHOD * -.Fn RAND_get_rand_method void -.Ft RAND_METHOD * -.Fn RAND_SSLeay void -.Sh DESCRIPTION -These functions used to allow for the random number generator functions -to be replaced by arbitrary code. -.Pp -They are kept for ABI compatibility but are no longer functional, and -should not be used in new programs. -.Sh RETURN VALUES -.Fn RAND_set_rand_method -always returns 1. -.Fn RAND_get_rand_method -and -.Fn RAND_SSLeay -always return -.Dv NULL . -.Sh HISTORY -.Fn RAND_set_rand_method , -.Fn RAND_get_rand_method , -and -.Fn RAND_SSLeay -first appeared in SSLeay 0.9.1 and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/RC4.3 b/src/lib/libcrypto/man/RC4.3 deleted file mode 100644 index 8b20a434b7..0000000000 --- a/src/lib/libcrypto/man/RC4.3 +++ /dev/null @@ -1,126 +0,0 @@ -.\" $OpenBSD: RC4.3,v 1.8 2020/03/29 17:05:02 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 29 2020 $ -.Dt RC4 3 -.Os -.Sh NAME -.Nm RC4_set_key , -.Nm RC4 -.Nd RC4 encryption -.Sh SYNOPSIS -.In openssl/rc4.h -.Ft void -.Fo RC4_set_key -.Fa "RC4_KEY *key" -.Fa "int len" -.Fa "const unsigned char *data" -.Fc -.Ft void -.Fo RC4 -.Fa "RC4_KEY *key" -.Fa "unsigned long len" -.Fa "const unsigned char *indata" -.Fa "unsigned char *outdata" -.Fc -.Sh DESCRIPTION -This library implements the alleged RC4 cipher, which is described for -example in -.Qq Applied Cryptography . -It is believed to be compatible with RC4[TM], a proprietary cipher of -RSA Security Inc. -.Pp -RC4 is a stream cipher with variable key length. -Typically, 128-bit (16-byte) keys are used for strong encryption, but -shorter insecure key sizes have been widely used due to export -restrictions. -.Pp -RC4 consists of a key setup phase and the actual encryption or -decryption phase. -.Pp -.Fn RC4_set_key -sets up the -.Vt RC4_KEY -.Fa key -using the -.Fa len -bytes long key at -.Fa data . -.Pp -.Fn RC4 -encrypts or decrypts the -.Fa len -bytes of data at -.Fa indata -using -.Fa key -and places the result at -.Fa outdata . -Repeated -.Fn RC4 -calls with the same -.Fa key -yield a continuous key stream. -.Pp -Since RC4 is a stream cipher (the input is XOR'ed with a pseudo-random -key stream to produce the output), decryption uses the same function -calls as encryption. -.Sh SEE ALSO -.Xr blowfish 3 , -.Xr EVP_EncryptInit 3 , -.Xr EVP_rc4 3 -.Sh HISTORY -.Fn RC4_set_key -and -.Fn RC4 -appeared in SSLeay 0.4 or earlier and have been available since -.Ox 2.4 . -.Sh BUGS -This cipher is broken and should no longer be used. diff --git a/src/lib/libcrypto/man/RIPEMD160.3 b/src/lib/libcrypto/man/RIPEMD160.3 deleted file mode 100644 index 6fadb56cef..0000000000 --- a/src/lib/libcrypto/man/RIPEMD160.3 +++ /dev/null @@ -1,151 +0,0 @@ -.\" $OpenBSD: RIPEMD160.3,v 1.7 2019/08/25 15:17:19 schwarze Exp $ -.\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2006, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 25 2019 $ -.Dt RIPEMD160 3 -.Os -.Sh NAME -.Nm RIPEMD160 , -.Nm RIPEMD160_Init , -.Nm RIPEMD160_Update , -.Nm RIPEMD160_Final -.Nd RIPEMD-160 hash function -.Sh SYNOPSIS -.In openssl/ripemd.h -.Ft unsigned char * -.Fo RIPEMD160 -.Fa "const unsigned char *d" -.Fa "unsigned long n" -.Fa "unsigned char *md" -.Fc -.Ft int -.Fo RIPEMD160_Init -.Fa "RIPEMD160_CTX *c" -.Fc -.Ft int -.Fo RIPEMD160_Update -.Fa "RIPEMD160_CTX *c" -.Fa "const void *data" -.Fa "unsigned long len" -.Fc -.Ft int -.Fo RIPEMD160_Final -.Fa "unsigned char *md" -.Fa "RIPEMD160_CTX *c" -.Fc -.Sh DESCRIPTION -RIPEMD-160 is a cryptographic hash function with a 160-bit output. -.Pp -.Fn RIPEMD160 -computes the RIPEMD-160 message digest of the -.Fa n -bytes at -.Fa d -and places it in -.Fa md , -which must have space for -.Dv RIPEMD160_DIGEST_LENGTH -== 20 bytes of output. -If -.Fa md -is -.Dv NULL , -the digest is placed in a static array. -.Pp -The following functions may be used if the message is not completely -stored in memory: -.Pp -.Fn RIPEMD160_Init -initializes a -.Vt RIPEMD160_CTX -structure. -.Pp -.Fn RIPEMD160_Update -can be called repeatedly with chunks of the message to be hashed -.Pq Fa len No bytes at Fa data . -.Pp -.Fn RIPEMD160_Final -places the message digest in -.Fa md , -which must have space for -.Dv RIPEMD160_DIGEST_LENGTH -== 20 bytes of output, -and erases the -.Vt RIPEMD160_CTX . -.Pp -Applications should use the higher level functions -.Xr EVP_DigestInit 3 -etc. instead of calling the hash functions directly. -.Sh RETURN VALUES -.Fn RIPEMD160 -returns a pointer to the hash value. -.Pp -.Fn RIPEMD160_Init , -.Fn RIPEMD160_Update , -and -.Fn RIPEMD160_Final -return 1 for success or 0 otherwise. -.Sh SEE ALSO -.Xr EVP_DigestInit 3 , -.Xr HMAC 3 -.Sh STANDARDS -.Bd -unfilled -ISO/IEC 10118-3:2004/Cor 1:2011 -Hash-functions \(em Part 3: Dedicated hash-functions -Clause 7: RIPEMD-160 -.Ed -.Sh HISTORY -.Fn RIPEMD160 , -.Fn RIPEMD160_Init , -.Fn RIPEMD160_Update , -and -.Fn RIPEMD160_Final -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 b/src/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 deleted file mode 100644 index f69f33dbe5..0000000000 --- a/src/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 +++ /dev/null @@ -1,60 +0,0 @@ -.\" $OpenBSD: RSA_PSS_PARAMS_new.3,v 1.4 2019/06/06 01:06:59 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt RSA_PSS_PARAMS_NEW 3 -.Os -.Sh NAME -.Nm RSA_PSS_PARAMS_new , -.Nm RSA_PSS_PARAMS_free -.Nd probabilistic signature scheme with RSA hashing -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft RSA_PSS_PARAMS * -.Fn RSA_PSS_PARAMS_new void -.Ft void -.Fn RSA_PSS_PARAMS_free "RSA_PSS_PARAMS *params" -.Sh DESCRIPTION -.Fn RSA_PSS_PARAMS_new -allocates and initializes an empty -.Vt RSA_PSS_PARAMS -object, representing an ASN.1 -.Vt RSASSA-PSS-params -structure defined in RFC 8017 appendix A.2.3. -It references the hash function and the mask generation function -and stores the length of the salt and the trailer field number. -.Fn RSA_PSS_PARAMS_free -frees -.Fa params . -.Sh RETURN VALUES -.Fn RSA_PSS_PARAMS_new -returns the new -.Vt RSA_PSS_PARAMS -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr RSA_new 3 , -.Xr RSA_padding_add_PKCS1_type_1 3 , -.Xr X509_sign 3 -.Sh STANDARDS -RFC 8017: PKCS#1: RSA Cryptography Specifications Version 2.2 -.Sh HISTORY -.Fn RSA_PSS_PARAMS_new -and -.Fn RSA_PSS_PARAMS_free -first appeared in OpenSSL 1.0.1 and have been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/RSA_blinding_on.3 b/src/lib/libcrypto/man/RSA_blinding_on.3 deleted file mode 100644 index 5d4b4ab25d..0000000000 --- a/src/lib/libcrypto/man/RSA_blinding_on.3 +++ /dev/null @@ -1,98 +0,0 @@ -.\" $OpenBSD: RSA_blinding_on.3,v 1.6 2019/06/06 01:06:59 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt RSA_BLINDING_ON 3 -.Os -.Sh NAME -.Nm RSA_blinding_on , -.Nm RSA_blinding_off -.Nd protect the RSA operation from timing attacks -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_blinding_on -.Fa "RSA *rsa" -.Fa "BN_CTX *ctx" -.Fc -.Ft void -.Fo RSA_blinding_off -.Fa "RSA *rsa" -.Fc -.Sh DESCRIPTION -RSA is vulnerable to timing attacks. -In a setup where attackers can measure the time of RSA decryption or -signature operations, blinding must be used to protect the RSA operation -from that attack. -.Pp -.Fn RSA_blinding_on -turns blinding on for key -.Fa rsa -and generates a random blinding factor. -.Fa ctx -is -.Dv NULL -or a pre-allocated and initialized -.Vt BN_CTX . -.Pp -.Fn RSA_blinding_off -turns blinding off and frees the memory used for the blinding factor. -.Sh RETURN VALUES -.Fn RSA_blinding_on -returns 1 on success, and 0 if an error occurred. -.Sh SEE ALSO -.Xr BN_BLINDING_new 3 , -.Xr RSA_new 3 -.Sh HISTORY -.Fn RSA_blinding_on -and -.Fn RSA_blinding_off -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/RSA_check_key.3 b/src/lib/libcrypto/man/RSA_check_key.3 deleted file mode 100644 index 96b1468433..0000000000 --- a/src/lib/libcrypto/man/RSA_check_key.3 +++ /dev/null @@ -1,149 +0,0 @@ -.\" $OpenBSD: RSA_check_key.3,v 1.8 2021/03/12 05:18:00 jsg Exp $ -.\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 -.\" -.\" This file was written by Ulf Moeller and -.\" Geoff Thorpe . -.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 12 2021 $ -.Dt RSA_CHECK_KEY 3 -.Os -.Sh NAME -.Nm RSA_check_key -.Nd validate private RSA keys -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_check_key -.Fa "RSA *rsa" -.Fc -.Sh DESCRIPTION -This function validates RSA keys. -It checks that -.Fa rsa->p -and -.Fa rsa->q -are in fact prime, and that -.Fa rsa->n -satisfies n = p*q. -.Pp -It also checks that -.Fa rsa->d -and -.Fa rsa->e -satisfy d*e = 1 mod ((p-1)*(q-1)), -and that -.Fa rsa->dmp1 , -.Fa rsa->dmq1 , -and -.Fa resa->iqmp -are set correctly or are -.Dv NULL . -.Pp -This function does not work on RSA public keys that have only the -modulus and public exponent elements populated. -It performs integrity checks on all the RSA key material, so the -.Vt RSA -key structure must contain all the private key data too. -Therefore, it cannot be used with any arbitrary -.Vt RSA -key object, even if it is otherwise fit for regular RSA operation. -.Pp -Unlike most other RSA functions, this function does -.Sy not -work transparently with any underlying -.Vt ENGINE -implementation because it uses the key data in the -.Vt RSA -structure directly. -An -.Vt ENGINE -implementation can override the way key data is stored and handled, -and can even provide support for HSM keys - in which case the -.Vt RSA -structure may contain -.Sy no -key data at all! -If the -.Vt ENGINE -in question is only being used for acceleration or analysis purposes, -then in all likelihood the RSA key data is complete and untouched, -but this can't be assumed in the general case. -.Sh RETURN VALUES -.Fn RSA_check_key -returns 1 if -.Fa rsa -is a valid RSA key, and 0 otherwise. --1 is returned if an error occurs while checking the key. -.Pp -If the key is invalid or an error occurred, the reason code can be -obtained using -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_is_prime_ex 3 , -.Xr RSA_get0_key 3 , -.Xr RSA_new 3 -.Sh HISTORY -.Fn RSA_check_key -first appeared in OpenSSL 0.9.4 and has been available since -.Ox 2.6 . -.Sh BUGS -A method of verifying the RSA key using opaque RSA API functions might -need to be considered. -Right now -.Fn RSA_check_key -simply uses the -.Vt RSA -structure elements directly, bypassing the -.Vt RSA_METHOD -table altogether (and completely violating encapsulation and -object-orientation in the process). -The best fix will probably be to introduce a check_key() handler -to the -.Vt RSA_METHOD -function table so that alternative implementations can also provide -their own verifiers. diff --git a/src/lib/libcrypto/man/RSA_generate_key.3 b/src/lib/libcrypto/man/RSA_generate_key.3 deleted file mode 100644 index 83703b1eaa..0000000000 --- a/src/lib/libcrypto/man/RSA_generate_key.3 +++ /dev/null @@ -1,164 +0,0 @@ -.\" $OpenBSD: RSA_generate_key.3,v 1.13 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL RSA_generate_key.pod bb6c5e7f Feb 5 10:29:22 2017 -0500 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002, 2013 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt RSA_GENERATE_KEY 3 -.Os -.Sh NAME -.Nm RSA_generate_key_ex , -.Nm RSA_generate_key -.Nd generate RSA key pair -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_generate_key_ex -.Fa "RSA *rsa" -.Fa "int bits" -.Fa "BIGNUM *e" -.Fa "BN_GENCB *cb" -.Fc -.Pp -Deprecated: -.Pp -.Ft RSA * -.Fo RSA_generate_key -.Fa "int num" -.Fa "unsigned long e" -.Fa "void (*callback)(int, int, void *)" -.Fa "void *cb_arg" -.Fc -.Sh DESCRIPTION -.Fn RSA_generate_key_ex -generates a key pair and stores it in -.Fa rsa . -.Pp -The modulus size will be of length -.Fa bits , -and the public exponent will be -.Fa e . -Key sizes with -.Fa num -< 1024 should be considered insecure. -The exponent is an odd number, typically 3, 17 or 65537. -.Pp -A callback function may be used to provide feedback about the progress -of the key generation. -If -.Fa cb -is not -.Dv NULL , -it will be called as follows using the -.Xr BN_GENCB_call 3 -function: -.Bl -bullet -.It -While a random prime number is generated, it is called as described in -.Xr BN_generate_prime 3 . -.It -When the -.Fa n Ns -th -randomly generated prime is rejected as not suitable for -the key, -.Fn BN_GENCB_call cb 2 n -is called. -.It -When a random p has been found with p-1 relatively prime to -.Fa e , -it is called as -.Fn BN_GENCB_call cb 3 0 . -.El -.Pp -The process is then repeated for prime q with -.Fn BN_GENCB_call cb 3 1 . -.Pp -.Fn RSA_generate_key -is deprecated. -New applications should use -.Fn RSA_generate_key_ex -instead. -.Fn RSA_generate_key -works in the same way as -.Fn RSA_generate_key_ex -except it uses "old style" call backs. -See -.Xr BN_generate_prime 3 -for further details. -.Sh RETURN VALUES -.Fn RSA_generate_key_ex -returns 1 on success or 0 on error. -.Fn RSA_generate_key -returns the key on success or -.Dv NULL -on error. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BN_generate_prime 3 , -.Xr RSA_get0_key 3 , -.Xr RSA_meth_set_keygen 3 , -.Xr RSA_new 3 -.Sh HISTORY -.Fn RSA_generate_key -appeared in SSLeay 0.4 or earlier and had its -.Fa cb_arg -argument added in SSLeay 0.9.0. -It has been available since -.Ox 2.4 . -.Pp -.Fn RSA_generate_key_ex -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . -.Sh BUGS -.Fn BN_GENCB_call cb 2 x -is used with two different meanings. -.Pp -.Fn RSA_generate_key -goes into an infinite loop for illegal input values. diff --git a/src/lib/libcrypto/man/RSA_get0_key.3 b/src/lib/libcrypto/man/RSA_get0_key.3 deleted file mode 100644 index 9b58fad899..0000000000 --- a/src/lib/libcrypto/man/RSA_get0_key.3 +++ /dev/null @@ -1,364 +0,0 @@ -.\" $OpenBSD: RSA_get0_key.3,v 1.6 2019/07/13 17:26:38 schwarze Exp $ -.\" selective merge up to: OpenSSL 665d899f Aug 2 02:19:43 2017 +0800 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Richard Levitte -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 13 2019 $ -.Dt RSA_GET0_KEY 3 -.Os -.Sh NAME -.Nm RSA_get0_key , -.Nm RSA_set0_key , -.Nm RSA_get0_factors , -.Nm RSA_set0_factors , -.Nm RSA_get0_crt_params , -.Nm RSA_set0_crt_params , -.Nm RSA_clear_flags , -.Nm RSA_test_flags , -.Nm RSA_set_flags -.Nd get and set data in an RSA object -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft void -.Fo RSA_get0_key -.Fa "const RSA *r" -.Fa "const BIGNUM **n" -.Fa "const BIGNUM **e" -.Fa "const BIGNUM **d" -.Fc -.Ft int -.Fo RSA_set0_key -.Fa "RSA *r" -.Fa "BIGNUM *n" -.Fa "BIGNUM *e" -.Fa "BIGNUM *d" -.Fc -.Ft void -.Fo RSA_get0_factors -.Fa "const RSA *r" -.Fa "const BIGNUM **p" -.Fa "const BIGNUM **q" -.Fc -.Ft int -.Fo RSA_set0_factors -.Fa "RSA *r" -.Fa "BIGNUM *p" -.Fa "BIGNUM *q" -.Fc -.Ft void -.Fo RSA_get0_crt_params -.Fa "const RSA *r" -.Fa "const BIGNUM **dmp1" -.Fa "const BIGNUM **dmq1" -.Fa "const BIGNUM **iqmp" -.Fc -.Ft int -.Fo RSA_set0_crt_params -.Fa "RSA *r" -.Fa "BIGNUM *dmp1" -.Fa "BIGNUM *dmq1" -.Fa "BIGNUM *iqmp" -.Fc -.Ft void -.Fo RSA_clear_flags -.Fa "RSA *r" -.Fa "int flags" -.Fc -.Ft int -.Fo RSA_test_flags -.Fa "const RSA *r" -.Fa "int flags" -.Fc -.Ft void -.Fo RSA_set_flags -.Fa "RSA *r" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -An -.Vt RSA -object contains the components for the public and private key. -.Fa n -is the modulus common to both public and private key, -.Fa e -is the public exponent and -.Fa d -is the private exponent. -.Fa p , -.Fa q , -.Fa dmp1 , -.Fa dmq1 , -and -.Fa iqmp -are the factors for the second representation of a private key -(see PKCS#1 section 3 Key Types), where -.Fa p -and -.Fa q -are the first and second factor of -.Fa n . -.Fa dmp1 , -.Fa dmq1 , -and -.Fa iqmp -are the exponents and coefficient -for Chinese Remainder Theorem (CRT) calculations. -.Pp -The -.Fa n , -.Fa e , -and -.Fa d -parameters can be obtained by calling -.Fn RSA_get0_key . -If they have not been set yet, then -.Pf * Fa n , -.Pf * Fa e , -and -.Pf * Fa d -are set to -.Dv NULL . -Otherwise, they are set to pointers to the internal representations -of the values that should not be freed by the caller. -.Pp -The -.Fa n , -.Fa e , -and -.Fa d -parameter values can be set by calling -.Fn RSA_set0_key . -The values -.Fa n -and -.Fa e -must be -.Pf non- Dv NULL -the first time this function is called on a given -.Vt RSA -object. -The value -.Fa d -may be -.Dv NULL . -On subsequent calls, any of these values may be -.Dv NULL , -which means that the corresponding field is left untouched. -Calling this function transfers the memory management of the values to -the RSA object. -Therefore, the values that have been passed in -should not be freed by the caller. -.Pp -In a similar fashion, the -.Fa p -and -.Fa q -parameters can be obtained and set with -.Fn RSA_get0_factors -and -.Fn RSA_set0_factors , -and the -.Fa dmp1 , -.Fa dmq1 , -and -.Fa iqmp -parameters can be obtained and set with -.Fn RSA_get0_crt_params -and -.Fn RSA_set0_crt_params . -.Pp -For -.Fn RSA_get0_key , -.Fn RSA_get0_factors , -and -.Fn RSA_get0_crt_params , -.Dv NULL -value -.Vt BIGNUM ** -output arguments are permitted. -The functions -ignore -.Dv NULL -arguments but return values for other, -.Pf non- Dv NULL , -arguments. -.Pp -Values retrieved with -.Fn RSA_get0_key , -.Fn RSA_get0_factors , -and -.Fn RSA_get0_crt_params -are owned by the -.Vt RSA -object used in the call and may therefore -.Em not -be passed to -.Fn RSA_set0_key , -.Fn RSA_set0_factors , -or -.Fn RSA_set0_crt_params . -If needed, duplicate the received value using -.Xr BN_dup 3 -and pass the duplicate. -.Pp -.Fn RSA_clear_flags -clears the specified -.Fa flags -in -.Fa r . -.Fn RSA_test_flags -tests the -.Fa flags -in -.Fa r . -.Fn RSA_set_flags -sets the -.Fa flags -in -.Fa r ; -any flags already set remain set. -For all three functions, multiple flags can be passed in one call, -OR'ed together bitwise. -.Pp -The following flags are supported: -.Bl -tag -width Ds -.It Dv RSA_FLAG_CACHE_PRIVATE No and Dv RSA_FLAG_CACHE_PUBLIC -Precompute information needed for Montgomery multiplication -from the private and public key, respectively, and cache it in -.Fa r -for repeated use. -These two flags are set by default for the default RSA implementation, -.Xr RSA_PKCS1_SSLeay 3 . -.It Dv RSA_FLAG_EXT_PKEY -The function set with -.Xr RSA_meth_set_mod_exp 3 -is used for private key operations even if -.Fa p , -.Fa q , -.Fa dmp1 , -.Fa dmq1 , -and -.Fa iqmp -are all -.Dv NULL . -This flag may be useful with RSA implementations that do not use the -private key components stored in the standard fields, for example -because they store the private key in external hardware. -If this flag is unset, the function set with -.Xr RSA_meth_set_bn_mod_exp 3 -is used with -.Fa n -and -.Fa d -instead. -.It Dv RSA_FLAG_NO_BLINDING -Turn off blinding during private key encryption and decryption. -This flag is set by -.Xr RSA_blinding_off 3 . -.It Dv RSA_FLAG_SIGN_VER -Enable the use of the functions set with -.Xr RSA_meth_set_sign 3 -and -.Xr RSA_meth_set_verify 3 . -If unset, the functions set with -.Xr RSA_meth_set_priv_enc 3 -and -.Xr RSA_meth_set_pub_dec 3 -are used instead, respectively. -.El -.Pp -The flags -.Dv RSA_FLAG_BLINDING , -.Dv RSA_FLAG_CHECKED , -.Dv RSA_FLAG_FIPS_METHOD , -.Dv RSA_FLAG_NON_FIPS_ALLOW , -and -.Dv RSA_FLAG_THREAD_SAFE -are defined for compatibility with existing code but have no effect. -.Sh RETURN VALUES -.Fn RSA_set0_key , -.Fn RSA_set0_factors , -and -.Fn RSA_set0_crt_params -return 1 on success or 0 on failure. -.Pp -.Fn RSA_test_flags -returns those of the given -.Fa flags -currently set in -.Fa r -or 0 if none of the given -.Fa flags -are set. -.Sh SEE ALSO -.Xr RSA_check_key 3 , -.Xr RSA_generate_key 3 , -.Xr RSA_new 3 , -.Xr RSA_print 3 , -.Xr RSA_size 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/RSA_get_ex_new_index.3 b/src/lib/libcrypto/man/RSA_get_ex_new_index.3 deleted file mode 100644 index cf3d3f6fd7..0000000000 --- a/src/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ /dev/null @@ -1,289 +0,0 @@ -.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.10 2018/03/23 23:18:17 schwarze Exp $ -.\" OpenSSL 35cb565a Nov 19 15:49:30 2015 -0500 -.\" -.\" This file was written by Ulf Moeller and -.\" Dr. Stephen Henson . -.\" Copyright (c) 2000, 2006 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt RSA_GET_EX_NEW_INDEX 3 -.Os -.Sh NAME -.Nm RSA_get_ex_new_index , -.Nm RSA_set_ex_data , -.Nm RSA_get_ex_data , -.Nm CRYPTO_EX_new , -.Nm CRYPTO_EX_dup , -.Nm CRYPTO_EX_free -.Nd add application specific data to RSA structures -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_get_ex_new_index -.Fa "long argl" -.Fa "void *argp" -.Fa "CRYPTO_EX_new *new_func" -.Fa "CRYPTO_EX_dup *dup_func" -.Fa "CRYPTO_EX_free *free_func" -.Fc -.Ft int -.Fo RSA_set_ex_data -.Fa "RSA *r" -.Fa "int idx" -.Fa "void *arg" -.Fc -.Ft void * -.Fo RSA_get_ex_data -.Fa "RSA *r" -.Fa "int idx" -.Fc -.In openssl/crypto.h -.Ft typedef int -.Fo CRYPTO_EX_new -.Fa "void *parent" -.Fa "void *ptr" -.Fa "CRYPTO_EX_DATA *ad" -.Fa "int idx" -.Fa "long argl" -.Fa "void *argp" -.Fc -.Ft typedef void -.Fo CRYPTO_EX_free -.Fa "void *parent" -.Fa "void *ptr" -.Fa "CRYPTO_EX_DATA *ad" -.Fa "int idx" -.Fa "long argl" -.Fa "void *argp" -.Fc -.Ft typedef int -.Fo CRYPTO_EX_dup -.Fa "CRYPTO_EX_DATA *to" -.Fa "CRYPTO_EX_DATA *from" -.Fa "void *from_d" -.Fa "int idx" -.Fa "long argl" -.Fa "void *argp" -.Fc -.Sh DESCRIPTION -Several OpenSSL structures can have application specific data attached -to them. -This has several potential uses: it can be used to cache data associated -with a structure (for example the hash of some part of the structure) or -some additional data (for example a handle to the data in an external -library). -.Pp -Since the application data can be anything at all it is passed and -retrieved as a -.Vt void * -type. -.Pp -The -.Fn RSA_get_ex_new_index -function is initially called to "register" some new application specific -data. -It takes three optional function pointers which are called when the -parent structure (in this case an RSA structure) is initially created, -when it is copied and when it is freed up. -If any or all of these function pointer arguments are not used, they -should be set to -.Dv NULL . -The precise manner in which these function pointers are called is -described in more detail below. -.Fn RSA_get_ex_new_index -also takes additional long and pointer parameters which will be passed -to the supplied functions but which otherwise have no special meaning. -It returns an index which should be stored (typically in a static -variable) and passed as the -.Fa idx -parameter in the remaining functions. -Each successful call to -.Fn RSA_get_ex_new_index -will return an index greater than any previously returned. -This is -important because the optional functions are called in order of -increasing index value. -.Pp -.Fn RSA_set_ex_data -is used to set application specific data. -The data is supplied in the -.Fa arg -parameter and its precise meaning is up to the application. -.Pp -.Fn RSA_get_ex_data -is used to retrieve application specific data. -The data is returned to the application, which will be the same value as -supplied to a previous -.Fn RSA_set_ex_data -call. -.Pp -.Fa new_func -is called when a structure is initially allocated (for example with -.Xr RSA_new 3 . -The parent structure members will not have any meaningful values at this -point. -This function will typically be used to allocate any application -specific structure. -.Pp -.Fa free_func -is called when a structure is being freed up. -The dynamic parent structure members should not be accessed because they -will be freed up when this function is called. -.Pp -.Fa new_func -and -.Fa free_func -take the same parameters. -.Fa parent -is a pointer to the parent -.Vt RSA -structure. -.Fa ptr -is the application specific data (this won't be of much use in -.Fa new_func ) . -.Fa ad -is a pointer to the -.Vt CRYPTO_EX_DATA -structure from the parent -.Vt RSA -structure: the functions -.Fn CRYPTO_get_ex_data -and -.Fn CRYPTO_set_ex_data -can be called to manipulate it. -The -.Fa idx -parameter is the index: this will be the same value returned by -.Fn RSA_get_ex_new_index -when the functions were initially registered. -Finally the -.Fa argl -and -.Fa argp -parameters are the values originally passed to the same corresponding -parameters when -.Fn RSA_get_ex_new_index -was called. -.Pp -.Fa dup_func -is called when a structure is being copied. -Pointers to the destination and source -.Vt CRYPTO_EX_DATA -structures are passed in the -.Fa to -and -.Fa from -parameters, respectively. -The -.Fa from_d -parameter is passed a pointer to the source application data when the -function is called. -When the function returns, the value is copied to the destination: -the application can thus modify the data pointed to by -.Fa from_d -and have different values in the source and destination. -The -.Fa idx , -.Fa argl , -and -.Fa argp -parameters are the same as those in -.Fa new_func -and -.Fa free_func . -.Sh RETURN VALUES -.Fn RSA_get_ex_new_index -returns a new index or -1 on failure. -Note that 0 is a valid index value. -.Pp -.Fn RSA_set_ex_data -returns 1 on success or 0 on failure. -.Pp -.Fn RSA_get_ex_data -returns the application data or -.Dv NULL -on failure. -.Dv NULL -may also be valid application data, but currently it can only fail if -given an invalid -.Fa idx -parameter. -.Pp -.Fa new_func -and -.Fa dup_func -should return 0 for failure and 1 for success. -.Pp -On failure an error code can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr BIO_set_ex_data 3 , -.Xr CRYPTO_set_ex_data 3 , -.Xr DH_set_ex_data 3 , -.Xr DSA_set_ex_data 3 , -.Xr RSA_new 3 , -.Xr SSL_CTX_set_ex_data 3 , -.Xr SSL_SESSION_set_ex_data 3 , -.Xr SSL_set_ex_data 3 , -.Xr X509_STORE_CTX_set_ex_data 3 , -.Xr X509_STORE_set_ex_data 3 -.Sh HISTORY -These functions first appeared in SSLeay 0.9.0 -and have been available since -.Ox 2.4 . -.Sh BUGS -.Fa dup_func -is currently never called. -.Pp -The return value of -.Fa new_func -is ignored. -.Pp -The -.Fa new_func -function isn't very useful because no meaningful values are present in -the parent RSA structure when it is called. diff --git a/src/lib/libcrypto/man/RSA_meth_new.3 b/src/lib/libcrypto/man/RSA_meth_new.3 deleted file mode 100644 index f42feb3f34..0000000000 --- a/src/lib/libcrypto/man/RSA_meth_new.3 +++ /dev/null @@ -1,626 +0,0 @@ -.\" $OpenBSD: RSA_meth_new.3,v 1.5 2019/07/13 17:26:38 schwarze Exp $ -.\" full merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400 -.\" selective merge up to: OpenSSL 24907560 Sep 17 07:47:42 2018 +1000 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018, 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Richard Levitte . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 13 2019 $ -.Dt RSA_METH_NEW 3 -.Os -.Sh NAME -.Nm RSA_meth_new , -.Nm RSA_meth_dup , -.Nm RSA_meth_free , -.Nm RSA_meth_get0_name , -.Nm RSA_meth_set1_name , -.Nm RSA_meth_get_flags , -.Nm RSA_meth_set_flags , -.Nm RSA_meth_get0_app_data , -.Nm RSA_meth_set0_app_data , -.Nm RSA_meth_get_init , -.Nm RSA_meth_set_init , -.Nm RSA_meth_get_finish , -.Nm RSA_meth_set_finish , -.Nm RSA_meth_get_pub_enc , -.Nm RSA_meth_set_pub_enc , -.Nm RSA_meth_get_pub_dec , -.Nm RSA_meth_set_pub_dec , -.Nm RSA_meth_get_priv_enc , -.Nm RSA_meth_set_priv_enc , -.Nm RSA_meth_get_priv_dec , -.Nm RSA_meth_set_priv_dec , -.Nm RSA_meth_get_sign , -.Nm RSA_meth_set_sign , -.Nm RSA_meth_get_verify , -.Nm RSA_meth_set_verify , -.Nm RSA_meth_get_mod_exp , -.Nm RSA_meth_set_mod_exp , -.Nm RSA_meth_get_bn_mod_exp , -.Nm RSA_meth_set_bn_mod_exp , -.Nm RSA_meth_get_keygen , -.Nm RSA_meth_set_keygen -.Nd build up RSA methods -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft RSA_METHOD * -.Fo RSA_meth_new -.Fa "const char *name" -.Fa "int flags" -.Fc -.Ft RSA_METHOD * -.Fo RSA_meth_dup -.Fa "const RSA_METHOD *meth" -.Fc -.Ft void -.Fo RSA_meth_free -.Fa "RSA_METHOD *meth" -.Fc -.Ft const char * -.Fo RSA_meth_get0_name -.Fa "const RSA_METHOD *meth" -.Fc -.Ft int -.Fo RSA_meth_set1_name -.Fa "RSA_METHOD *meth" -.Fa "const char *name" -.Fc -.Ft int -.Fo RSA_meth_get_flags -.Fa "const RSA_METHOD *meth" -.Fc -.Ft int -.Fo RSA_meth_set_flags -.Fa "RSA_METHOD *meth" -.Fa "int flags" -.Fc -.Ft void * -.Fo RSA_meth_get0_app_data -.Fa "const RSA_METHOD *meth" -.Fc -.Ft int -.Fo RSA_meth_set0_app_data -.Fa "RSA_METHOD *meth" -.Fa "void *app_data" -.Fc -.Ft int -.Fo "(*RSA_meth_get_init(const RSA_METHOD *meth))" -.Fa "RSA *rsa" -.Fc -.Ft int -.Fo "RSA_meth_set_init" -.Fa "RSA_METHOD *meth" -.Fa "int (*init)(RSA *rsa)" -.Fc -.Ft int -.Fo "(*RSA_meth_get_finish(const RSA_METHOD *meth))" -.Fa "RSA *rsa" -.Fc -.Ft int -.Fo RSA_meth_set_finish -.Fa "RSA_METHOD *meth" -.Fa "int (*finish)(RSA *rsa)" -.Fc -.Ft int -.Fo "(*RSA_meth_get_pub_enc(const RSA_METHOD *meth))" -.Fa "int flen" -.Fa "const unsigned char *from" -.Fa "unsigned char *to" -.Fa "RSA *rsa" -.Fa "int padding" -.Fc -.Ft int -.Fo RSA_meth_set_pub_enc -.Fa "RSA_METHOD *meth" -.Fa "int (*pub_enc)(int flen, const unsigned char *from,\ - unsigned char *to, RSA *rsa, int padding)" -.Fc -.Ft int -.Fo "(*RSA_meth_get_pub_dec(const RSA_METHOD *meth))" -.Fa "int flen" -.Fa "const unsigned char *from" -.Fa "unsigned char *to" -.Fa "RSA *rsa" -.Fa "int padding" -.Fc -.Ft int -.Fo RSA_meth_set_pub_dec -.Fa "RSA_METHOD *meth" -.Fa "int (*pub_dec)(int flen, const unsigned char *from,\ - unsigned char *to, RSA *rsa, int padding)" -.Fc -.Ft int -.Fo "(*RSA_meth_get_priv_enc(const RSA_METHOD *meth))" -.Fa "int flen" -.Fa "const unsigned char *from" -.Fa "unsigned char *to" -.Fa "RSA *rsa" -.Fa "int padding" -.Fc -.Ft int -.Fo RSA_meth_set_priv_enc -.Fa "RSA_METHOD *meth" -.Fa "int (*priv_enc)(int flen, const unsigned char *from,\ - unsigned char *to, RSA *rsa, int padding)" -.Fc -.Ft int -.Fo "(*RSA_meth_get_priv_dec(const RSA_METHOD *meth))" -.Fa "int flen" -.Fa "const unsigned char *from" -.Fa "unsigned char *to" -.Fa "RSA *rsa" -.Fa "int padding" -.Fc -.Ft int -.Fo RSA_meth_set_priv_dec -.Fa "RSA_METHOD *meth" -.Fa "int (*priv_dec)(int flen, const unsigned char *from,\ - unsigned char *to, RSA *rsa, int padding)" -.Fc -.Ft int -.Fo "(*RSA_meth_get_sign(const RSA_METHOD *meth))" -.Fa "int type" -.Fa "const unsigned char *m" -.Fa "unsigned int m_length" -.Fa "unsigned char *sigret" -.Fa "unsigned int *siglen" -.Fa "const RSA *rsa" -.Fc -.Ft int -.Fo RSA_meth_set_sign -.Fa "RSA_METHOD *rsa" -.Fa "int (*sign)(int type, const unsigned char *m, unsigned int m_length,\ - unsigned char *sigret, unsigned int *siglen, const RSA *rsa)" -.Fc -.Ft int -.Fo "(*RSA_meth_get_verify(const RSA_METHOD *meth))" -.Fa "int dtype" -.Fa "const unsigned char *m" -.Fa "unsigned int m_length" -.Fa "const unsigned char *sigbuf" -.Fa "unsigned int siglen" -.Fa "const RSA *rsa" -.Fc -.Ft int -.Fo RSA_meth_set_verify -.Fa "RSA_METHOD *rsa" -.Fa "int (*verify)(int dtype, const unsigned char *m,\ - unsigned int m_length, const unsigned char *sigbuf,\ - unsigned int siglen, const RSA *rsa)" -.Fc -.Ft int -.Fo "(*RSA_meth_get_mod_exp(const RSA_METHOD *meth))" -.Fa "BIGNUM *r0" -.Fa "const BIGNUM *i" -.Fa "RSA *rsa" -.Fa "BN_CTX *ctx" -.Fc -.Ft int -.Fo RSA_meth_set_mod_exp -.Fa "RSA_METHOD *meth" -.Fa "int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)" -.Fc -.Ft int -.Fo "(*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))" -.Fa "BIGNUM *r" -.Fa "const BIGNUM *a" -.Fa "const BIGNUM *p" -.Fa "const BIGNUM *m" -.Fa "BN_CTX *ctx" -.Fa "BN_MONT_CTX *m_ctx" -.Fc -.Ft int -.Fo RSA_meth_set_bn_mod_exp -.Fa "RSA_METHOD *meth" -.Fa "int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,\ - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)" -.Fc -.Ft int -.Fo "(*RSA_meth_get_keygen(const RSA_METHOD *meth))" -.Fa "RSA *rsa" -.Fa "int bits" -.Fa "BIGNUM *e" -.Fa "BN_GENCB *cb" -.Fc -.Ft int -.Fo RSA_meth_set_keygen -.Fa "RSA_METHOD *meth" -.Fa "int (*keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)" -.Fc -.Sh DESCRIPTION -The -.Vt RSA_METHOD -structure holds function pointers for custom RSA implementations. -.Pp -.Fn RSA_meth_new -creates a new -.Vt RSA_METHOD -structure. -A copy of the NUL-terminated -.Fa name -is stored in the new -.Vt RSA_METHOD -object. -Any new -.Vt RSA -object constructed from this -.Vt RSA_METHOD -will have the given -.Fa flags -set by default, as if they were set with -.Xr RSA_set_flags 3 . -.Pp -.Fn RSA_meth_dup -creates a deep copy of -.Fa meth , -except that a pointer stored into it with -.Fn RSA_meth_set0_app_data -is copied as a pointer without creating a copy of its content. -This might be useful for creating a new -.Vt RSA_METHOD -based on an existing one, but with some differences. -.Pp -.Fn RSA_meth_free -destroys -.Fa meth -and frees any memory associated with it, -except that memory pointed to by a pointer set with -.Fn RSA_meth_set0_app_data -is not freed. -If -.Fa meth -is -.Dv NULL , -no action occurs. -.Pp -.Fn RSA_meth_get0_name -returns an internal pointer to the name of -.Fa meth . -.Fn RSA_meth_set1_name -stores a copy of the NUL-terminated -.Fa name -in the -.Vt RSA_METHOD -object after freeing the previously stored name. -Method names are ignored by the default RSA implementation -but can be used by alternative implementations -and by the application program. -.Pp -.Fn RSA_meth_get_flags -retrieves the flags from -.Fa meth . -Flags are documented in -.Xr RSA_test_flags 3 . -.Fn RSA_meth_set_flags -overwrites all flags in -.Fa meth . -Unlike -.Xr RSA_set_flags 3 , -it does not preserve any flags that were set before the call. -.Pp -.Fn RSA_meth_get0_app_data -and -.Fn RSA_meth_set0_app_data -get and set a pointer to implementation-specific data. -The function -.Fn RSA_meth_free -does not -.Xr free 3 -the memory pointed to by -.Fa app_data . -The default RSA implementation does not use -.Fa app_data . -.Pp -.Fn RSA_meth_get_init -and -.Fn RSA_meth_set_init -get and set an optional function used when creating a new -.Vt RSA -object. -Unless -.Fa init -is -.Dv NULL , -it will be called at the end of -.Xr RSA_new 3 , -.Xr RSA_new_method 3 , -and -.Xr RSA_set_method 3 , -passing a pointer to the newly allocated or reset -.Vt RSA -object as an argument. -The default RSA implementation, -.Xr RSA_PKCS1_SSLeay 3 , -contains an -.Fa init -function equivalent to calling -.Xr RSA_set_flags 3 -with an argument of -.Dv RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE . -.Pp -.Fn RSA_meth_get_finish -and -.Fn RSA_meth_set_finish -get and set an optional function for destroying an -.Vt RSA -object. -Unless -.Fa finish -is -.Dv NULL , -it will be called from -.Xr RSA_set_method 3 -and from -.Xr RSA_free 3 . -It takes the same argument as -.Xr RSA_free 3 -and is intended to do RSA implementation specific cleanup. -The memory used by the -.Vt RSA -object itself should not be freed by the -.Fa finish -function. -The default RSA implementation contains a -.Fa finish -function freeing the memory used by the -.Dv RSA_FLAG_CACHE_PUBLIC -and -.Dv RSA_FLAG_CACHE_PRIVATE -caches. -.Pp -.Fn RSA_meth_get_pub_enc , -.Fn RSA_meth_set_pub_enc , -.Fn RSA_meth_get_pub_dec , -.Fn RSA_meth_set_pub_dec , -.Fn RSA_meth_get_priv_enc , -.Fn RSA_meth_set_priv_enc , -.Fn RSA_meth_get_priv_dec , -and -.Fn RSA_meth_set_priv_dec -get and set the mandatory functions -used for public and private key encryption and decryption. -These functions will be called from -.Xr RSA_public_encrypt 3 , -.Xr RSA_public_decrypt 3 , -.Xr RSA_private_encrypt 3 , -and -.Xr RSA_private_decrypt 3 , -respectively, and take the same parameters as those. -.Pp -.Fn RSA_meth_get_sign , -.Fn RSA_meth_set_sign , -.Fn RSA_meth_get_verify , -and -.Fn RSA_meth_set_verify -get and set the optional functions -used for creating and verifying an RSA signature. -If the flag -.Dv RSA_FLAG_SIGN_VER -is set on the -.Vt RSA -object in question and -.Fa sign -or -.Fa verify -is not -.Dv NULL , -it will be called from -.Xr RSA_sign 3 -or -.Xr RSA_verify 3 , -respectively, and take the same parameters as those. -Otherwise, -.Xr RSA_private_encrypt 3 -or -.Xr RSA_public_decrypt 3 -will be used instead. -.Pp -.Fn RSA_meth_get_mod_exp -and -.Fn RSA_meth_set_mod_exp -get and set the function -used for Chinese Remainder Theorem (CRT) computations involving the -.Fa p , -.Fa q , -.Fa dmp1 , -.Fa dmq1 , -and -.Fa iqmp -fields of an -.Vt RSA -object. -It is used by the default RSA implementation during -.Xr RSA_private_encrypt 3 -and -.Xr RSA_private_decrypt 3 -when the required components of the private key are available -or when the -.Dv RSA_FLAG_EXT_PKEY -flag is set. -.Pp -.Fn RSA_meth_get_bn_mod_exp -and -.Fn RSA_meth_set_bn_mod_exp -get and set the function used for CRT computations, -specifically the value r = -.Fa a -\(ha -.Fa p -mod -.Fa m . -It is used by the default RSA implementation during -.Xr RSA_public_encrypt 3 -and -.Xr RSA_public_decrypt 3 -and as a fallback during -.Xr RSA_private_encrypt 3 -and -.Xr RSA_private_decrypt 3 . -.Pp -.Fn RSA_meth_get_keygen -and -.Fn RSA_meth_set_keygen -get and set the optional function used for generating a new RSA key pair. -Unless -.Fa keygen -is -.Dv NULL , -it will be called from -.Xr RSA_generate_key_ex 3 -and takes the same parameters. -Otherwise, a builtin default implementation is used. -.Sh RETURN VALUES -.Fn RSA_meth_new -and -.Fn RSA_meth_dup -return the newly allocated -.Vt RSA_METHOD -object or -.Dv NULL -on failure. -.Pp -.Fn RSA_meth_get0_name -returns an internal pointer which must not be freed by the caller. -.Pp -.Fn RSA_meth_get_flags -returns zero or more -.Dv RSA_FLAG_* -constants OR'ed together, or 0 if no flags are set in -.Fa meth . -.Pp -.Fn RSA_meth_get0_app_data -returns the pointer that was earlier passed to -.Fn RSA_meth_set0_app_data -or -.Dv NULL -otherwise. -.Pp -All other -.Fn RSA_meth_get_* -functions return the appropriate function pointer that has been set -with the corresponding -.Fn RSA_meth_set_* -function, or -.Dv NULL -if no such pointer has been set in -.Fa meth . -.Pp -All -.Fn RSA_meth_set* -functions return 1 on success or 0 on failure. -In the current implementation, only -.Fn RSA_meth_set1_name -can actually fail. -.Sh SEE ALSO -.Xr RSA_generate_key_ex 3 , -.Xr RSA_new 3 , -.Xr RSA_private_encrypt 3 , -.Xr RSA_public_encrypt 3 , -.Xr RSA_set_flags 3 , -.Xr RSA_set_method 3 , -.Xr RSA_sign 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.1.0. -.Fn RSA_meth_new , -.Fn RSA_meth_dup , -.Fn RSA_meth_free , -.Fn RSA_meth_set_finish , -.Fn RSA_meth_set_priv_enc , -and -.Fn RSA_meth_set_priv_dec -have been available since -.Ox 6.3 , -.Fn RSA_meth_set1_name -and -.Fn RSA_meth_get_finish -since -.Ox 6.4 , -and -.Fn RSA_meth_get0_name , -.Fn RSA_meth_get_flags , -.Fn RSA_meth_set_flags , -.Fn RSA_meth_get0_app_data , -.Fn RSA_meth_set0_app_data , -.Fn RSA_meth_get_init , -.Fn RSA_meth_set_init , -.Fn RSA_meth_set_finish , -.Fn RSA_meth_get_pub_enc , -.Fn RSA_meth_set_pub_enc , -.Fn RSA_meth_get_pub_dec , -.Fn RSA_meth_set_pub_dec , -.Fn RSA_meth_get_priv_enc , -.Fn RSA_meth_get_priv_dec , -.Fn RSA_meth_get_sign , -.Fn RSA_meth_set_sign , -.Fn RSA_meth_get_verify , -.Fn RSA_meth_set_verify , -.Fn RSA_meth_get_mod_exp , -.Fn RSA_meth_set_mod_exp , -.Fn RSA_meth_get_bn_mod_exp , -.Fn RSA_meth_set_bn_mod_exp , -.Fn RSA_meth_get_keygen , -and -.Fn RSA_meth_set_keygen -since -.Ox 6.6 . diff --git a/src/lib/libcrypto/man/RSA_new.3 b/src/lib/libcrypto/man/RSA_new.3 deleted file mode 100644 index 9efcbd0b9f..0000000000 --- a/src/lib/libcrypto/man/RSA_new.3 +++ /dev/null @@ -1,255 +0,0 @@ -.\" $OpenBSD: RSA_new.3,v 1.16 2019/11/01 12:02:58 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL doc/man3/RSA_new.pod e9b77246 Jan 20 19:58:49 2017 +0100 -.\" OpenSSL doc/crypto/rsa.pod 35d2e327 Jun 3 16:19:49 2016 -0400 (final) -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018, 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 1 2019 $ -.Dt RSA_NEW 3 -.Os -.Sh NAME -.Nm RSA_new , -.Nm RSAPrivateKey_dup , -.Nm RSAPublicKey_dup , -.Nm RSA_up_ref , -.Nm RSA_free -.Nd allocate and free RSA objects -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft RSA * -.Fn RSA_new void -.Ft RSA * -.Fo RSAPrivateKey_dup -.Fa "RSA *rsa" -.Fc -.Ft RSA * -.Fo RSAPublicKey_dup -.Fa "RSA *rsa" -.Fc -.Ft int -.Fo RSA_up_ref -.Fa "RSA *rsa" -.Fc -.Ft void -.Fo RSA_free -.Fa "RSA *rsa" -.Fc -.Sh DESCRIPTION -The RSA functions implement RSA public key encryption and signatures -as defined in PKCS #1 v2.0 (RFC 2437). -.Pp -.Fn RSA_new -allocates and initializes an -.Vt RSA -structure, setting the reference count to 1. -It is equivalent to calling -.Xr RSA_new_method 3 -with a -.Dv NULL -argument. -.Pp -.Fn RSAPrivateKey_dup -calls -.Fn RSA_new -and copies the public and private key components from -.Fa rsa -into the new structure. -.Fn RSAPublicKey_dup -does the same except that it copies the public key components only. -.Pp -.Fn RSA_up_ref -increments the reference count by 1. -.Pp -.Fn RSA_free -decrements the reference count by 1. -If it reaches 0, it calls the optional -.Fa finish -function set up with -.Xr RSA_meth_set_finish 3 , -calls -.Xr ENGINE_finish 3 -if -.Fa rsa -uses an engine, and frees the -.Vt RSA -structure and its components. -The key is erased before the memory is returned to the system. -If -.Fa rsa -is a -.Dv NULL -pointer, no action occurs. -.Pp -The -.Vt RSA -structure consists of several -.Vt BIGNUM -components. -It can contain public as well as private RSA keys: -.Bd -literal -typedef struct { - BIGNUM *n; // public modulus - BIGNUM *e; // public exponent - BIGNUM *d; // private exponent - BIGNUM *p; // secret prime factor - BIGNUM *q; // secret prime factor - BIGNUM *dmp1; // d mod (p-1) - BIGNUM *dmq1; // d mod (q-1) - BIGNUM *iqmp; // q^-1 mod p - // ... -} RSA; -.Ed -.Pp -In public keys, the private exponent -.Fa d -and the related secret values -.Fa p , q , dmp1 , dmp2 , -and -.Fa iqmp -are -.Dv NULL . -.Pp -.Fa p , -.Fa q , -.Fa dmp1 , -.Fa dmq1 , -and -.Fa iqmp -may be -.Dv NULL -in private keys, but the RSA operations are much faster when these -values are available. -.Pp -Note that RSA keys may use non-standard -.Vt RSA_METHOD -implementations, either directly or by the use of -.Vt ENGINE -modules. -In some cases (e.g. an -.Vt ENGINE -providing support for hardware-embedded keys), these -.Vt BIGNUM -values will not be used by the implementation or may be used for -alternative data storage. -For this reason, applications should generally avoid using -.Vt RSA -structure elements directly and instead use API functions to query -or modify keys. -.Sh RETURN VALUES -.Fn RSA_new , -.Fn RSAPrivateKey_dup , -and -.Fn RSAPublicKey_dup -return a pointer to the newly allocated structure, or -.Dv NULL -if an error occurs. -An error code can be obtained by -.Xr ERR_get_error 3 . -.Pp -.Fn RSA_up_ref -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr BN_new 3 , -.Xr crypto 3 , -.Xr d2i_RSAPublicKey 3 , -.Xr DH_new 3 , -.Xr DSA_new 3 , -.Xr EVP_PKEY_set1_RSA 3 , -.Xr RSA_blinding_on 3 , -.Xr RSA_check_key 3 , -.Xr RSA_generate_key 3 , -.Xr RSA_get0_key 3 , -.Xr RSA_get_ex_new_index 3 , -.Xr RSA_meth_new 3 , -.Xr RSA_padding_add_PKCS1_type_1 3 , -.Xr RSA_pkey_ctx_ctrl 3 , -.Xr RSA_print 3 , -.Xr RSA_private_encrypt 3 , -.Xr RSA_PSS_PARAMS_new 3 , -.Xr RSA_public_encrypt 3 , -.Xr RSA_set_method 3 , -.Xr RSA_sign 3 , -.Xr RSA_sign_ASN1_OCTET_STRING 3 , -.Xr RSA_size 3 -.Sh STANDARDS -SSL, PKCS #1 v2.0 -.Pp -RSA was covered by a US patent which expired in September 2000. -.Sh HISTORY -.Fn RSA_new -and -.Fn RSA_free -appeared in SSLeay 0.4 or earlier. -.Fn RSAPrivateKey_dup -first appeared in SSLeay 0.5.1 and -.Fn RSAPublicKey_dup -in SSLeay 0.5.2. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn RSA_up_ref -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/src/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 deleted file mode 100644 index e7c3a2a624..0000000000 --- a/src/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ /dev/null @@ -1,236 +0,0 @@ -.\" $OpenBSD: RSA_padding_add_PKCS1_type_1.3,v 1.8 2018/03/21 16:09:51 schwarze Exp $ -.\" OpenSSL 1e3f62a3 Jul 17 16:47:13 2017 +0200 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt RSA_PADDING_ADD_PKCS1_TYPE_1 3 -.Os -.Sh NAME -.Nm RSA_padding_add_PKCS1_type_1 , -.Nm RSA_padding_check_PKCS1_type_1 , -.Nm RSA_padding_add_PKCS1_type_2 , -.Nm RSA_padding_check_PKCS1_type_2 , -.Nm RSA_padding_add_PKCS1_OAEP , -.Nm RSA_padding_check_PKCS1_OAEP , -.Nm RSA_padding_add_none , -.Nm RSA_padding_check_none -.Nd asymmetric encryption padding -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_padding_add_PKCS1_type_1 -.Fa "unsigned char *to" -.Fa "int tlen" -.Fa "unsigned char *f" -.Fa "int fl" -.Fc -.Ft int -.Fo RSA_padding_check_PKCS1_type_1 -.Fa "unsigned char *to" -.Fa "int tlen" -.Fa "unsigned char *f" -.Fa "int fl" -.Fa "int rsa_len" -.Fc -.Ft int -.Fo RSA_padding_add_PKCS1_type_2 -.Fa "unsigned char *to" -.Fa "int tlen" -.Fa "unsigned char *f" -.Fa "int fl" -.Fc -.Ft int -.Fo RSA_padding_check_PKCS1_type_2 -.Fa "unsigned char *to" -.Fa "int tlen" -.Fa "unsigned char *f" -.Fa "int fl" -.Fa "int rsa_len" -.Fc -.Ft int -.Fo RSA_padding_add_PKCS1_OAEP -.Fa "unsigned char *to" -.Fa "int tlen" -.Fa "unsigned char *f" -.Fa "int fl" -.Fa "unsigned char *p" -.Fa "int pl" -.Fc -.Ft int -.Fo RSA_padding_check_PKCS1_OAEP -.Fa "unsigned char *to" -.Fa "int tlen" -.Fa "unsigned char *f" -.Fa "int fl" -.Fa "int rsa_len" -.Fa "unsigned char *p" -.Fa "int pl" -.Fc -.Ft int -.Fo RSA_padding_add_none -.Fa "unsigned char *to" -.Fa "int tlen" -.Fa "unsigned char *f" -.Fa "int fl" -.Fc -.Ft int -.Fo RSA_padding_check_none -.Fa "unsigned char *to" -.Fa "int tlen" -.Fa "unsigned char *f" -.Fa "int fl" -.Fa "int rsa_len" -.Fc -.Sh DESCRIPTION -These functions are called from the RSA encrypt, decrypt, sign, and -verify functions. -Normally they should not be called from application programs. -.Pp -However, they can also be called directly to implement padding for other -asymmetric ciphers. -.Fn RSA_padding_add_PKCS1_OAEP -and -.Fn RSA_padding_check_PKCS1_OAEP -may be used in an application combined with -.Dv RSA_NO_PADDING -in order to implement OAEP with an encoding parameter. -.Pp -.Fn RSA_padding_add_* -encodes -.Fa fl -bytes from -.Fa f -so as to fit into -.Fa tlen -bytes and stores the result at -.Fa to . -An error occurs if -.Fa fl -does not meet the size requirements of the encoding method. -.Pp -The following encoding methods are implemented: -.Pp -.Bl -tag -width PKCS1_type_2 -compact -.It PKCS1_type_1 -PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); -used for signatures -.It PKCS1_type_2 -PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2) -.It PKCS1_OAEP -PKCS #1 v2.0 EME-OAEP -.It none -simply copy the data -.El -.Pp -.Fn RSA_padding_check_* -verifies that the -.Fa fl -bytes at -.Fa f -contain a valid encoding for a -.Fa rsa_len -byte RSA key in the respective encoding method and stores the recovered -data of at most -.Fa tlen -bytes (for -.Dv RSA_NO_PADDING : -of size -.Fa tlen ) -at -.Fa to . -.Pp -For -.Fn RSA_padding_*_OAEP , -.Fa p -points to the encoding parameter of length -.Fa pl . -.Fa p -may be -.Dv NULL -if -.Fa pl -is 0. -.Sh RETURN VALUES -The -.Fn RSA_padding_add_* -functions return 1 on success or 0 on error. -The -.Fn RSA_padding_check_* -functions return the length of the recovered data or -1 on error. -Error codes can be obtained by calling -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr RSA_new 3 , -.Xr RSA_private_decrypt 3 , -.Xr RSA_public_encrypt 3 , -.Xr RSA_sign 3 , -.Xr RSA_verify 3 -.Sh HISTORY -.Fn RSA_padding_add_PKCS1_type_1 , -.Fn RSA_padding_check_PKCS1_type_1 , -.Fn RSA_padding_add_PKCS1_type_2 , -.Fn RSA_padding_check_PKCS1_type_2 , -.Fn RSA_padding_add_none , -and -.Fn RSA_padding_check_none -first appeared in SSLeay 0.9.0 and have been available since -.Ox 2.4 . -.Pp -.Fn RSA_padding_add_PKCS1_OAEP -and -.Fn RSA_padding_check_PKCS1_OAEP -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . -.Sh BUGS -The -.Fn RSA_padding_check_PKCS1_type_2 -padding check leaks timing information which can potentially be -used to mount a Bleichenbacher padding oracle attack. -This is an inherent weakness in the PKCS #1 v1.5 padding design. -Prefer PKCS1_OAEP padding. diff --git a/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 b/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 deleted file mode 100644 index c89ceec436..0000000000 --- a/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 +++ /dev/null @@ -1,403 +0,0 @@ -.\" $OpenBSD: RSA_pkey_ctx_ctrl.3,v 1.4 2019/11/01 19:37:21 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL man3/EVP_PKEY_CTX_ctrl.pod 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" OpenSSL man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod -.\" 87103969 Oct 1 14:11:57 2018 -0700 -.\" selective merge up to: -.\" OpenSSL man3/EVP_PKEY_CTX_ctrl.pod df75c2b f Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson -.\" and Antoine Salon . -.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2017, 2018 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 1 2019 $ -.Dt RSA_PKEY_CTX_CTRL 3 -.Os -.Sh NAME -.Nm RSA_pkey_ctx_ctrl , -.Nm EVP_PKEY_CTX_set_rsa_padding , -.Nm EVP_PKEY_CTX_get_rsa_padding , -.Nm EVP_PKEY_CTX_set_rsa_keygen_bits , -.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp , -.Nm EVP_PKEY_CTX_set_rsa_mgf1_md , -.Nm EVP_PKEY_CTX_get_rsa_mgf1_md , -.Nm EVP_PKEY_CTX_set_rsa_oaep_md , -.Nm EVP_PKEY_CTX_get_rsa_oaep_md , -.Nm EVP_PKEY_CTX_set0_rsa_oaep_label , -.Nm EVP_PKEY_CTX_get0_rsa_oaep_label , -.Nm EVP_PKEY_CTX_set_rsa_pss_saltlen , -.Nm EVP_PKEY_CTX_get_rsa_pss_saltlen , -.Nm EVP_PKEY_CTX_set_rsa_pss_keygen_md , -.Nm EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md , -.Nm EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen -.Nd RSA private key control operations -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_pkey_ctx_ctrl -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int optype" -.Fa "int cmd" -.Fa "int p1" -.Fa "void *p2" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_rsa_padding -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int pad" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get_rsa_padding -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int *ppad" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_rsa_keygen_bits -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int mbits" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_rsa_keygen_pubexp -.Fa "EVP_PKEY_CTX *ctx" -.Fa "BIGNUM *pubexp" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_rsa_mgf1_md -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get_rsa_mgf1_md -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const EVP_MD **pmd" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_rsa_oaep_md -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get_rsa_oaep_md -.Fa "EVP_PKEY_CTX *ctx" -.Fa "const EVP_MD **pmd" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set0_rsa_oaep_label -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char *label" -.Fa "int len" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get0_rsa_oaep_label -.Fa "EVP_PKEY_CTX *ctx" -.Fa "unsigned char **plabel" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_rsa_pss_saltlen -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int len" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_get_rsa_pss_saltlen -.Fa "EVP_PKEY_CTX *ctx" -.Fa "int *plen" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_rsa_pss_keygen_md -.Fa "EVP_PKEY_CTX *pctx" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md -.Fa "EVP_PKEY_CTX *pctx" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen -.Fa "EVP_PKEY_CTX *pctx" -.Fa "int saltlen" -.Fc -.Sh DESCRIPTION -The function -.Fn RSA_pkey_ctx_ctrl -is a shallow wrapper around -.Xr EVP_PKEY_CTX_ctrl 3 -which only succeeds if -.Fa ctx -matches either -.Dv EVP_PKEY_RSA -or -.Dv EVP_PKEY_RSA_PSS . -.Pp -All the remaining "functions" are implemented as macros. -.Pp -The -.Fn EVP_PKEY_CTX_set_rsa_padding -macro sets the RSA padding mode for -.Fa ctx . -The -.Fa pad -parameter can take the value -.Dv RSA_PKCS1_PADDING -for PKCS#1 padding, -.Dv RSA_NO_PADDING -for no padding, -.Dv RSA_PKCS1_OAEP_PADDING -for OAEP padding (encrypt and decrypt only), -.Dv RSA_X931_PADDING -for X9.31 padding (signature operations only) and -.Dv RSA_PKCS1_PSS_PADDING -(sign and verify only). -Only the last one can be used with keys of the type -.Dv EVP_PKEY_RSA_PSS . -.Pp -Two RSA padding modes behave differently if -.Xr EVP_PKEY_CTX_set_signature_md 3 -is used. -If this macro is called for PKCS#1 padding, the plaintext buffer is an -actual digest value and is encapsulated in a -.Vt DigestInfo -structure according to PKCS#1 when signing and this structure is -expected (and stripped off) when verifying. -If this control is not used with RSA and PKCS#1 padding then the -supplied data is used directly and not encapsulated. -In the case of X9.31 padding for RSA the algorithm identifier byte is -added or checked and removed if this control is called. -If it is not called then the first byte of the plaintext buffer is -expected to be the algorithm identifier byte. -.Pp -The -.Fn EVP_PKEY_CTX_get_rsa_padding -macro retrieves the RSA padding mode for -.Fa ctx . -.Pp -The -.Fn EVP_PKEY_CTX_set_rsa_keygen_bits -macro sets the RSA key length for RSA or RSA-PSS key generation to -.Fa mbits . -The smallest supported value is 512 bits. -If not specified, 1024 bits is used. -.Pp -The -.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp -macro sets the public exponent value for RSA or RSA-PSS key generation to -.Fa pubexp . -Currently, it should be an odd integer. -The -.Fa pubexp -pointer is used internally by this function, so it should not be modified -or freed after the call. -If this macro is not called, then 65537 is used. -.Pp -The -.Fn EVP_PKEY_CTX_set_rsa_mgf1_md -macro sets the MGF1 digest for RSA padding schemes to -.Fa md . -Unless explicitly specified, the signing digest is used. -The padding mode must have been set to -.Dv RSA_PKCS1_OAEP_PADDING -or -.Dv RSA_PKCS1_PSS_PADDING . -If the key is of the type -.Dv EVP_PKEY_RSA_PSS -and has usage restrictions, an error occurs if an attempt is made -to set the digest to anything other than the restricted value. -.Pp -The -.Fn EVP_PKEY_CTX_get_rsa_mgf1_md -macro retrieves the MGF1 digest for -.Fa ctx . -Unless explicitly specified, the signing digest is used. -The padding mode must have been set to -.Dv RSA_PKCS1_OAEP_PADDING -or -.Dv RSA_PKCS1_PSS_PADDING . -.Ss Optimal asymmetric encryption padding -The following macros require that the padding mode was set to -.Dv RSA_PKCS1_OAEP_PADDING . -.Pp -The -.Fn EVP_PKEY_CTX_set_rsa_oaep_md -macro sets the message digest type used in RSA OAEP to -.Fa md . -.Pp -The -.Fn EVP_PKEY_CTX_get_rsa_oaep_md -macro gets the message digest type used in RSA OAEP to -.Pf * Fa pmd . -.Pp -The -.Fn EVP_PKEY_CTX_set0_rsa_oaep_label -macro sets the RSA OAEP label to -.Fa label -and its length to -.Fa len . -If -.Fa label -is -.Dv NULL -or -.Fa len -is 0, the label is cleared. -The library takes ownership of the label so the caller should not -free the original memory pointed to by -.Fa label . -.Pp -The -.Fn EVP_PKEY_CTX_get0_rsa_oaep_label -macro gets the RSA OAEP label to -.Pf * Fa plabel . -The return value is the label length. -The resulting pointer is owned by the library and should not be -freed by the caller. -.Ss Probabilistic signature scheme -The following macros require that the padding mode was set to -.Dv RSA_PKCS1_PSS_PADDING . -.Pp -The -.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen -macro sets the RSA PSS salt length to -.Fa len . -Three special values are supported: -.Dv RSA_PSS_SALTLEN_DIGEST -sets the salt length to the digest length. -.Dv RSA_PSS_SALTLEN_MAX -sets the salt length to the maximum permissible value. -When signing, -.Dv RSA_PSS_SALTLEN_AUTO -sets the salt length to the maximum permissible value. -When verifying, -.Dv RSA_PSS_SALTLEN_AUTO -causes the salt length to be automatically determined based on the -PSS block structure. -If this macro is not called, a salt length value of -.Dv RSA_PSS_SALTLEN_AUTO -is used by default. -.Pp -If the key has usage restrictions and an attempt is made to set the -salt length below the minimum value, an error occurs. -Also, if the key has usage restrictions, -.Dv RSA_PSS_SALTLEN_AUTO -is not supported for verification. -.Pp -The -.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen -macro retrieves the RSA PSS salt length for -.Fa ctx . -.Pp -Optional parameter restrictions can be specified when generating a PSS -key. -If any restrictions are set using the macros described below, -then all parameters are restricted. -For example, setting a minimum salt length also restricts the digest and -MGF1 algorithms. -If any restrictions are in place, then they are reflected in the -corresponding parameters of the public key when (for example) a -certificate request is signed. -.Pp -.Fn EVP_PKEY_CTX_set_rsa_pss_keygen_md -restricts the digest algorithm the generated key can use to -.Fa md . -.Pp -.Fn EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md -restricts the MGF1 algorithm the generated key can use to -.Fa md . -.Pp -.Fn EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen -restricts the minimum salt length to -.Fa saltlen . -.Sh RETURN VALUES -These functions return a positive value for success or 0 or a negative -value for failure. -In particular, a return value of -2 indicates the operation is not -supported by the public key algorithm. -.Sh SEE ALSO -.Xr EVP_DigestInit 3 , -.Xr EVP_PKEY_CTX_ctrl 3 , -.Xr EVP_PKEY_CTX_new 3 , -.Xr EVP_PKEY_decrypt 3 , -.Xr EVP_PKEY_derive 3 , -.Xr EVP_PKEY_encrypt 3 , -.Xr EVP_PKEY_get_default_digest_nid 3 , -.Xr EVP_PKEY_keygen 3 , -.Xr EVP_PKEY_meth_set_ctrl 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 , -.Xr EVP_PKEY_verify_recover 3 -.Sh HISTORY -The functions -.Fn EVP_PKEY_CTX_set_rsa_padding , -.Fn EVP_PKEY_CTX_set_rsa_keygen_bits , -.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp , -and -.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Pp -The functions -.Fn EVP_PKEY_CTX_get_rsa_padding , -.Fn EVP_PKEY_CTX_set_rsa_mgf1_md , -.Fn EVP_PKEY_CTX_get_rsa_mgf1_md , -and -.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen -first appeared in OpenSSL 1.0.1 and have been available since -.Ox 5.3 . -.Pp -The functions -.Fn EVP_PKEY_CTX_set_rsa_oaep_md , -.Fn EVP_PKEY_CTX_get_rsa_oaep_md , -.Fn EVP_PKEY_CTX_set0_rsa_oaep_label , -and -.Fn EVP_PKEY_CTX_get0_rsa_oaep_label -first appeared in OpenSSL 1.0.2 and have been available since -.Ox 6.7 . -.Pp -The function -.Fn RSA_pkey_ctx_ctrl -first appeared in OpenSSL 1.1.1 and has been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/RSA_print.3 b/src/lib/libcrypto/man/RSA_print.3 deleted file mode 100644 index 767241ce1c..0000000000 --- a/src/lib/libcrypto/man/RSA_print.3 +++ /dev/null @@ -1,144 +0,0 @@ -.\" $OpenBSD: RSA_print.3,v 1.9 2019/06/06 01:06:59 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002, 2003 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt RSA_PRINT 3 -.Os -.Sh NAME -.Nm RSA_print , -.Nm RSA_print_fp , -.Nm DSAparams_print , -.Nm DSAparams_print_fp , -.Nm DSA_print , -.Nm DSA_print_fp , -.Nm DHparams_print , -.Nm DHparams_print_fp -.Nd print cryptographic parameters -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_print -.Fa "BIO *bp" -.Fa "RSA *x" -.Fa "int offset" -.Fc -.Ft int -.Fo RSA_print_fp -.Fa "FILE *fp" -.Fa "RSA *x" -.Fa "int offset" -.Fc -.In openssl/dsa.h -.Ft int -.Fo DSAparams_print -.Fa "BIO *bp" -.Fa "DSA *x" -.Fc -.Ft int -.Fo DSAparams_print_fp -.Fa "FILE *fp" -.Fa "DSA *x" -.Fc -.Ft int -.Fo DSA_print -.Fa "BIO *bp" -.Fa "DSA *x" -.Fa "int offset" -.Fc -.Ft int -.Fo DSA_print_fp -.Fa "FILE *fp" -.Fa "DSA *x" -.Fa "int offset" -.Fc -.In openssl/dh.h -.Ft int -.Fo DHparams_print -.Fa "BIO *bp" -.Fa "DH *x" -.Fc -.Ft int -.Fo DHparams_print_fp -.Fa "FILE *fp" -.Fa "DH *x" -.Fc -.Sh DESCRIPTION -A human-readable hexadecimal output of the components of the RSA key, -DSA parameters or key or DH parameters is printed to -.Fa bp -or -.Fa fp . -.Pp -The output lines are indented by -.Fa offset -spaces. -.Sh RETURN VALUES -These functions return 1 on success or 0 on error. -.Sh SEE ALSO -.Xr BN_bn2bin 3 , -.Xr DH_get0_pqg 3 , -.Xr DH_new 3 , -.Xr DSA_get0_pqg 3 , -.Xr RSA_get0_key 3 , -.Xr RSA_new 3 -.Sh HISTORY -.Fn RSA_print -and -.Fn DHparams_print -first appeared in SSLeay 0.5.1. -.Fn RSA_print_fp , -.Fn DSA_print , -and -.Fn DHparams_print_fp -first appeared in SSLeay 0.6.0. -.Fn DSA_print_fp -first appeared in SSLeay 0.8.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/RSA_private_encrypt.3 b/src/lib/libcrypto/man/RSA_private_encrypt.3 deleted file mode 100644 index 2bf6c57dba..0000000000 --- a/src/lib/libcrypto/man/RSA_private_encrypt.3 +++ /dev/null @@ -1,150 +0,0 @@ -.\" $OpenBSD: RSA_private_encrypt.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL RSA_private_encrypt.pod b41f6b64 Mar 10 15:49:04 2017 +0000 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt RSA_PRIVATE_ENCRYPT 3 -.Os -.Sh NAME -.Nm RSA_private_encrypt , -.Nm RSA_public_decrypt -.Nd low level signature operations -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_private_encrypt -.Fa "int flen" -.Fa "const unsigned char *from" -.Fa "unsigned char *to" -.Fa "RSA *rsa" -.Fa "int padding" -.Fc -.Ft int -.Fo RSA_public_decrypt -.Fa "int flen" -.Fa "const unsigned char *from" -.Fa "unsigned char *to" -.Fa "RSA *rsa" -.Fa "int padding" -.Fc -.Sh DESCRIPTION -These functions handle RSA signatures at a low level. -.Pp -.Fn RSA_private_encrypt -signs the -.Fa flen -bytes at -.Fa from -(usually a message digest with an algorithm identifier) using the -private key -.Fa rsa -and stores the signature in -.Fa to . -.Fa to -must point to -.Fn RSA_size rsa -bytes of memory. -.Pp -.Fa padding -denotes one of the following modes: -.Bl -tag -width Ds -.It Dv RSA_PKCS1_PADDING -PKCS #1 v1.5 padding. -This function does not handle the -.Sy algorithmIdentifier -specified in PKCS #1. -When generating or verifying PKCS #1 signatures, -.Xr RSA_sign 3 -and -.Xr RSA_verify 3 -should be used. -.It Dv RSA_NO_PADDING -Raw RSA signature. -This mode should only be used to implement cryptographically sound -padding modes in the application code. -Signing user data directly with RSA is insecure. -.El -.Pp -.Fn RSA_public_decrypt -recovers the message digest from the -.Fa flen -bytes long signature at -.Fa from -using the signer's public key -.Fa rsa . -.Fa to -must point to a memory section large enough to hold the message digest -(which is smaller than -.Fn RSA_size rsa -- 11). -.Fa padding -is the padding mode that was used to sign the data. -.Sh RETURN VALUES -.Fn RSA_private_encrypt -returns the size of the signature (i.e.\& -.Fn RSA_size rsa ) . -.Fn RSA_public_decrypt -returns the size of the recovered message digest. -.Pp -On error, -1 is returned; the error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr RSA_meth_set_priv_enc 3 , -.Xr RSA_new 3 , -.Xr RSA_sign 3 , -.Xr RSA_verify 3 -.Sh HISTORY -.Fn RSA_private_encrypt -and -.Fn RSA_public_decrypt -appeared in SSLeay 0.4 or earlier and have been available since -.Ox 2.4 . -.Pp -.Dv RSA_NO_PADDING -is available since SSLeay 0.9.0. diff --git a/src/lib/libcrypto/man/RSA_public_encrypt.3 b/src/lib/libcrypto/man/RSA_public_encrypt.3 deleted file mode 100644 index b1b4d2a478..0000000000 --- a/src/lib/libcrypto/man/RSA_public_encrypt.3 +++ /dev/null @@ -1,167 +0,0 @@ -.\" $OpenBSD: RSA_public_encrypt.3,v 1.12 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL RSA_public_encrypt.pod 1e3f62a3 Jul 17 16:47:13 2017 +0200 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2004 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt RSA_PUBLIC_ENCRYPT 3 -.Os -.Sh NAME -.Nm RSA_public_encrypt , -.Nm RSA_private_decrypt -.Nd RSA public key cryptography -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_public_encrypt -.Fa "int flen" -.Fa "const unsigned char *from" -.Fa "unsigned char *to" -.Fa "RSA *rsa" -.Fa "int padding" -.Fc -.Ft int -.Fo RSA_private_decrypt -.Fa "int flen" -.Fa "const unsigned char *from" -.Fa "unsigned char *to" -.Fa "RSA *rsa" -.Fa "int padding" -.Fc -.Sh DESCRIPTION -.Fn RSA_public_encrypt -encrypts the -.Fa flen -bytes at -.Fa from -(usually a session key) using the public key -.Fa rsa -and stores the ciphertext in -.Fa to . -.Fa to -must point to -.Fn RSA_size rsa -bytes of memory. -.Pp -.Fa padding -denotes one of the following modes: -.Bl -tag -width Ds -.It Dv RSA_PKCS1_PADDING -PKCS #1 v1.5 padding. -This currently is the most widely used mode. -.It Dv RSA_PKCS1_OAEP_PADDING -EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty -encoding parameter. -This mode is recommended for all new applications. -.It Dv RSA_NO_PADDING -Raw RSA encryption. -This mode should only be used to implement cryptographically sound -padding modes in the application code. -Encrypting user data directly with RSA is insecure. -.El -.Pp -.Fa flen -must be less than -.Fn RSA_size rsa -- 11 for the PKCS #1 v1.5 based padding modes, less than -.Fn RSA_size rsa -- 41 for -.Dv RSA_PKCS1_OAEP_PADDING -and exactly -.Fn RSA_size rsa -for -.Dv RSA_NO_PADDING . -.Pp -.Fn RSA_private_decrypt -decrypts the -.Fa flen -bytes at -.Fa from -using the private key -.Fa rsa -and stores the plaintext in -.Fa to . -.Fa to -must point to a memory section large enough to hold the decrypted data -(which is smaller than -.Fn RSA_size rsa ) . -.Fa padding -is the padding mode that was used to encrypt the data. -.Sh RETURN VALUES -.Fn RSA_public_encrypt -returns the size of the encrypted data (i.e.\& -.Fn RSA_size rsa ) . -.Fn RSA_private_decrypt -returns the size of the recovered plaintext. -.Pp -On error, -1 is returned; the error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr RSA_meth_set_priv_dec 3 , -.Xr RSA_new 3 , -.Xr RSA_size 3 -.Sh STANDARDS -SSL, PKCS #1 v2.0 -.Sh HISTORY -.Fn RSA_public_encrypt -and -.Fn RSA_private_decrypt -appeared in SSLeay 0.4 or earlier and have been available since -.Ox 2.4 . -.Pp -.Dv RSA_NO_PADDING -is available since SSLeay 0.9.0. -OAEP was added in OpenSSL 0.9.2b. -.Sh BUGS -Decryption failures in the -.Dv RSA_PKCS1_PADDING -mode leak information which can potentially be used to mount a -Bleichenbacher padding oracle attack. -This is an inherent weakness in the PKCS #1 v1.5 padding design. -Prefer -.Dv RSA_PKCS1_OAEP_PADDING . diff --git a/src/lib/libcrypto/man/RSA_set_method.3 b/src/lib/libcrypto/man/RSA_set_method.3 deleted file mode 100644 index 9e700a0cc3..0000000000 --- a/src/lib/libcrypto/man/RSA_set_method.3 +++ /dev/null @@ -1,278 +0,0 @@ -.\" $OpenBSD: RSA_set_method.3,v 1.15 2019/06/08 10:40:51 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Ulf Moeller -.\" and Geoff Thorpe . -.\" Copyright (c) 2000, 2002, 2007, 2014 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 8 2019 $ -.Dt RSA_SET_METHOD 3 -.Os -.Sh NAME -.Nm RSA_set_default_method , -.Nm RSA_get_default_method , -.Nm RSA_set_method , -.Nm RSA_get_method , -.Nm RSA_PKCS1_SSLeay , -.Nm RSA_flags , -.Nm RSA_new_method -.Nd select RSA method -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft void -.Fo RSA_set_default_method -.Fa "const RSA_METHOD *meth" -.Fc -.Ft const RSA_METHOD * -.Fn RSA_get_default_method void -.Ft int -.Fo RSA_set_method -.Fa "RSA *rsa" -.Fa "const RSA_METHOD *meth" -.Fc -.Ft const RSA_METHOD * -.Fo RSA_get_method -.Fa "const RSA *rsa" -.Fc -.Ft const RSA_METHOD * -.Fn RSA_PKCS1_SSLeay void -.Ft int -.Fo RSA_flags -.Fa "const RSA *rsa" -.Fc -.Ft RSA * -.Fo RSA_new_method -.Fa "ENGINE *engine" -.Fc -.Sh DESCRIPTION -An -.Vt RSA_METHOD -object contains pointers to the functions used for RSA operations. -By default, the internal implementation returned by -.Fn RSA_PKCS1_SSLeay -is used. -By selecting another method, alternative implementations -such as hardware accelerators may be used. -.Pp -.Fn RSA_set_default_method -selects -.Fa meth -as the default method for all -.Vt RSA -structures created later. -If any -.Vt ENGINE -was registered with -.Xr ENGINE_register_RSA 3 -that can be successfully initialized, it overrides the default. -.Pp -.Fn RSA_get_default_method -returns a pointer to the current default method, -even if it is actually overridded by an -.Vt ENGINE . -.Pp -.Fn RSA_set_method -selects -.Fa meth -to perform all operations using the key -.Fa rsa . -This replaces the previous -.Vt RSA_METHOD -used by the RSA key, calling the -.Fa finish -function set up with -.Xr RSA_meth_set_finish 3 -if any, and if the previous method was supplied by an -.Vt ENGINE , -.Xr ENGINE_finish 3 -is called on it. -If -.Fa meth -contains an -.Fa init -function set up with -.Xr RSA_meth_set_init 3 , -that function is called just before returning from -.Fn RSA_set_method . -.Pp -It is possible to have RSA keys that only work with certain -.Vt RSA_METHOD -implementations (e.g. from an -.Vt ENGINE -module that supports embedded hardware-protected keys), -and in such cases attempting to change the -.Vt RSA_METHOD -for the key can have unexpected results. -.Pp -.Fn RSA_get_method -returns a pointer to the -.Vt RSA_METHOD -being used by -.Fa rsa . -This method may or may not be supplied by an -.Vt ENGINE -implementation but if it is, the return value can only be guaranteed -to be valid as long as the RSA key itself is valid and does not -have its implementation changed by -.Fn RSA_set_method . -.Pp -The misleadingly named function -.Fn RSA_flags -returns the flags that are set for the current -.Vt RSA_METHOD -of -.Fa rsa . -The flags used by -.Fa rsa -itself can instead be tested with -.Xr RSA_test_flags 3 . -See the -.Sx BUGS -section for more details. -.Pp -.Fn RSA_new_method -allocates and initializes an -.Vt RSA -structure so that -.Fa engine -is used for the RSA operations. -If -.Fa engine -is -.Dv NULL , -.Xr ENGINE_get_default_RSA 3 -is used. -If that returns -.Dv NULL , -the default method controlled by -.Fn RSA_set_default_method -is used. -.Pp -The initial -.Fa flags -are copied from the -.Vt RSA_METHOD -object used and will not be affected by later changes to that object, -but may be modified by the optional -.Fa init -function which may have been set up with -.Xr RSA_meth_set_init 3 -and which is called just before returning from -.Fn RSA_new_method . -.Sh RETURN VALUES -.Fn RSA_PKCS1_SSLeay , -.Fn RSA_get_default_method , -and -.Fn RSA_get_method -return pointers to the respective -.Vt RSA_METHOD . -.Pp -.Fn RSA_set_method -returns 1 on success or 0 on failure. -Currently, it cannot fail. -.Pp -.Fn RSA_new_method -returns -.Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 -if the allocation fails. -Otherwise it returns a pointer to the newly allocated structure. -.Sh SEE ALSO -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default_RSA 3 , -.Xr RSA_meth_new 3 , -.Xr RSA_new 3 -.Sh HISTORY -.Fn RSA_set_default_method , -.Fn RSA_PKCS1_SSLeay , -and -.Fn RSA_new_method -first appeared in SSLeay 0.8.0. -.Fn RSA_flags -first appeared in SSLeay 0.9.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn RSA_get_default_method , -.Fn RSA_set_method , -and -.Fn RSA_get_method -as well as the -.Fa rsa_sign -and -.Fa rsa_verify -components of -.Vt RSA_METHOD -first appeared in OpenSSL 0.9.4 and have been available since -.Ox 2.6 . -.Sh BUGS -The behaviour of -.Fn RSA_flags -is a misfeature that is left as-is for now to avoid creating -compatibility problems. -RSA functionality, such as the encryption functions, are controlled by -the -.Fa flags -value in the -.Vt RSA -key itself, not by the -.Fa flags -value in the -.Vt RSA_METHOD -attached to the RSA key (which is what this function returns). -If the flags element of an -.Vt RSA -key is changed, the changes will be honoured by RSA functionality -but will not be reflected in the return value of the -.Fn RSA_flags -function - in effect -.Fn RSA_flags -behaves more like an RSA_default_flags() function, which does not -currently exist. diff --git a/src/lib/libcrypto/man/RSA_sign.3 b/src/lib/libcrypto/man/RSA_sign.3 deleted file mode 100644 index 65e9dc99b8..0000000000 --- a/src/lib/libcrypto/man/RSA_sign.3 +++ /dev/null @@ -1,147 +0,0 @@ -.\" $OpenBSD: RSA_sign.3,v 1.8 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL aa90ca11 Aug 20 15:48:56 2016 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2005, 2014, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt RSA_SIGN 3 -.Os -.Sh NAME -.Nm RSA_sign , -.Nm RSA_verify -.Nd RSA signatures -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_sign -.Fa "int type" -.Fa "const unsigned char *m" -.Fa "unsigned int m_len" -.Fa "unsigned char *sigret" -.Fa "unsigned int *siglen" -.Fa "RSA *rsa" -.Fc -.Ft int -.Fo RSA_verify -.Fa "int type" -.Fa "const unsigned char *m" -.Fa "unsigned int m_len" -.Fa "unsigned char *sigbuf" -.Fa "unsigned int siglen" -.Fa "RSA *rsa" -.Fc -.Sh DESCRIPTION -.Fn RSA_sign -signs the message digest -.Fa m -of size -.Fa m_len -using the private key -.Fa rsa -using RSASSA-PKCS1-v1_5 as specified in RFC 3447. -It stores the signature in -.Fa sigret -and the signature size in -.Fa siglen . -.Fa sigret -must point to -.Fn RSA_size rsa -bytes of memory. -Note that PKCS #1 adds meta-data, placing limits on the size of the key -that can be used. -See -.Xr RSA_private_encrypt 3 -for lower-level operations. -.Pp -.Fa type -denotes the message digest algorithm that was used to generate -.Fa m . -If -.Fa type -is -.Sy NID_md5_sha1 , -an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding and -no algorithm identifier) is created. -.Pp -.Fn RSA_verify -verifies that the signature -.Fa sigbuf -of size -.Fa siglen -matches a given message digest -.Fa m -of size -.Fa m_len . -.Fa type -denotes the message digest algorithm that was used to generate the -signature. -.Fa rsa -is the signer's public key. -.Sh RETURN VALUES -.Fn RSA_sign -returns 1 on success. -.Fn RSA_verify -returns 1 on successful verification. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr RSA_meth_set_sign 3 , -.Xr RSA_new 3 , -.Xr RSA_private_encrypt 3 , -.Xr RSA_public_decrypt 3 -.Sh STANDARDS -SSL, PKCS #1 v2.0 -.Sh HISTORY -.Fn RSA_sign -first appeared in SSLeay 0.4.4. -.Fn RSA_verify -first appeared in SSLeay 0.6.0. -Both functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/src/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 deleted file mode 100644 index 34aef42c48..0000000000 --- a/src/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ /dev/null @@ -1,131 +0,0 @@ -.\" $OpenBSD: RSA_sign_ASN1_OCTET_STRING.3,v 1.7 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt RSA_SIGN_ASN1_OCTET_STRING 3 -.Os -.Sh NAME -.Nm RSA_sign_ASN1_OCTET_STRING , -.Nm RSA_verify_ASN1_OCTET_STRING -.Nd RSA signatures -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_sign_ASN1_OCTET_STRING -.Fa "int dummy" -.Fa "unsigned char *m" -.Fa "unsigned int m_len" -.Fa "unsigned char *sigret" -.Fa "unsigned int *siglen" -.Fa "RSA *rsa" -.Fc -.Ft int -.Fo RSA_verify_ASN1_OCTET_STRING -.Fa "int dummy" -.Fa "unsigned char *m" -.Fa "unsigned int m_len" -.Fa "unsigned char *sigbuf" -.Fa "unsigned int siglen" -.Fa "RSA *rsa" -.Fc -.Sh DESCRIPTION -.Fn RSA_sign_ASN1_OCTET_STRING -signs the octet string -.Fa m -of size -.Fa m_len -using the private key -.Fa rsa -represented in DER using PKCS #1 padding. -It stores the signature in -.Fa sigret -and the signature size in -.Fa siglen . -.Fa sigret -must point to -.Fn RSA_size rsa -bytes of memory. -.Pp -.Fa dummy -is ignored. -.Pp -.Fn RSA_verify_ASN1_OCTET_STRING -verifies that the signature -.Fa sigbuf -of size -.Fa siglen -is the DER representation of a given octet string -.Fa m -of size -.Fa m_len . -.Fa dummy -is ignored. -.Fa rsa -is the signer's public key. -.Sh RETURN VALUES -.Fn RSA_sign_ASN1_OCTET_STRING -returns 1 on success or 0 otherwise. -.Fn RSA_verify_ASN1_OCTET_STRING -returns 1 on successful verification or 0 otherwise. -.Pp -The error codes can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr RSA_new 3 , -.Xr RSA_sign 3 , -.Xr RSA_verify 3 -.Sh HISTORY -.Fn RSA_sign_ASN1_OCTET_STRING -and -.Fn RSA_verify_ASN1_OCTET_STRING -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Sh BUGS -These functions serve no recognizable purpose. diff --git a/src/lib/libcrypto/man/RSA_size.3 b/src/lib/libcrypto/man/RSA_size.3 deleted file mode 100644 index 7218c2e1f8..0000000000 --- a/src/lib/libcrypto/man/RSA_size.3 +++ /dev/null @@ -1,96 +0,0 @@ -.\" $OpenBSD: RSA_size.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Ulf Moeller and -.\" Kurt Roeckx . -.\" Copyright (c) 2000, 2002, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt RSA_SIZE 3 -.Os -.Sh NAME -.Nm RSA_size , -.Nm RSA_bits -.Nd get the RSA modulus size -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft int -.Fo RSA_size -.Fa "const RSA *rsa" -.Fc -.Ft int -.Fo RSA_bits -.Fa "const RSA *rsa" -.Fc -.Sh DESCRIPTION -.Fn RSA_size -returns the RSA modulus size in bytes. -It can be used to determine how much memory must be allocated for -an RSA encrypted value. -.Pp -.Fn RSA_bits -returns the number of significant bits. -.Pp -.Fa rsa -and -.Fa rsa->n -must not be -.Dv NULL . -.Sh RETURN VALUES -The size. -.Sh SEE ALSO -.Xr BN_num_bits 3 , -.Xr RSA_get0_key 3 , -.Xr RSA_new 3 -.Sh HISTORY -.Fn RSA_size -first appeared in SSLeay 0.4.4 and has been available since -.Ox 2.4 . -.Pp -.Fn RSA_bits -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/SHA1.3 b/src/lib/libcrypto/man/SHA1.3 deleted file mode 100644 index f5061e56e6..0000000000 --- a/src/lib/libcrypto/man/SHA1.3 +++ /dev/null @@ -1,276 +0,0 @@ -.\" $OpenBSD: SHA1.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Ulf Moeller and -.\" Matt Caswell . -.\" Copyright (c) 2000, 2006, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt SHA1 3 -.Os -.Sh NAME -.Nm SHA1 , -.Nm SHA1_Init , -.Nm SHA1_Update , -.Nm SHA1_Final , -.Nm SHA224 , -.Nm SHA224_Init , -.Nm SHA224_Update , -.Nm SHA224_Final , -.Nm SHA256 , -.Nm SHA256_Init , -.Nm SHA256_Update , -.Nm SHA256_Final , -.Nm SHA384 , -.Nm SHA384_Init , -.Nm SHA384_Update , -.Nm SHA384_Final , -.Nm SHA512 , -.Nm SHA512_Init , -.Nm SHA512_Update , -.Nm SHA512_Final -.Nd Secure Hash Algorithm -.Sh SYNOPSIS -.In openssl/sha.h -.Ft unsigned char * -.Fo SHA1 -.Fa "const unsigned char *d" -.Fa "size_t n" -.Fa "unsigned char *md" -.Fc -.Ft int -.Fo SHA1_Init -.Fa "SHA_CTX *c" -.Fc -.Ft int -.Fo SHA1_Update -.Fa "SHA_CTX *c" -.Fa "const void *data" -.Fa "size_t len" -.Fc -.Ft int -.Fo SHA1_Final -.Fa "unsigned char *md" -.Fa "SHA_CTX *c" -.Fc -.Ft unsigned char * -.Fo SHA224 -.Fa "const unsigned char *d" -.Fa "size_t n" -.Fa "unsigned char *md" -.Fc -.Ft int -.Fo SHA224_Init -.Fa "SHA256_CTX *c" -.Fc -.Ft int -.Fo SHA224_Update -.Fa "SHA256_CTX *c" -.Fa "const void *data" -.Fa "size_t len" -.Fc -.Ft int -.Fo SHA224_Final -.Fa "unsigned char *md" -.Fa "SHA256_CTX *c" -.Fc -.Ft unsigned char * -.Fo SHA256 -.Fa "const unsigned char *d" -.Fa "size_t n" -.Fa "unsigned char *md" -.Fc -.Ft int -.Fo SHA256_Init -.Fa "SHA256_CTX *c" -.Fc -.Ft int -.Fo SHA256_Update -.Fa "SHA256_CTX *c" -.Fa "const void *data" -.Fa "size_t len" -.Fc -.Ft int -.Fo SHA256_Final -.Fa "unsigned char *md" -.Fa "SHA256_CTX *c" -.Fc -.Ft unsigned char * -.Fo SHA384 -.Fa "const unsigned char *d" -.Fa "size_t n" -.Fa "unsigned char *md" -.Fc -.Ft int -.Fo SHA384_Init -.Fa "SHA512_CTX *c" -.Fc -.Ft int -.Fo SHA384_Update -.Fa "SHA512_CTX *c" -.Fa "const void *data" -.Fa "size_t len" -.Fc -.Ft int -.Fo SHA384_Final -.Fa "unsigned char *md" -.Fa "SHA512_CTX *c" -.Fc -.Ft unsigned char * -.Fo SHA512 -.Fa "const unsigned char *d" -.Fa "size_t n" -.Fa "unsigned char *md" -.Fc -.Ft int -.Fo SHA512_Init -.Fa "SHA512_CTX *c" -.Fc -.Ft int -.Fo SHA512_Update -.Fa "SHA512_CTX *c" -.Fa "const void *data" -.Fa "size_t len" -.Fc -.Ft int -.Fo SHA512_Final -.Fa "unsigned char *md" -.Fa "SHA512_CTX *c" -.Fc -.Sh DESCRIPTION -SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a -160-bit output. -.Pp -.Fn SHA1 -computes the SHA-1 message digest of the -.Fa n -bytes at -.Fa d -and places it in -.Fa md , -which must have space for -.Dv SHA_DIGEST_LENGTH -== 20 bytes of output. -If -.Fa md -is -.Dv NULL , -the digest is placed in a static array, which is not thread safe. -.Pp -The following functions may be used if the message is not completely -stored in memory: -.Pp -.Fn SHA1_Init -initializes a -.Vt SHA_CTX -structure. -.Pp -.Fn SHA1_Update -can be called repeatedly with chunks of the message to be hashed -.Pq Fa len No bytes at Fa data . -.Pp -.Fn SHA1_Final -places the message digest in -.Fa md , -which must have space for -.Dv SHA_DIGEST_LENGTH -== 20 bytes of output, and erases the -.Vt SHA_CTX . -.Pp -The SHA224, SHA256, SHA384, and SHA512 families of functions operate -in the same way as the SHA1 functions. -Note that SHA224 and SHA256 use a -.Vt SHA256_CTX -object instead of -.Vt SHA_CTX , -and SHA384 and SHA512 use -.Vt SHA512_CTX . -The buffer -.Fa md -must have space for the output from the SHA variant being used: -.Dv SHA224_DIGEST_LENGTH , -.Dv SHA256_DIGEST_LENGTH , -.Dv SHA384_DIGEST_LENGTH , -or -.Dv SHA512_DIGEST_LENGTH -bytes. -.Pp -Applications should use the higher level functions -.Xr EVP_DigestInit 3 -etc. instead of calling the hash functions directly. -.Pp -The predecessor of SHA-1, SHA, is also implemented, but it should be -used only when backward compatibility is required. -.Sh RETURN VALUES -.Fn SHA1 , -.Fn SHA224 , -.Fn SHA256 , -.Fn SHA384 , -and -.Fn SHA512 -return a pointer to the hash value. -The other functions return 1 for success or 0 otherwise. -.Sh SEE ALSO -.Xr EVP_DigestInit 3 , -.Xr HMAC 3 , -.Xr RIPEMD160 3 -.Sh STANDARDS -SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure -Hash Standard), SHA-1: US Federal Information Processing Standard FIPS -PUB 180-1 (Secure Hash Standard), ANSI X9.30 -.Sh HISTORY -.Fn SHA1 , -.Fn SHA1_Init , -.Fn SHA1_Update , -and -.Fn SHA1_Final -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -The other functions first appeared in OpenSSL 0.9.8 -and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/SMIME_read_CMS.3 b/src/lib/libcrypto/man/SMIME_read_CMS.3 deleted file mode 100644 index bbfb1e5463..0000000000 --- a/src/lib/libcrypto/man/SMIME_read_CMS.3 +++ /dev/null @@ -1,131 +0,0 @@ -.\" $OpenBSD: SMIME_read_CMS.3,v 1.6 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt SMIME_READ_CMS 3 -.Os -.Sh NAME -.Nm SMIME_read_CMS -.Nd parse S/MIME message -.Sh SYNOPSIS -.In openssl/cms.h -.Ft CMS_ContentInfo * -.Fo SMIME_read_CMS -.Fa "BIO *in" -.Fa "BIO **bcont" -.Fc -.Sh DESCRIPTION -.Fn SMIME_read_CMS -parses a message in S/MIME format from -.Fa in . -.Pp -If the message uses cleartext signing, the content is saved in a memory BIO -which is written to -.Pf * Fa bcont -and which can then be passed to -.Xr CMS_verify 3 -with the -.Dv CMS_DETACHED -flag set. -Otherwise, -.Pf * Fa bcont -is set to -.Dv NULL -and the type of the returned structure can be determined using -.Xr CMS_get0_type 3 . -.Pp -To support future functionality if -.Fa bcont -is not -.Dv NULL , -.Pf * Fa bcont -should be initialized to -.Dv NULL , -for example: -.Bd -literal -offset indent -BIO *cont = NULL; -CMS_ContentInfo *cms = SMIME_read_CMS(in, &cont); -.Ed -.Sh RETURN VALUES -.Fn SMIME_read_CMS -returns a valid -.Vt CMS_ContentInfo -structure or -.Dv NULL -if an error occurred. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_decrypt 3 , -.Xr CMS_get0_type 3 , -.Xr CMS_verify 3 , -.Xr d2i_CMS_ContentInfo 3 , -.Xr SMIME_write_CMS 3 -.Sh HISTORY -.Fn SMIME_read_CMS -first appeared in OpenSSL 0.9.8h -and has been available since -.Ox 6.7 . -.Sh BUGS -The MIME parser used by -.Fn SMIME_read_CMS -is somewhat primitive. -While it will handle most S/MIME messages, more complex compound formats -may not work. -.Pp -The parser assumes that the -.Vt CMS_ContentInfo -structure is always base64 encoded and will not handle the case -where it is in binary format or uses quoted printable format. -.Pp -The use of a memory BIO to hold the signed content limits the size of -the message which can be processed due to memory restraints: a streaming -single pass option should be available. diff --git a/src/lib/libcrypto/man/SMIME_read_PKCS7.3 b/src/lib/libcrypto/man/SMIME_read_PKCS7.3 deleted file mode 100644 index 8ce739a7cb..0000000000 --- a/src/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ /dev/null @@ -1,149 +0,0 @@ -.\" $OpenBSD: SMIME_read_PKCS7.3,v 1.7 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2006 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt SMIME_READ_PKCS7 3 -.Os -.Sh NAME -.Nm SMIME_read_PKCS7 -.Nd parse S/MIME message -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft PKCS7 * -.Fo SMIME_read_PKCS7 -.Fa "BIO *in" -.Fa "BIO **bcont" -.Fc -.Sh DESCRIPTION -.Fn SMIME_read_PKCS7 -parses a message in S/MIME format. -.Pp -.Fa in -is a -.Vt BIO -to read the message from. -.Pp -If cleartext signing is used, then the content is saved in a memory -.Vt BIO -which is written to -.Pf * Fa bcont , -otherwise -.Pf * Fa bcont -is set to -.Dv NULL . -.Pp -The parsed PKCS#7 structure is returned, or -.Dv NULL -if an error occurred. -.Pp -If -.Pf * Fa bcont -is not -.Dv NULL , -then the message is clear text signed. -.Pf * Fa bcont -can then be passed to -.Xr PKCS7_verify 3 -with the -.Dv PKCS7_DETACHED -flag set. -.Pp -Otherwise the type of the returned structure can be determined using the -.Fn PKCS7_type_is_* -macros defined in -.In openssl/pkcs7.h . -.Pp -To support future functionality, if -.Fa bcont -is not -.Dv NULL , -.Pf * Fa bcont -should be initialized to -.Dv NULL . -For example: -.Bd -literal -offset indent -BIO *cont = NULL; -PKCS7 *p7; - -p7 = SMIME_read_PKCS7(in, &cont); -.Ed -.Sh RETURN VALUES -.Fn SMIME_read_PKCS7 -returns a valid -.Vt PKCS7 -structure or -.Dv NULL -if an error occurred. -The error can be obtained from -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr PKCS7_new 3 , -.Xr SMIME_write_PKCS7 3 -.Sh HISTORY -.Fn SMIME_read_PKCS7 -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Sh BUGS -The MIME parser used by -.Fn SMIME_read_PKCS7 -is somewhat primitive. -While it will handle most S/MIME messages, more complex compound -formats may not work. -.Pp -The parser assumes that the -.Vt PKCS7 -structure is always base64 encoded, and it will not handle the case -where it is in binary format or uses quoted printable format. -.Pp -The use of a memory -.Vt BIO -to hold the signed content limits the size of the message which can -be processed due to memory restraints: a streaming single pass -option should be available. diff --git a/src/lib/libcrypto/man/SMIME_write_CMS.3 b/src/lib/libcrypto/man/SMIME_write_CMS.3 deleted file mode 100644 index 5a4e607a3c..0000000000 --- a/src/lib/libcrypto/man/SMIME_write_CMS.3 +++ /dev/null @@ -1,132 +0,0 @@ -.\" $OpenBSD: SMIME_write_CMS.3,v 1.5 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt SMIME_WRITE_CMS 3 -.Os -.Sh NAME -.Nm SMIME_write_CMS -.Nd convert CMS structure to S/MIME format -.Sh SYNOPSIS -.In openssl/cms.h -.Ft int -.Fo SMIME_write_CMS -.Fa "BIO *out" -.Fa "CMS_ContentInfo *cms" -.Fa "BIO *data" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn SMIME_write_CMS -adds the appropriate MIME headers to the -.Fa cms -structure to produce an S/MIME message and writes it to -.Fa out . -If streaming is enabled, the content must be supplied in the -.Fa data -argument. -.Pp -The following -.Fa flags -can be passed: -.Bl -tag -width Ds -.It Dv CMS_DETACHED -Use cleartext signing. -This option only makes sense if -.Fa cms -is of the type -.Vt SignedData -and -.Dv CMS_DETACHED -was also set when it was created with -.Xr CMS_sign 3 . -.Pp -If -.Dv CMS_STREAM -is not set, the data must be read twice: -once to compute the signature in -.Xr CMS_sign 3 -and once to output the S/MIME message. -.It Dv CMS_TEXT -Add MIME headers for type text/plain to the content. -This only makes sense if -.Dv CMS_DETACHED -is also set. -.It Dv CMS_STREAM -Perform streaming. -This flag should only be set if -.Dv CMS_STREAM -was also passed to the function that created -.Fa cms . -.Pp -The content is output in BER format using indefinite length -constructed encoding except in the case of -.Vt SignedData -with detached content where the content is absent and DER format is -used. -.El -.Sh RETURN VALUES -.Fn SMIME_write_CMS -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_encrypt 3 , -.Xr CMS_sign 3 , -.Xr d2i_CMS_ContentInfo 3 , -.Xr ERR_get_error 3 -.Sh HISTORY -.Fn SMIME_write_CMS -first appeared in OpenSSL 0.9.8h -and has been available since -.Ox 6.7 . -.Sh BUGS -.Fn SMIME_write_CMS -always base64 encodes CMS structures. -There should be an option to disable this. diff --git a/src/lib/libcrypto/man/SMIME_write_PKCS7.3 b/src/lib/libcrypto/man/SMIME_write_PKCS7.3 deleted file mode 100644 index 39d8b5d859..0000000000 --- a/src/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ /dev/null @@ -1,147 +0,0 @@ -.\" $OpenBSD: SMIME_write_PKCS7.3,v 1.7 2020/06/03 13:41:27 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2003, 2006, 2007, 2015 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 3 2020 $ -.Dt SMIME_WRITE_PKCS7 3 -.Os -.Sh NAME -.Nm SMIME_write_PKCS7 -.Nd convert PKCS#7 structure to S/MIME format -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft int -.Fo SMIME_write_PKCS7 -.Fa "BIO *out" -.Fa "PKCS7 *p7" -.Fa "BIO *data" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn SMIME_write_PKCS7 -adds the appropriate MIME headers to a PKCS#7 structure to produce an -S/MIME message. -.Pp -.Fa out -is the -.Vt BIO -to write the data to. -.Fa p7 -is the appropriate -.Vt PKCS7 -structure. -If streaming is enabled, then the content must be supplied in the -.Fa data -argument. -.Fa flags -is an optional set of flags. -.Pp -The following flags can be passed in the -.Fa flags -parameter. -.Pp -If -.Dv PKCS7_DETACHED -is set, then cleartext signing will be used. -This option only makes sense for signedData where -.Dv PKCS7_DETACHED -is also set when -.Xr PKCS7_sign 3 -is also called. -.Pp -If the -.Dv PKCS7_TEXT -flag is set, MIME headers for type -.Sy text/plain -are added to the content. -This only makes sense if -.Dv PKCS7_DETACHED -is also set. -.Pp -If the -.Dv PKCS7_STREAM -flag is set, streaming is performed. -This flag should only be set if -.Dv PKCS7_STREAM -was also set in the previous call to -.Xr PKCS7_sign 3 -or -.Xr PKCS7_encrypt 3 . -.Pp -If cleartext signing is being used and -.Dv PKCS7_STREAM -is not set, then the data must be read twice: once to compute the -signature in -.Xr PKCS7_sign 3 -and once to output the S/MIME message. -.Pp -If streaming is performed, the content is output in BER format using -indefinite length constructed encoding except in the case of signed -data with detached content where the content is absent and DER -format is used. -.Sh RETURN VALUES -Upon successful completion, 1 is returned; -otherwise 0 is returned and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr i2d_PKCS7_bio_stream 3 , -.Xr PEM_write_bio_PKCS7_stream 3 , -.Xr PEM_write_PKCS7 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_new 3 , -.Xr SMIME_read_PKCS7 3 -.Sh HISTORY -.Fn SMIME_write_PKCS7 -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Sh BUGS -.Fn SMIME_write_PKCS7 -always base64 encodes PKCS#7 structures. -There should be an option to disable this. diff --git a/src/lib/libcrypto/man/STACK_OF.3 b/src/lib/libcrypto/man/STACK_OF.3 deleted file mode 100644 index 8b84900006..0000000000 --- a/src/lib/libcrypto/man/STACK_OF.3 +++ /dev/null @@ -1,190 +0,0 @@ -.\" $OpenBSD: STACK_OF.3,v 1.4 2019/06/10 09:49:48 schwarze Exp $ -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 10 2019 $ -.Dt STACK_OF 3 -.Os -.Sh NAME -.Nm STACK_OF -.Nd variable-sized arrays of pointers, called OpenSSL stacks -.Sh SYNOPSIS -.In openssl/safestack.h -.Fn STACK_OF type -.Sh DESCRIPTION -The -.In openssl/safestack.h -header provides a fragile, unusually complicated system of -macro-generated wrappers around the functions described in the -.Xr OPENSSL_sk_new 3 -manual page. -It is intended to implement superficially type-safe variable-sized -arrays of pointers, somewhat misleadingly called -.Dq stacks -by OpenSSL. -Due to the excessive number of API functions, it is impossible to -properly document this system. -In particular, calling -.Xr man 1 -for any of the functions operating on stacks cannot yield any result. -.Pp -Unfortunately, application programs can hardly avoid using the concept -because several important OpenSSL APIs rely on it; see the -.Sx SEE ALSO -section for examples. -Even though both pages are more complicated than any manual page -ought to be, using the concept safely requires a complete understanding -of all the details in both this manual page and in -.Xr OPENSSL_sk_new 3 . -.Pp -The -.Fn STACK_OF -macro takes a -.Fa type -name as its argument, typically the name of a type -that has been defined as an alias for a specific -.Vt struct -type using a -.Sy typedef -declaration. -It expands to an incomplete -.Vt struct -type which is intended to represent a -.Dq stack -of objects of the given -.Fa type . -That type does not actually exist, so it is not possible to define, -for example, an automatic variable -.Ql STACK_OF(X509) my_certificates ; -it is only possible to define pointers to stacks, for example -.Ql STACK_OF(X509) *my_certificates . -The only way such pointers can ever be used is by wrapper functions -casting them to the type -.Vt _STACK * -described in -.Xr OPENSSL_sk_new 3 . -.Pp -For a considerable number of types, OpenSSL provides one wrapper -function for each function described in -.Xr OPENSSL_sk_new 3 . -The names of these wrapper functions are usually constructed by -inserting the name of the type and an underscore after the -.Sq sk_ -prefix of the function name. -Usually, where the real functions take -.Vt void * -arguments, the wrappers take pointers to the -.Fa type -in questions, and where the real functions take -.Vt _STACK * -arguments, the wrappers take pointers to -.Fn STACK_OF type . -The same applies to return values. -Various exceptions to all this exist, but the above applies to -all the types listed below. -.Pp -Using the above may make sense for the following types because -public API functions exist that take stacks of these types as -arguments or return them: -.Vt ACCESS_DESCRIPTION , -.Vt ASN1_INTEGER , -.Vt ASN1_OBJECT , -.Vt ASN1_TYPE , -.Vt ASN1_UTF8STRING , -.Vt CONF_VALUE , -.Vt DIST_POINT , -.Vt GENERAL_NAME , -.Vt GENERAL_SUBTREE , -.Vt PKCS12_SAFEBAG , -.Vt PKCS7 , -.Vt PKCS7_RECIP_INFO , -.Vt PKCS7_SIGNER_INFO , -.Vt POLICY_MAPPING , -.Vt POLICYINFO , -.Vt POLICYQUALINFO , -.Vt X509 , -.Vt X509_ALGOR , -.Vt X509_ATTRIBUTE , -.Vt X509_CRL , -.Vt X509_EXTENSION , -.Vt X509_INFO , -.Vt X509_OBJECT , -.Vt X509_POLICY_NODE , -.Vt X509_PURPOSE , -.Vt X509_REVOKED . -.Pp -Even though the OpenSSL headers declare wrapper functions for many -more types and even though the OpenSSL documentation says that users -can declare their own stack types, using -.Fn STACK_OF -with any type not listed here is strongly discouraged. -For other types, there may be subtle, undocumented differences -in syntax and semantics, and attempting to declare custom stack -types is very error prone; using plain C arrays of pointers to -the desired type is much simpler and less dangerous. -.Sh EXAMPLES -The following program creates a certificate object, puts two -pointers to it on a stack, and uses -.Xr X509_free 3 -to clean up properly: -.Bd -literal -#include -#include -#include - -int -main(void) -{ - STACK_OF(X509) *stack; - X509 *x; - - if ((stack = sk_X509_new_null()) == NULL) - err(1, NULL); - if ((x = X509_new()) == NULL) - err(1, NULL); - if (sk_X509_push(stack, x) == 0) - err(1, NULL); - if (X509_up_ref(x) == 0) - errx(1, "X509_up_ref failed"); - if (sk_X509_push(stack, x) == 0) - err(1, NULL); - printf("%d pointers: %p, %p\en", sk_X509_num(stack), - sk_X509_value(stack, 0), sk_X509_value(stack, 1)); - sk_X509_pop_free(stack, X509_free); - - return 0; -} -.Ed -.Pp -The output looks similar to: -.Pp -.Dl 2 pointers: 0x4693ff24c00, 0x4693ff24c00 -.Sh SEE ALSO -.Xr crypto 3 , -.Xr OCSP_request_sign 3 , -.Xr OPENSSL_sk_new 3 , -.Xr PKCS12_parse 3 , -.Xr PKCS7_encrypt 3 , -.Xr SSL_CTX_set_client_CA_list 3 , -.Xr SSL_get_ciphers 3 , -.Xr SSL_get_peer_cert_chain 3 , -.Xr SSL_load_client_CA_file 3 , -.Xr X509_CRL_get_REVOKED 3 , -.Xr X509_STORE_CTX_get0_chain 3 -.Sh HISTORY -The -.Fn STACK_OF -macro first appeared in OpenSSL 0.9.3 and has been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/SXNET_new.3 b/src/lib/libcrypto/man/SXNET_new.3 deleted file mode 100644 index 9a723be203..0000000000 --- a/src/lib/libcrypto/man/SXNET_new.3 +++ /dev/null @@ -1,139 +0,0 @@ -.\" $OpenBSD: SXNET_new.3,v 1.3 2018/03/21 17:57:48 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt SXNET_NEW 3 -.Os -.Sh NAME -.Nm SXNET_new , -.Nm SXNET_free , -.Nm SXNETID_new , -.Nm SXNETID_free , -.Nm d2i_SXNET , -.Nm i2d_SXNET , -.Nm d2i_SXNETID , -.Nm i2d_SXNETID -.Nd Thawte strong extranet X.509 extension -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft SXNET * -.Fn SXNET_new void -.Ft void -.Fn SXNET_free "SXNET *sxnet" -.Ft SXNETID * -.Fn SXNETID_new void -.Ft void -.Fn SXNETID_free "SXNETID *sxnetid" -.Ft SXNET * -.Fo d2i_SXNET -.Fa "SXNET **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_SXNET -.Fa "SXNET *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft SXNETID * -.Fo d2i_SXNETID -.Fa "SXNETID **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_SXNETID -.Fa "SXNETID *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -.Fn SXNET_new -allocates and initializes an empty -.Vt SXNET -object representing a non-standard proprietary Thawte strong extranet -X.509 extension. -.Fn SXNET_free -frees -.Fa sxnet . -.Pp -.Fn SXNETID_new -allocates and initializes an empty -.Vt SXNETID -object. -It is used inside -.Vt SXNET . -.Fn SXNETID_free -frees -.Fa sxnetid . -.Pp -The remaining functions decode and encode these objects -using DER format. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Sh RETURN VALUES -.Fn SXNET_new -and -.Fn d2i_SXNET -return an -.Vt SXNET -object or -.Dv NULL -if an error occurs. -.Pp -.Fn SXNETID_new -and -.Fn d2i_SXNETID -return an -.Vt SXNETID -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_SXNET -and -.Fn i2d_SXNETID -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 -.Rs -.%A M. Shuttleworth -.%R The Strong Extranet: real-world personal certification -.%Q Thawte Consulting -.%C South Africa -.%D 1998 -.Re -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.3 -and have been available since -.Ox 2.6 . -.Sh BUGS -This manual page does not explain what the extension actually does -because no authoritative information was found online so far. -.Pp -The only hint was found in an ancient white paper "Securing IBM -Applications with Public Key Infrastructure" on the IBM website, -dated June 13, 2001: "Thawte also has a technology called Strong -Extranet that allows institutions to encode customer information -in the extensions to their customer's certificates. -Because multiple institutions can add information, the user needs -only one certificate, making renewal and revocation simpler, although -the issue of modifying an extension to an existing certificate is -not addressed." -.Pp -It is unclear whether that explanation is accurate, but in any case, -it is not very specific. diff --git a/src/lib/libcrypto/man/TS_REQ_new.3 b/src/lib/libcrypto/man/TS_REQ_new.3 deleted file mode 100644 index 8dbd15ea7e..0000000000 --- a/src/lib/libcrypto/man/TS_REQ_new.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" $OpenBSD: TS_REQ_new.3,v 1.6 2019/06/06 01:06:59 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt TS_REQ_NEW 3 -.Os -.Sh NAME -.Nm TS_REQ_new , -.Nm TS_REQ_free , -.Nm TS_RESP_new , -.Nm TS_RESP_free , -.Nm TS_STATUS_INFO_new , -.Nm TS_STATUS_INFO_free , -.Nm TS_TST_INFO_new , -.Nm TS_TST_INFO_free , -.Nm TS_ACCURACY_new , -.Nm TS_ACCURACY_free , -.Nm TS_MSG_IMPRINT_new , -.Nm TS_MSG_IMPRINT_free -.Nd X.509 time-stamp protocol -.Sh SYNOPSIS -.In openssl/ts.h -.Ft TS_REQ * -.Fn TS_REQ_new void -.Ft void -.Fn TS_REQ_free "TS_REQ *req" -.Ft TS_RESP * -.Fn TS_RESP_new void -.Ft void -.Fn TS_RESP_free "TS_RESP *resp" -.Ft TS_STATUS_INFO * -.Fn TS_STATUS_INFO_new void -.Ft void -.Fn TS_STATUS_INFO_free "TS_STATUS_INFO *status" -.Ft TS_TST_INFO * -.Fn TS_TST_INFO_new void -.Ft void -.Fn TS_TST_INFO_free "TS_TST_INFO *token" -.Ft TS_ACCURACY * -.Fn TS_ACCURACY_new void -.Ft void -.Fn TS_ACCURACY_free "TS_ACCURACY *accuracy" -.Ft TS_MSG_IMPRINT * -.Fn TS_MSG_IMPRINT_new void -.Ft void -.Fn TS_MSG_IMPRINT_free "TS_MSG_IMPRINT *imprint" -.Sh DESCRIPTION -A time-stamping authority is a trusted third party which allows its -clients to prove that specific data existed at a particular point -in time. -Clients send time-stamping requests to the time-stamping server, -which returns time-stamp tokens to the clients. -.Pp -.Fn TS_REQ_new -allocates and initializes an empty -.Vt TS_REQ -object, representing an ASN.1 -.Vt TimeStampReq -structure defined in RFC 3161 section 2.4.1. -It can hold a hash of the datum to be time-stamped and some -auxiliary, optional information. -.Fn TS_REQ_free -frees -.Fa req . -.Pp -.Fn TS_RESP_new -allocates and initializes an empty -.Vt TS_RESP -object, representing an ASN.1 -.Vt TimeStampResp -structure defined in RFC 3161 section 2.4.2. -It can hold status information and a time-stamp token. -.Fn TS_RESP_free -frees -.Fa resp . -.Pp -.Fn TS_STATUS_INFO_new -allocates and initializes an empty -.Vt TS_STATUS_INFO -object, representing an ASN.1 -.Vt PKIStatusInfo -structure defined in RFC 3161 section 2.4.2. -It is used inside -.Vt TS_RESP -and describes the outcome of one time-stamp request. -.Fn TS_STATUS_INFO_free -frees -.Fa status . -.Pp -.Fn TS_TST_INFO_new -allocates and initializes an empty -.Vt TS_TST_INFO -object, representing an ASN.1 -.Vt TSTInfo -structure defined in RFC 3161 section 2.4.2. -It is the time-stamp token included in a -.Vt TS_RESP -object in case of success, and it can hold the hash of the datum -copied from a request, the time of generation, and some auxiliary -information. -.Fn TS_TST_INFO_free -frees -.Fa token . -.Pp -.Fn TS_ACCURACY_new -allocates and initializes an empty -.Vt TS_ACCURACY -object, representing an ASN.1 -.Vt Accuracy -structure defined in RFC 3161 section 2.4.2. -It can be used inside a -.Vt TS_TST_INFO -object and indicates the maximum error of the time stated in the token. -.Fn TS_ACCURACY_free -frees -.Fa accuracy . -.Pp -.Fn TS_MSG_IMPRINT_new -allocates and initializes an empty -.Vt TS_MSG_IMPRINT -object, representing an ASN.1 -.Vt MessageImprint -structure defined in RFC 3161 section 2.4.1. -It is used inside -.Vt TS_REQ -and -.Vt TS_RESP -objects. -It specifies a hash algorithm and stores the hash value of the datum. -.Fn TS_MSG_IMPRINT_free -frees -.Fa imprint . -.Sh RETURN VALUES -.Fn TS_REQ_new , -.Fn TS_RESP_new , -.Fn TS_STATUS_INFO_new , -.Fn TS_TST_INFO_new , -.Fn TS_ACCURACY_new , -and -.Fn TS_MSG_IMPRINT_new -return the new -.Vt TS_REQ , -.Vt TS_RESP , -.Vt TS_STATUS_INFO , -.Vt TS_TST_INFO , -.Vt TS_ACCURACY , -or -.Vt TS_MSG_IMPRINT -object, respectively, or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr ACCESS_DESCRIPTION_new 3 , -.Xr ESS_SIGNING_CERT_new 3 , -.Xr X509_EXTENSION_new 3 -.Sh STANDARDS -RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol -.Pp -Note that RFC 3161 has been updated -by RFC 5816: ESSCertIDv2 Update for RFC 3161. -That update allows using the Signing Certificate Attribute Definition -Version 2 according to RFC 5035, but the current implementation -only supports the Signing Certificate Attribute Definition Version -1 according to RFC 2634, and hence only supports RFC 3161, but not -RFC 5816 functionality. -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/UI_UTIL_read_pw.3 b/src/lib/libcrypto/man/UI_UTIL_read_pw.3 deleted file mode 100644 index aa3cefe8dd..0000000000 --- a/src/lib/libcrypto/man/UI_UTIL_read_pw.3 +++ /dev/null @@ -1,107 +0,0 @@ -.\" $OpenBSD: UI_UTIL_read_pw.3,v 1.3 2018/03/22 21:08:22 schwarze Exp $ -.\" full merge up to: OpenSSL 23103a52 Jan 12 15:17:42 2017 +0100 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Richard Levitte . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt UI_UTIL_READ_PW 3 -.Os -.Sh NAME -.Nm UI_UTIL_read_pw , -.Nm UI_UTIL_read_pw_string -.Nd get a password from the user -.Sh SYNOPSIS -.In openssl/ui.h -.Ft int -.Fo UI_UTIL_read_pw_string -.Fa "char *buf" -.Fa "int length" -.Fa "const char *prompt" -.Fa "int verify" -.Fc -.Ft int -.Fo UI_UTIL_read_pw -.Fa "char *buf" -.Fa "char *buff" -.Fa "int size" -.Fa "const char *prompt" -.Fa "int verify" -.Fc -.Sh DESCRIPTION -.Fn UI_UTIL_read_pw_string -asks for a passphrase, using -.Fa prompt -as a prompt, and stores it in -.Fa buf . -The maximum allowed size is given with -.Fa length , -including the terminating NUL byte. -If -.Fa verify -is non-zero, the password will be verified as well. -.Pp -.Fn UI_UTIL_read_pw -does the same as -.Fn UI_UTIL_read_pw_string , -but takes an external buffer -.Fa buff -for the verification passphrase. -.Sh RETURN VALUES -.Fn UI_UTIL_read_pw_string -and -.Fn UI_UTIL_read_pw -return 0 on success or a negative value on error. -.Sh SEE ALSO -.Xr UI_new 3 -.Sh HISTORY -.Fn UI_UTIL_read_pw -and -.Fn UI_UTIL_read_pw_string -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/UI_create_method.3 b/src/lib/libcrypto/man/UI_create_method.3 deleted file mode 100644 index 0c23e24e0e..0000000000 --- a/src/lib/libcrypto/man/UI_create_method.3 +++ /dev/null @@ -1,284 +0,0 @@ -.\" $OpenBSD: UI_create_method.3,v 1.5 2018/05/19 23:06:33 schwarze Exp $ -.\" OpenSSL UI_create_method.pod 8e3d46e5 Mar 11 10:51:04 2017 +0100 -.\" -.\" This file was written by Richard Levitte . -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 19 2018 $ -.Dt UI_CREATE_METHOD 3 -.Os -.Sh NAME -.Nm UI_create_method , -.Nm UI_destroy_method , -.Nm UI_method_set_opener , -.Nm UI_method_set_writer , -.Nm UI_method_set_flusher , -.Nm UI_method_set_reader , -.Nm UI_method_set_closer , -.Nm UI_method_set_prompt_constructor , -.Nm UI_method_get_opener , -.Nm UI_method_get_writer , -.Nm UI_method_get_flusher , -.Nm UI_method_get_reader , -.Nm UI_method_get_closer , -.Nm UI_method_get_prompt_constructor -.Nd user interface method creation and destruction -.Sh SYNOPSIS -.In openssl/ui.h -.Ft UI_METHOD * -.Fo UI_create_method -.Fa "const char *name" -.Fc -.Ft void -.Fo UI_destroy_method -.Fa "UI_METHOD *ui_method" -.Fc -.Ft int -.Fo UI_method_set_opener -.Fa "UI_METHOD *method" -.Fa "int (*opener)(UI *ui)" -.Fc -.Ft int -.Fo UI_method_set_writer -.Fa "UI_METHOD *method" -.Fa "int (*writer)(UI *ui, UI_STRING *uis)" -.Fc -.Ft int -.Fo UI_method_set_flusher -.Fa "UI_METHOD *method" -.Fa "int (*flusher)(UI *ui)" -.Fc -.Ft int -.Fo UI_method_set_reader -.Fa "UI_METHOD *method" -.Fa "int (*reader)(UI *ui, UI_STRING *uis)" -.Fc -.Ft int -.Fo UI_method_set_closer -.Fa "UI_METHOD *method" -.Fa "int (*closer)(UI *ui)" -.Fc -.Ft int -.Fo UI_method_set_prompt_constructor -.Fa "UI_METHOD *method" -.Fa "char *(*prompt_constructor)(UI *ui, const char *object_desc,\ - const char *object_name)" -.Fc -.Ft int -.Fo "(*UI_method_get_opener(const UI_METHOD *method))" -.Fa "UI *"; -.Fc -.Ft int -.Fo "(*UI_method_get_writer(const UI_METHOD *method))" -.Fa "UI *" -.Fa "UI_STRING *" -.Fc -.Ft int -.Fo "(*UI_method_get_flusher(const UI_METHOD *method))" -.Fa "UI *" -.Fc -.Ft int -.Fo "(*UI_method_get_reader(const UI_METHOD *method))" -.Fa "UI *" -.Fa "UI_STRING *" -.Fc -.Ft int -.Fo "(*UI_method_get_closer(const UI_METHOD *method))" -.Fa "UI *" -.Fc -.Ft char * -.Fo "(*UI_method_get_prompt_constructor(UI_METHOD *method))" -.Fa "UI *" -.Fa "const char *" -.Fa "const char *" -.Fc -.Sh DESCRIPTION -A method contains a few functions that implement the low level of the -User Interface. -These functions are: -.Bl -tag -width Ds -.It an opener -This function takes a reference to a UI and starts a session, for -example by opening a channel to a tty, or by creating a dialog box. -.It a writer -This function takes a reference to a UI and a UI String, and writes the -string where appropriate, maybe to the tty, maybe added as a field label -in a dialog box. -Note that this gets fed all strings associated with a UI, one after the -other, so care must be taken which ones it actually uses. -.It a flusher -This function takes a reference to a UI, and flushes everything that has -been output so far. -For example, if the method builds up a dialog box, this can be used to -actually display it and accepting input ended with a pressed button. -.It a reader -This function takes a reference to a UI and a UI string and reads off -the given prompt, maybe from the tty, maybe from a field in a dialog -box. -Note that this gets fed all strings associated with a UI, one after the -other, so care must be taken which ones it actually uses. -.It a closer -This function takes a reference to a UI, and closes the session, maybe -by closing the channel to the tty, maybe by destroying a dialog box. -.El -.Pp -All of these functions are expected to return 0 on error, 1 on success, -or -1 on out-off-band events, for example if some prompting has been -cancelled (by pressing Ctrl-C, for example). -Only the flusher or the reader are expected to return -1. -If returned by another of the functions, it's treated as if 0 was returned. -.Pp -Regarding the writer and the reader, don't assume the former should only -write and don't assume the latter should only read. -This depends on the needs of the method. -.Pp -For example, a typical tty reader wouldn't write the prompts in the -write, but would rather do so in the reader, because of the sequential -nature of prompting on a tty. -This is how the -.Xr UI_OpenSSL 3 -method does it. -.Pp -In contrast, a method that builds up a dialog box would add all prompt -text in the writer, have all input read in the flusher and store the -results in some temporary buffer, and finally have the reader just fetch -those results. -.Pp -The central function that uses these method functions is -.Xr UI_process 3 , -and it does it in five steps: -.Bl -enum -.It -Open the session using the opener function if that one is defined. -If an error occurs, jump to 5. -.It -For every UI String associated with the UI, call the writer function if -that one is defined. -If an error occurs, jump to 5. -.It -Flush everything using the flusher function if that one is defined. -If an error occurs, jump to 5. -.It -For every UI String associated with the UI, call the reader function if -that one is defined. -If an error occurs, jump to 5. -.It -Close the session using the closer function if that one is defined. -.El -.Pp -.Fn UI_create_method -creates a new UI method with a given -.Fa name . -.Pp -.Fn UI_destroy_method -destroys the given -.Fa ui_method . -.Pp -.Fn UI_method_set_opener , -.Fn UI_method_set_writer , -.Fn UI_method_set_flusher , -.Fn UI_method_set_reader -and -.Fn UI_method_set_closer -set one of the five main methods to the given function pointer. -.Pp -.Fn UI_method_set_prompt_constructor -sets the prompt constructor, see -.Xr UI_construct_prompt 3 . -.Sh RETURN VALUES -.Fn UI_create_method -returns a -.Vt UI_METHOD -pointer on success or -.Dv NULL -on error. -.Pp -.Fn UI_method_set_opener , -.Fn UI_method_set_writer , -.Fn UI_method_set_flusher , -.Fn UI_method_set_reader , -.Fn UI_method_set_closer , -and -.Fn UI_method_set_prompt_constructor -return 0 on success or -1 if the given method is -.Dv NULL . -.Pp -.Fn UI_method_get_opener , -.Fn UI_method_get_writer , -.Fn UI_method_get_flusher , -.Fn UI_method_get_reader , -.Fn UI_method_get_closer , -and -.Fn UI_method_get_prompt_constructor -return the requested function pointer if it is set in the method, -or otherwise -.Dv NULL . -.Sh SEE ALSO -.Xr UI_get_string_type 3 , -.Xr UI_new 3 -.Sh HISTORY -.Fn UI_create_method , -.Fn UI_destroy_method , -.Fn UI_method_set_opener , -.Fn UI_method_set_writer , -.Fn UI_method_set_flusher , -.Fn UI_method_set_reader , -.Fn UI_method_set_closer , -.Fn UI_method_get_opener , -.Fn UI_method_get_writer , -.Fn UI_method_get_flusher , -.Fn UI_method_get_reader , -and -.Fn UI_method_get_closer -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn UI_method_set_prompt_constructor -and -.Fn UI_method_get_prompt_constructor -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/UI_get_string_type.3 b/src/lib/libcrypto/man/UI_get_string_type.3 deleted file mode 100644 index bc0449a90e..0000000000 --- a/src/lib/libcrypto/man/UI_get_string_type.3 +++ /dev/null @@ -1,281 +0,0 @@ -.\" $OpenBSD: UI_get_string_type.3,v 1.4 2018/03/22 21:08:22 schwarze Exp $ -.\" OpenSSL UI_STRING.pod e9c9971b Jul 1 18:28:50 2017 +0200 -.\" -.\" This file was written by Richard Levitte -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt UI_GET_STRING_TYPE 3 -.Os -.Sh NAME -.Nm UI_get_string_type , -.Nm UI_get_input_flags , -.Nm UI_get0_output_string , -.Nm UI_get0_action_string , -.Nm UI_get0_result_string , -.Nm UI_get0_test_string , -.Nm UI_get_result_minsize , -.Nm UI_get_result_maxsize , -.Nm UI_set_result -.Nd OpenSSL user interface string parsing -.Sh SYNOPSIS -.In openssl/ui.h -.Bd -literal -enum UI_string_types { - UIT_NONE = 0, - UIT_PROMPT, /* Prompt for a string */ - UIT_VERIFY, /* Prompt for a string and verify */ - UIT_BOOLEAN, /* Prompt for a yes/no response */ - UIT_INFO, /* Send info to the user */ - UIT_ERROR /* Send an error message to the user */ -}; -.Ed -.Pp -.Ft enum UI_string_types -.Fo UI_get_string_type -.Fa "UI_STRING *uis" -.Fc -.Ft int -.Fo UI_get_input_flags -.Fa "UI_STRING *uis" -.Fc -.Ft const char * -.Fo UI_get0_output_string -.Fa "UI_STRING *uis" -.Fc -.Ft const char * -.Fo UI_get0_action_string -.Fa "UI_STRING *uis" -.Fc -.Ft const char * -.Fo UI_get0_result_string -.Fa "UI_STRING *uis" -.Fc -.Ft const char * -.Fo UI_get0_test_string -.Fa "UI_STRING *uis" -.Fc -.Ft int -.Fo UI_get_result_minsize -.Fa "UI_STRING *uis" -.Fc -.Ft int -.Fo UI_get_result_maxsize -.Fa "UI_STRING *uis" -.Fc -.Ft int -.Fo UI_set_result -.Fa "UI *ui" -.Fa "UI_STRING *uis" -.Fa "const char *result" -.Fc -.Sh DESCRIPTION -A -.Vt UI_STRING -gets created internally and added to a -.Vt UI -object whenever one of the functions -.Xr UI_add_input_string 3 , -.Xr UI_dup_input_string 3 , -.Xr UI_add_verify_string 3 , -.Xr UI_dup_verify_string 3 , -.Xr UI_add_input_boolean 3 , -.Xr UI_dup_input_boolean 3 , -.Xr UI_add_info_string 3 , -.Xr UI_dup_info_string 3 , -.Xr UI_add_error_string 3 -or -.Xr UI_dup_error_string 3 -is called. -For a -.Vt UI_METHOD -user, there's no need to know more. -For a -.Vt UI_METHOD -creator, it is of interest to fetch text from these -.Vt UI_STRING -objects as well as adding results to some of them. -.Pp -.Fn UI_get_string_type -is used to retrieve the type of the given -.Vt UI_STRING . -.Pp -.Fn UI_get_input_flags -is used to retrieve the flags associated with the given -.Vt UI_STRING . -.Pp -.Fn UI_get0_output_string -is used to retrieve the actual string to output (prompt, info, error, ...). -.Pp -.Fn UI_get0_action_string -is used to retrieve the action description associated with a -.Dv UIT_BOOLEAN -type -.Vt UI_STRING . -See -.Xr UI_add_input_boolean 3 . -.Pp -.Fn UI_get0_result_string -is used to retrieve the result of a prompt. -This is only useful for -.Dv UIT_PROMPT -and -.Dv UIT_VERIFY -type strings. -.Pp -.Fn UI_get0_test_string -is used to retrieve the string to compare the prompt result with. -This is only useful for -.Dv UIT_VERIFY -type strings. -.Pp -.Fn UI_get_result_minsize -and -.Fn UI_get_result_maxsize -are used to retrieve the minimum and maximum required size of the -result. -This is only useful for -.Dv UIT_PROMPT -and -.Dv UIT_VERIFY -type strings. -.Pp -.Fn UI_set_result -is used to set the result value of a prompt. -For -.Sy UIT_PROMPT -and -.Sy UIT_VERIFY -type UI strings, this sets the result retrievable with -.Fn UI_get0_result_string -by copying the contents of -.Fa result -if its length fits the minimum and maximum size requirements. -For -.Dv UIT_BOOLEAN -type UI strings, this sets the first character of the result retrievable -with -.Fn UI_get0_result_string -to the first of the -.Fa ok_chars -given with -.Xr UI_add_input_boolean 3 -or -.Xr UI_dup_input_boolean 3 -if the -.Fa result -matched any of them, or the first of the -.Fa cancel_chars -if the -.Fa result -matched any of them, otherwise it's set to the NUL char. -See -.Xr UI_add_input_boolean 3 -for more information on -.Fa ok_chars -and -.Fa cancel_chars . -.Sh RETURN VALUES -.Fn UI_get_string_type -returns the UI string type. -.Pp -.Fn UI_get_input_flags -returns the UI string flags. -.Pp -.Fn UI_get0_output_string -returns the UI string output string. -.Pp -.Fn UI_get0_action_string -returns the UI string action description string for -.Dv UIT_BOOLEAN -type UI strings, or -.Dv NULL -for any other type. -.Pp -.Fn UI_get0_result_string -returns the UI string result buffer for -.Dv UIT_PROMPT -and -.Dv UIT_VERIFY -type UI strings, or -.Dv NULL -for any other type. -.Pp -.Fn UI_get0_test_string -returns the UI string action description string for -.Dv UIT_VERIFY -type UI strings, or -.Dv NULL -for any other type. -.Pp -.Fn UI_get_result_minsize -returns the minimum allowed result size for the UI string for -.Dv UIT_PROMPT -and -.Dv UIT_VERIFY -type strings, or -1 for any other type. -.Pp -.Fn UI_get_result_maxsize -returns the minimum allowed result size for the UI string for -.Dv UIT_PROMPT -and -.Dv UIT_VERIFY -type strings, or -1 for any other type. -.Pp -.Fn UI_set_result -returns 0 on success or when the UI string is of any type other than -.Dv UIT_PROMPT , -.Dv UIT_VERIFY , -or -.Dv UIT_BOOLEAN , -or -1 on error. -.Sh SEE ALSO -.Xr UI_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/UI_new.3 b/src/lib/libcrypto/man/UI_new.3 deleted file mode 100644 index ab7dfb36ec..0000000000 --- a/src/lib/libcrypto/man/UI_new.3 +++ /dev/null @@ -1,514 +0,0 @@ -.\" $OpenBSD: UI_new.3,v 1.10 2020/06/19 17:17:13 schwarze Exp $ -.\" full merge up to: OpenSSL 78b19e90 Jan 11 00:12:01 2017 +0100 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Richard Levitte . -.\" Copyright (c) 2001, 2016, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 19 2020 $ -.Dt UI_NEW 3 -.Os -.Sh NAME -.Nm UI_new , -.Nm UI_new_method , -.Nm UI_free , -.Nm UI_add_input_string , -.Nm UI_dup_input_string , -.Nm UI_add_verify_string , -.Nm UI_dup_verify_string , -.Nm UI_add_input_boolean , -.Nm UI_dup_input_boolean , -.Nm UI_add_info_string , -.Nm UI_dup_info_string , -.Nm UI_add_error_string , -.Nm UI_dup_error_string , -.Nm UI_construct_prompt , -.Nm UI_add_user_data , -.Nm UI_get0_user_data , -.Nm UI_get0_result , -.Nm UI_process , -.Nm UI_ctrl , -.Nm UI_set_default_method , -.Nm UI_get_default_method , -.Nm UI_get_method , -.Nm UI_set_method , -.Nm UI_OpenSSL -.Nd New User Interface -.Sh SYNOPSIS -.In openssl/ui.h -.Ft UI * -.Fn UI_new void -.Ft UI * -.Fo UI_new_method -.Fa "const UI_METHOD *method" -.Fc -.Ft void -.Fo UI_free -.Fa "UI *ui" -.Fc -.Ft int -.Fo UI_add_input_string -.Fa "UI *ui" -.Fa "const char *prompt" -.Fa "int flags" -.Fa "char *result_buf" -.Fa "int minsize" -.Fa "int maxsize" -.Fc -.Ft int -.Fo UI_dup_input_string -.Fa "UI *ui" -.Fa "const char *prompt" -.Fa "int flags" -.Fa "char *result_buf" -.Fa "int minsize" -.Fa "int maxsize" -.Fc -.Ft int -.Fo UI_add_verify_string -.Fa "UI *ui" -.Fa "const char *prompt" -.Fa "int flags" -.Fa "char *result_buf" -.Fa "int minsize" -.Fa "int maxsize" -.Fa "const char *test_buf" -.Fc -.Ft int -.Fo UI_dup_verify_string -.Fa "UI *ui" -.Fa "const char *prompt" -.Fa "int flags" -.Fa "char *result_buf" -.Fa "int minsize" -.Fa "int maxsize" -.Fa "const char *test_buf" -.Fc -.Ft int -.Fo UI_add_input_boolean -.Fa "UI *ui" -.Fa "const char *prompt" -.Fa "const char *action_desc" -.Fa "const char *ok_chars" -.Fa "const char *cancel_chars" -.Fa "int flags" -.Fa "char *result_buf" -.Fc -.Ft int -.Fo UI_dup_input_boolean -.Fa "UI *ui" -.Fa "const char *prompt" -.Fa "const char *action_desc" -.Fa "const char *ok_chars" -.Fa "const char *cancel_chars" -.Fa "int flags" -.Fa "char *result_buf" -.Fc -.Ft int -.Fo UI_add_info_string -.Fa "UI *ui" -.Fa "const char *text" -.Fc -.Ft int -.Fo UI_dup_info_string -.Fa "UI *ui" -.Fa "const char *text" -.Fc -.Ft int -.Fo UI_add_error_string -.Fa "UI *ui" -.Fa "const char *text" -.Fc -.Ft int -.Fo UI_dup_error_string -.Fa "UI *ui" -.Fa "const char *text" -.Fc -.Fd /* These are the possible flags. They can be OR'ed together. */ -.Fd #define UI_INPUT_FLAG_ECHO 0x01 -.Fd #define UI_INPUT_FLAG_DEFAULT_PWD 0x02 -.Ft char * -.Fo UI_construct_prompt -.Fa "UI *ui_method" -.Fa "const char *object_desc" -.Fa "const char *object_name" -.Fc -.Ft void * -.Fo UI_add_user_data -.Fa "UI *ui" -.Fa "void *user_data" -.Fc -.Ft void * -.Fo UI_get0_user_data -.Fa "UI *ui" -.Fc -.Ft const char * -.Fo UI_get0_result -.Fa "UI *ui" -.Fa "int i" -.Fc -.Ft int -.Fo UI_process -.Fa "UI *ui" -.Fc -.Ft int -.Fo UI_ctrl -.Fa "UI *ui" -.Fa "int cmd" -.Fa "long i" -.Fa "void *p" -.Fa "void (*f)()" -.Fc -.Fd #define UI_CTRL_PRINT_ERRORS 1 -.Fd #define UI_CTRL_IS_REDOABLE 2 -.Ft void -.Fo UI_set_default_method -.Fa "const UI_METHOD *meth" -.Fc -.Ft const UI_METHOD * -.Fo UI_get_default_method -.Fa void -.Fc -.Ft const UI_METHOD * -.Fo UI_get_method -.Fa "UI *ui" -.Fc -.Ft const UI_METHOD * -.Fo UI_set_method -.Fa "UI *ui" -.Fa "const UI_METHOD *meth" -.Fc -.Ft UI_METHOD * -.Fo UI_OpenSSL -.Fa void -.Fc -.Sh DESCRIPTION -UI stands for User Interface, and is a general purpose set of routines -to prompt the user for text-based information. -Through user-written methods (see -.Xr UI_create_method 3 ) , -prompting can be done in any way imaginable, be it plain text prompting, -through dialog boxes or from a cell phone. -.Pp -All the functions work through a context of the type -.Vt UI . -This context contains all the information needed to prompt correctly -as well as a reference to a -.Vt UI_METHOD , -which is an ordered vector of functions that carry out the actual -prompting. -.Pp -The first thing to do is to create a -.Vt UI -with -.Fn UI_new -or -.Fn UI_new_method , -then add information to it with the -.Fn UI_add_* -or -.Fn UI_dup_* -functions. -Also, user-defined random data can be passed down to the underlying -method through calls to -.Fn UI_add_user_data . -The default UI method doesn't care about these data, but other methods -might. -Finally, use -.Fn UI_process -to actually perform the prompting and -.Fn UI_get0_result -to find the result to the prompt. -.Pp -A -.Vt UI -can contain more than one prompt, which are performed in the given -sequence. -Each prompt gets an index number which is returned by the -.Fn UI_add_* -and -.Fn UI_dup_* -functions, and has to be used to get the corresponding result with -.Fn UI_get0_result . -.Pp -The functions are as follows: -.Pp -.Fn UI_new -creates a new -.Vt UI -using the default UI method. -When done with this UI, it should be freed using -.Fn UI_free . -.Pp -.Fn UI_new_method -creates a new -.Vt UI -using the given UI method. -When done with this UI, it should be freed using -.Fn UI_free . -.Pp -.Fn UI_OpenSSL -returns the built-in UI method (note: not necessarily the default one, -since the default can be changed. -See further on). -This method is the most machine/OS dependent part of OpenSSL and -normally generates the most problems when porting. -.Pp -.Fn UI_free -removes -.Fa ui -from memory, along with all other pieces of memory that are connected -to it, like duplicated input strings, results and others. -If -.Fa ui -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn UI_add_input_string -and -.Fn UI_add_verify_string -add a prompt to -.Fa ui , -as well as flags and a result buffer and the desired minimum and -maximum sizes of the result, not counting the final NUL character. -The given information is used to prompt for information, for example -a password, and to verify a password (i.e. having the user enter -it twice and check that the same string was entered twice). -.Fn UI_add_verify_string -takes an extra argument that should be a pointer to the result buffer -of the input string that it's supposed to verify, or verification will -fail. -.Pp -.Fn UI_add_input_boolean -adds a prompt to -.Fa ui -that's supposed to be answered in a boolean way, with a single -character for yes and a different character for no. -A set of characters that can be used to cancel the prompt is given as -well. -The prompt itself is really divided in two, one part being the -descriptive text (given through the -.Fa prompt -argument) and one describing the possible answers (given through the -.Fa action_desc -argument). -.Pp -.Fn UI_add_info_string -and -.Fn UI_add_error_string -add strings that are shown at the same time as the prompt for extra -information or to show an error string. -The difference between the two is only conceptual. -With the builtin method, there's no technical difference between them. -Other methods may make a difference between them, however. -.Pp -The flags currently supported are -.Dv UI_INPUT_FLAG_ECHO , -which is relevant for -.Fn UI_add_input_string -and will have the users response be echoed (when prompting for a -password, this flag should obviously not be used), and -.Dv UI_INPUT_FLAG_DEFAULT_PWD , -which means that a default password of some sort will be used -(completely depending on the application and the UI method). -.Pp -.Fn UI_dup_input_string , -.Fn UI_dup_verify_string , -.Fn UI_dup_input_boolean , -.Fn UI_dup_info_string , -and -.Fn UI_dup_error_string -are basically the same as their -.Fn UI_add_* -counterparts, except that they make their own copies of all strings. -.Pp -.Fn UI_construct_prompt -is a helper function that can be used to create a prompt from two pieces -of information: a description and a name. -The default constructor (if there is none provided by the method used) -creates a string "Enter -.Em description -for -.Em name Ns :". -With the description "pass phrase" and the file name "foo.key", that -becomes "Enter pass phrase for foo.key:". Other methods may create -whatever string and may include encodings that will be processed by the -other method functions. -.Pp -.Fn UI_add_user_data -adds a user data pointer for the method to use at any time. -The builtin UI method doesn't care about this info. -Note that several calls to this function doesn't add data - -the previous blob is replaced with the one given as argument. -.Pp -.Fn UI_get0_user_data -retrieves the data that has last been given to the -.Fa ui -with -.Fn UI_add_user_data . -.Pp -.Fn UI_get0_result -returns a pointer to the result buffer associated with the information -indexed by -.Fa i . -.Pp -.Fn UI_process -goes through the information given so far, does all the printing and -prompting and returns the final status, which is -2 on out-of-band -events (Interrupt, Cancel, ...), -1 on error, or 0 on success. -.Pp -.Fn UI_ctrl -adds extra control for the application author. -For now, it understands two commands: -.Dv UI_CTRL_PRINT_ERRORS , -which makes -.Fn UI_process -print the OpenSSL error stack as part of processing the -.Fa ui , -and -.Dv UI_CTRL_IS_REDOABLE , -which returns a flag saying if the used -.Fa ui -can be used again or not. -.Pp -.Fn UI_set_default_method -changes the default UI method to the one given. -This function is not thread-safe and should not be called at the -same time as other OpenSSL functions. -.Pp -.Fn UI_get_default_method -returns a pointer to the current default UI method. -.Pp -.Fn UI_get_method -returns the UI method associated with a given -.Fa ui . -.Pp -.Fn UI_set_method -changes the UI method associated with a given -.Fa ui . -.Sh RETURN VALUES -.Fn UI_new -and -.Fn UI_new_method -return a valid -.Vt UI -structure or -.Dv NULL -if an error occurred. -.Pp -.Fn UI_add_input_string , -.Fn UI_dup_input_string , -.Fn UI_add_verify_string , -.Fn UI_dup_verify_string , -.Fn UI_add_input_boolean , -.Fn UI_dup_input_boolean , -.Fn UI_add_info_string , -.Fn UI_dup_info_string , -.Fn UI_add_error_string , -and -.Fn UI_dup_error_string -return a positive number on success or a number -less than or equal to zero otherwise. -.Pp -.Fn UI_construct_prompt -and -.Fn UI_get0_result -return a string or -.Dv NULL -if an error occurred. -.Pp -.Fn UI_add_user_data -and -.Fn UI_get0_user_data -return a pointer to the user data that was contained in -.Fa ui -before the call. -In particular, -.Dv NULL -is a valid return value. -.Pp -.Fn UI_process -returns 0 on success or a negative value on error. -.Pp -.Fn UI_ctrl -returns a mask on success or \-1 on error. -.Pp -.Fn UI_get_default_method -and -.Fn UI_OpenSSL -always return a pointer to a valid -.Vt UI_METHOD -structure. -.Pp -.Fn UI_get_method -and -.Fn UI_set_method -return a pointer to the -.Vt UI_METHOD -structure that is installed in -.Fa ui -after the call. -The OpenSSL documentation says that they can fail and return -.Dv NULL , -but currently, this can only happen when and after -.Fn UI_set_method -is called with an explicit -.Dv NULL -argument. -.Sh SEE ALSO -.Xr crypto 3 , -.Xr UI_create_method 3 , -.Xr UI_get_string_type 3 , -.Xr UI_UTIL_read_pw 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . -.Sh AUTHORS -.An Richard Levitte Aq Mt richard@levitte.org -for the OpenSSL project. diff --git a/src/lib/libcrypto/man/X25519.3 b/src/lib/libcrypto/man/X25519.3 deleted file mode 100644 index 64eda4bf85..0000000000 --- a/src/lib/libcrypto/man/X25519.3 +++ /dev/null @@ -1,101 +0,0 @@ -.\" $OpenBSD: X25519.3,v 1.5 2019/08/19 13:08:26 schwarze Exp $ -.\" contains some text from: BoringSSL curve25519.h, curve25519.c -.\" content also checked up to: OpenSSL f929439f Mar 15 12:19:16 2018 +0000 -.\" -.\" Copyright (c) 2015 Google Inc. -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and/or distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 19 2019 $ -.Dt X25519 3 -.Os -.Sh NAME -.Nm X25519 , -.Nm X25519_keypair -.Nd Elliptic Curve Diffie-Hellman primitive based on Curve25519 -.Sh SYNOPSIS -.In openssl/curve25519.h -.Ft int -.Fo X25519 -.Fa "uint8_t out_shared_key[X25519_KEY_LENGTH]" -.Fa "const uint8_t private_key[X25519_KEY_LENGTH]" -.Fa "const uint8_t peer_public_value[X25519_KEY_LENGTH]" -.Fc -.Ft void -.Fo X25519_keypair -.Fa "uint8_t out_public_value[X25519_KEY_LENGTH]" -.Fa "uint8_t out_private_key[X25519_KEY_LENGTH]" -.Fc -.Sh DESCRIPTION -Curve25519 is an elliptic curve over a prime field specified in RFC 7748. -The prime field is defined by the prime number 2^255 - 19. -.Pp -.Fn X25519 -is the Diffie-Hellman primitive built from Curve25519 as described -in RFC 7748 section 5. -Section 6.1 describes the intended use in an Elliptic Curve Diffie-Hellman -(ECDH) protocol. -.Pp -.Fn X25519 -writes a shared key to -.Fa out_shared_key -that is calculated from the given -.Fa private_key -and the -.Fa peer_public_value -by scalar multiplication. -Do not use the shared key directly, rather use a key derivation -function and also include the two public values as inputs. -.Pp -.Fn X25519_keypair -sets -.Fa out_public_value -and -.Fa out_private_key -to a freshly generated public/private key pair. -First, the -.Fa out_private_key -is generated with -.Xr arc4random_buf 3 . -Then, the opposite of the masking described in RFC 7748 section 5 -is applied to it to make sure that the generated private key is never -correctly masked. -The purpose is to cause incorrect implementations on the peer side -to consistently fail. -Correct implementations will decode the key correctly even when it is -not correctly masked. -Finally, the -.Fa out_public_value -is calculated from the -.Fa out_private_key -by multiplying it with the Montgomery base point -.Vt uint8_t u[32] No = Brq 9 . -.Pp -The size of a public and private key is -.Dv X25519_KEY_LENGTH No = 32 -bytes each. -.Sh RETURN VALUES -.Fn X25519 -returns 1 on success or 0 on error. -Failure can occur when the input is a point of small order. -.Sh SEE ALSO -.Xr ECDH_compute_key 3 -.Rs -.%A D. J. Bernstein -.%R A state-of-the-art Diffie-Hellman function:\ - How do I use Curve25519 in my own software? -.%U http://cr.yp.to/ecdh.html -.Re -.Sh STANDARDS -RFC 7748: Elliptic Curves for Security diff --git a/src/lib/libcrypto/man/X509V3_EXT_print.3 b/src/lib/libcrypto/man/X509V3_EXT_print.3 deleted file mode 100644 index 0c695842b7..0000000000 --- a/src/lib/libcrypto/man/X509V3_EXT_print.3 +++ /dev/null @@ -1,156 +0,0 @@ -.\" $OpenBSD: X509V3_EXT_print.3,v 1.2 2021/07/12 14:54:00 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 12 2021 $ -.Dt X509V3_EXT_PRINT 3 -.Os -.Sh NAME -.Nm X509V3_EXT_print -.Nd pretty-print an X.509 extension -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft int -.Fo X509V3_EXT_print -.Fa "BIO *bio" -.Fa "X509_EXTENSION *ext" -.Fa "unsigned long flags" -.Fa "int indent" -.Fc -.Sh DESCRIPTION -.Fn X509V3_EXT_print -decodes -.Fa ext -and prints the data contained in it to -.Fa bio -in a human-readable format with a left margin of -.Fa indent -space characters. -The details of both the decoding and the printing depend on the type of -.Fa ext . -.Pp -For most extension types, the decoding is done in the same way -as it would be done by the appropriate public API function, for example: -.Pp -.Bl -tag -width NID_authority_key_identifier -compact -.It Sy extension type -.Sy decoding function -.It Dv NID_subject_key_identifier -.Xr d2i_ASN1_OCTET_STRING 3 -.It Dv NID_key_usage -.Xr d2i_ASN1_BIT_STRING 3 -.It Dv NID_crl_number -.Xr d2i_ASN1_INTEGER 3 -.It Dv NID_crl_reason -.Xr d2i_ASN1_ENUMERATED 3 -.It Dv NID_invalidity_date -.Xr d2i_ASN1_GENERALIZEDTIME 3 -.It Dv NID_subject_alt_name -.Xr d2i_GENERAL_NAMES 3 -.It Dv NID_hold_instruction_code -.Xr d2i_ASN1_OBJECT 3 -.It Dv NID_id_pkix_OCSP_noCheck -.Xr d2i_ASN1_NULL 3 -.It Dv NID_authority_key_identifier -.Xr d2i_AUTHORITY_KEYID 3 -.It Dv NID_certificate_policies -.Xr d2i_CERTIFICATEPOLICIES 3 -.It Dv NID_id_pkix_OCSP_CrlID -.Xr d2i_OCSP_CRLID 3 -.It Dv NID_id_pkix_OCSP_Nonce -non-public function built into the library -.El -.Pp -For some types, the printing is performed -by a dedicated non-public function built into the library. -For some other types, the printing function is a public API function, -but none of these printing functions are documented yet. -.Pp -If -.Fa ext -is of an unknown extension type or if decoding fails -while using the decoding function for the relevant type, -the action taken depends on the -.Fa flags -argument: -.Bl -bullet -.It -If the bit -.Dv X509V3_EXT_PARSE_UNKNOWN -is set, -.Xr ASN1_parse_dump 3 -is called on the BER-encoded data of the extension, passing \-1 for the -.Fa dump -argument. -Thus, some information about the encoding of the extension gets printed -and some about its decoded content, falling back to -.Xr BIO_dump_indent 3 -for the decoded content unless a dedicated printing method is known -for the respective data type(s). -Note that even if an extension type is unknown, the data type used -by the unknown extension, or, if that data type is constructed, of -the values contained in it, may still be known, which may allow -printing the content of even an unknown extension in a structured -or partially structured form. -.It -If the bit -.Dv X509V3_EXT_DUMP_UNKNOWN -is set, -.Xr BIO_dump_indent 3 -is called on the BER-encoded data of the extension without decoding -it first, which is usually less readable than the above but poses -a smaller risk of omitting or misrepresenting parts of the information. -.It -If the bit -.Dv X509V3_EXT_ERROR_UNKNOWN -is set, only the fixed string -.Qq "" -is printed for an unknown type or only the fixed string -.Qq "" -if the parsing functions fails, -but printing is considered as successful anyway. -.It -If more than one of these three bits is set, or if a bit in -.Dv X509V3_EXT_UNKNOWN_MASK -is set that is not listed above, nothing is printed, but printing -is considered as successful anyway. -.It -If none of the bits in -.Dv X509V3_EXT_UNKNOWN_MASK -are set, nothing is printed and printing is considered as failed. -.El -.Sh RETURN VALUES -.Fn X509V3_EXT_print -returns 0 if failure was both detected and considered relevant. -Otherwise, 1 is returned, and in general the user cannot tell whether -failure simply went undetected, whether the function detected failure -but regarded it as irrelevant, or whether printing did indeed -succeed. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_get0_extensions 3 , -.Xr X509_get_ext 3 , -.Xr X509V3_extensions_print 3 -.Sh HISTORY -.Fn X509V3_EXT_print -first appeared in OpenSSL 0.9.2 and has been available since -.Ox 2.6 . -.Sh BUGS -.Fn X509V3_EXT_print -lacks error handling throughout. -When a write operation fails, it will usually ignore the fact that -information was omitted from the output and report success to the -caller anyway. diff --git a/src/lib/libcrypto/man/X509V3_extensions_print.3 b/src/lib/libcrypto/man/X509V3_extensions_print.3 deleted file mode 100644 index ad5b02a826..0000000000 --- a/src/lib/libcrypto/man/X509V3_extensions_print.3 +++ /dev/null @@ -1,100 +0,0 @@ -.\" $OpenBSD: X509V3_extensions_print.3,v 1.1 2021/07/12 14:54:00 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 12 2021 $ -.Dt X509V3_EXTENSIONS_PRINT 3 -.Os -.Sh NAME -.Nm X509V3_extensions_print -.Nd pretty-print an array of X.509 extensions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft int -.Fo X509V3_extensions_print -.Fa "BIO *bio" -.Fa "char *title" -.Fa "const STACK_OF(X509_EXTENSION) *sk" -.Fa "unsigned long flags" -.Fa "int indent" -.Fc -.Sh DESCRIPTION -For each member of the variable sized array -.Fa sk , -.Fn X509V3_extensions_print -prints the following information to -.Fa bio -in the following order: -.Bl -bullet -.It -The extension type as printed by -.Xr i2a_ASN1_OBJECT 3 . -.It -If the extension is critical, the fixed string -.Qq "critical" . -.It -A human-readable representation of the data contained in the extension -as printed by -.Xr X509V3_EXT_print 3 , -passing through the -.Fa flags . -If that function indicates failure, -the BER-encoded data of the extension is dumped with -.Xr ASN1_STRING_print 3 -without decoding it first. -In both cases, an -.Fa indent -incremented by 4 space characaters is used. -.El -.Pp -If -.Fa sk -is a -.Dv NULL -pointer or empty, -.Fn X509V3_extensions_print -prints nothing and indicates success. -.Pp -Unless -.Fa title -is -.Dv NULL , -it is printed on its own output line before the rest of the output, and -.Fa indent -is increased by 4 space characters. -This additional global indentation is cumulative -to the one applied to individual extensions mentioned above. -.Sh RETURN VALUES -.Fn X509V3_extensions_print -is intended to return 1 on success or 0 if an error occurs. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr STACK_OF 3 , -.Xr X509_EXTENSION_get_critical 3 , -.Xr X509_get0_extensions 3 , -.Xr X509_get_ext 3 , -.Xr X509V3_EXT_print 3 -.Sh HISTORY -.Fn X509V3_extensions_print -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . -.Sh BUGS -Many parsing and printing errors are silently ignored, -and the function may return indicating success even though -.Fa sk -contains invalid data. -Even if all the data is valid, success may be indicated even when the -information printed is incomplete for various reasons, for example -due to memory allocation failures or I/O errors. diff --git a/src/lib/libcrypto/man/X509V3_get_d2i.3 b/src/lib/libcrypto/man/X509V3_get_d2i.3 deleted file mode 100644 index 4e1a003365..0000000000 --- a/src/lib/libcrypto/man/X509V3_get_d2i.3 +++ /dev/null @@ -1,451 +0,0 @@ -.\" $OpenBSD: X509V3_get_d2i.3,v 1.19 2021/07/12 14:54:00 schwarze Exp $ -.\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000 -.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2014, 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 12 2021 $ -.Dt X509V3_GET_D2I 3 -.Os -.Sh NAME -.Nm X509V3_get_d2i , -.Nm X509V3_add1_i2d , -.Nm X509V3_EXT_d2i , -.Nm X509V3_EXT_i2d , -.Nm X509_get_ext_d2i , -.Nm X509_add1_ext_i2d , -.Nm X509_CRL_get_ext_d2i , -.Nm X509_CRL_add1_ext_i2d , -.Nm X509_REVOKED_get_ext_d2i , -.Nm X509_REVOKED_add1_ext_i2d , -.Nm X509_get0_extensions , -.Nm X509_CRL_get0_extensions , -.Nm X509_REVOKED_get0_extensions -.Nd X509 extension decode and encode functions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft void * -.Fo X509V3_get_d2i -.Fa "const STACK_OF(X509_EXTENSION) *x" -.Fa "int nid" -.Fa "int *crit" -.Fa "int *idx" -.Fc -.Ft int -.Fo X509V3_add1_i2d -.Fa "STACK_OF(X509_EXTENSION) **x" -.Fa "int nid" -.Fa "void *value" -.Fa "int crit" -.Fa "unsigned long flags" -.Fc -.Ft void * -.Fo X509V3_EXT_d2i -.Fa "X509_EXTENSION *ext" -.Fc -.Ft X509_EXTENSION * -.Fo X509V3_EXT_i2d -.Fa "int ext_nid" -.Fa "int crit" -.Fa "void *ext" -.Fc -.Ft void * -.Fo X509_get_ext_d2i -.Fa "const X509 *x" -.Fa "int nid" -.Fa "int *crit" -.Fa "int *idx" -.Fc -.Ft int -.Fo X509_add1_ext_i2d -.Fa "X509 *x" -.Fa "int nid" -.Fa "void *value" -.Fa "int crit" -.Fa "unsigned long flags" -.Fc -.Ft void * -.Fo X509_CRL_get_ext_d2i -.Fa "const X509_CRL *crl" -.Fa "int nid" -.Fa "int *crit" -.Fa "int *idx" -.Fc -.Ft int -.Fo X509_CRL_add1_ext_i2d -.Fa "X509_CRL *crl" -.Fa "int nid" -.Fa "void *value" -.Fa "int crit" -.Fa "unsigned long flags" -.Fc -.Ft void * -.Fo X509_REVOKED_get_ext_d2i -.Fa "const X509_REVOKED *r" -.Fa "int nid" -.Fa "int *crit" -.Fa "int *idx" -.Fc -.Ft int -.Fo X509_REVOKED_add1_ext_i2d -.Fa "X509_REVOKED *r" -.Fa "int nid" -.Fa "void *value" -.Fa "int crit" -.Fa "unsigned long flags" -.Fc -.Ft const STACK_OF(X509_EXTENSION) * -.Fo X509_get0_extensions -.Fa "const X509 *x" -.Fc -.Ft const STACK_OF(X509_EXTENSION) * -.Fo X509_CRL_get0_extensions -.Fa "const X509_CRL *crl" -.Fc -.Ft const STACK_OF(X509_EXTENSION) * -.Fo X509_REVOKED_get0_extensions -.Fa "const X509_REVOKED *r" -.Fc -.Sh DESCRIPTION -.Fn X509V3_get_d2i -looks for an extension with OID -.Fa nid -in the extensions -.Fa x -and, if found, decodes it. -If -.Fa idx -is -.Dv NULL , -then only one occurrence of an extension is permissible. -Otherwise the first extension after index -.Pf * Fa idx -is returned and -.Pf * Fa idx -is updated to the location of the extension. -If -.Fa crit -is not -.Dv NULL , -then -.Pf * Fa crit -is set to a status value: -2 if the extension occurs multiple times -(this is only returned if -.Fa idx -is -.Dv NULL ) , --1 if the extension could not be found, 0 if the extension is found -and is not critical, and 1 if it is critical. -A pointer to an extension specific structure or -.Dv NULL -is returned. -.Pp -.Fn X509V3_add1_i2d -adds extension -.Fa value -to STACK -.Pf * Fa x -(allocating a new STACK if necessary) using OID -.Fa nid -and criticality -.Fa crit -according to -.Fa flags . -.Pp -.Fn X509V3_EXT_d2i -attempts to decode the ASN.1 data contained in extension -.Fa ext -and returns a pointer to an extension specific structure or -.Dv NULL -if the extension could not be decoded (invalid syntax or not supported). -.Pp -.Fn X509V3_EXT_i2d -encodes the extension specific structure -.Fa ext -with OID -.Fa ext_nid -and criticality -.Fa crit . -.Pp -.Fn X509_get_ext_d2i -and -.Fn X509_add1_ext_i2d -operate on the extensions of certificate -.Fa x , -and are otherwise identical to -.Fn X509V3_get_d2i -and -.Fn X509V3_add1_i2d . -.Pp -.Fn X509_CRL_get_ext_d2i -and -.Fn X509_CRL_add1_ext_i2d -operate on the extensions of CRL -.Fa crl , -and are otherwise identical to -.Fn X509V3_get_d2i -and -.Fn X509V3_add1_i2d . -.Pp -.Fn X509_REVOKED_get_ext_d2i -and -.Fn X509_REVOKED_add1_ext_i2d -operate on the extensions of the -.Vt X509_REVOKED -structure -.Fa r -(i.e. for CRL entry extensions), and are otherwise identical to -.Fn X509V3_get_d2i -and -.Fn X509V3_add1_i2d . -.Pp -.Fn X509_get0_extensions , -.Fn X509_CRL_get0_extensions , -and -.Fn X509_REVOKED_get0_extensions -return a stack of all the extensions of a certificate, a CRL, -or a CRL entry, respectively. -.Pp -In almost all cases an extension can occur at most once and multiple -occurrences is an error. -Therefore the -.Fa idx -parameter is usually -.Dv NULL . -.Pp -The -.Fa flags -parameter may be one of the following values. -.Pp -.Dv X509V3_ADD_DEFAULT -appends a new extension only if the extension does not already exist. -An error is returned if the extension does already exist. -.Pp -.Dv X509V3_ADD_APPEND -appends a new extension, ignoring whether the extension already exists. -.Pp -.Dv X509V3_ADD_REPLACE -replaces an extension if it exists otherwise appends a new extension. -.Pp -.Dv X509V3_ADD_REPLACE_EXISTING -replaces an existing extension if it exists otherwise returns an error. -.Pp -.Dv X509V3_ADD_KEEP_EXISTING -appends a new extension only if the extension does not already exist. -An error -.Sy is not -returned if the extension does already exist. -.Pp -.Dv X509V3_ADD_DELETE -deletes extension -.Fa nid . -No new extension is added. -.Pp -If -.Dv X509V3_ADD_SILENT -is OR'd with -.Fa flags , -any error returned will not be added to the error queue. -.Pp -The function -.Fn X509V3_get_d2i -will return -.Dv NULL -if the extension is not found, occurs multiple times or cannot be -decoded. -It is possible to determine the precise reason by checking the value of -.Pf * Fa crit . -.Sh SUPPORTED EXTENSIONS -The following sections contain a list of all supported extensions -including their name and NID. -.Ss PKIX Certificate Extensions -The following certificate extensions are defined in PKIX standards such -as RFC 5280. -.Bl -column 30n 30n -.It Basic Constraints Ta Dv NID_basic_constraints -.It Key Usage Ta Dv NID_key_usage -.It Extended Key Usage Ta Dv NID_ext_key_usage -.It Subject Key Identifier Ta Dv NID_subject_key_identifier -.It Authority Key Identifier Ta Dv NID_authority_key_identifier -.It Private Key Usage Period Ta Dv NID_private_key_usage_period -.It Subject Alternative Name Ta Dv NID_subject_alt_name -.It Issuer Alternative Name Ta Dv NID_issuer_alt_name -.It Authority Information Access Ta Dv NID_info_access -.It Subject Information Access Ta Dv NID_sinfo_access -.It Name Constraints Ta Dv NID_name_constraints -.It Certificate Policies Ta Dv NID_certificate_policies -.It Policy Mappings Ta Dv NID_policy_mappings -.It Policy Constraints Ta Dv NID_policy_constraints -.It Inhibit Any Policy Ta Dv NID_inhibit_any_policy -.El -.Ss Netscape Certificate Extensions -The following are (largely obsolete) Netscape certificate extensions. -.Bl -column 30n 30n -.It Netscape Cert Type Ta Dv NID_netscape_cert_type -.It Netscape Base Url Ta Dv NID_netscape_base_url -.It Netscape Revocation Url Ta Dv NID_netscape_revocation_url -.It Netscape CA Revocation Url Ta Dv NID_netscape_ca_revocation_url -.It Netscape Renewal Url Ta Dv NID_netscape_renewal_url -.It Netscape CA Policy Url Ta Dv NID_netscape_ca_policy_url -.It Netscape SSL Server Name Ta Dv NID_netscape_ssl_server_name -.It Netscape Comment Ta Dv NID_netscape_comment -.El -.Ss Miscellaneous Certificate Extensions -.Bl -column 30n 30n -.It Strong Extranet ID Ta Dv NID_sxnet -.It Proxy Certificate Information Ta Dv NID_proxyCertInfo -.El -.Ss PKIX CRL Extensions -The following are CRL extensions from PKIX standards such as RFC 5280. -.Bl -column 30n 30n -.It CRL Number Ta Dv NID_crl_number -.It CRL Distribution Points Ta Dv NID_crl_distribution_points -.It Delta CRL Indicator Ta Dv NID_delta_crl -.It Freshest CRL Ta Dv NID_freshest_crl -.It Invalidity Date Ta Dv NID_invalidity_date -.It Issuing Distribution Point Ta Dv NID_issuing_distribution_point -.El -.Pp -The following are CRL entry extensions from PKIX standards such as -RFC 5280. -.Bl -column 30n 30n -.It CRL Reason Code Ta Dv NID_crl_reason -.It Certificate Issuer Ta Dv NID_certificate_issuer -.El -.Ss OCSP Extensions -.Bl -column 30n 30n -.It OCSP Nonce Ta Dv NID_id_pkix_OCSP_Nonce -.It OCSP CRL ID Ta Dv NID_id_pkix_OCSP_CrlID -.It Acceptable OCSP Responses Ta Dv NID_id_pkix_OCSP_acceptableResponses -.It OCSP No Check Ta Dv NID_id_pkix_OCSP_noCheck -.It OCSP Archive Cutoff Ta Dv NID_id_pkix_OCSP_archiveCutoff -.It OCSP Service Locator Ta Dv NID_id_pkix_OCSP_serviceLocator -.It Hold Instruction Code Ta Dv NID_hold_instruction_code -.El -.Sh RETURN VALUES -.Fn X509V3_get_d2i , -.Fn X509V3_EXT_d2i , -.Fn X509_get_ext_d2i , -.Fn X509_CRL_get_ext_d2i , -and -.Fn X509_REVOKED_get_ext_d2i -return a pointer to an extension specific structure or -.Dv NULL -if an error occurs. -.Pp -.Fn X509V3_add1_i2d , -.Fn X509_add1_ext_i2d , -.Fn X509_CRL_add1_ext_i2d , -and -.Fn X509_REVOKED_add1_ext_i2d -return 1 if the operation is successful, 0 if it fails due to a -non-fatal error (extension not found, already exists, cannot be encoded), -or -1 due to a fatal error such as a memory allocation failure. -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Pp -The -.Fn X509V3_EXT_i2d -function returns a pointer to an -.Vt X509_EXTENSION -structure if successful; otherwise -.Dv NULL -is returned and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Pp -.Fn X509_get0_extensions , -.Fn X509_CRL_get0_extensions , -and -.Fn X509_REVOKED_get0_extensions -return a stack of extensions, or -.Dv NULL -if no extensions are present. -.Sh SEE ALSO -.Xr d2i_X509 3 , -.Xr d2i_X509_EXTENSION 3 , -.Xr X509_check_purpose 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_get_version 3 , -.Xr X509_new 3 , -.Xr X509_REVOKED_new 3 , -.Xr X509V3_EXT_print 3 , -.Xr X509V3_extensions_print 3 -.Sh HISTORY -.Fn X509V3_EXT_d2i -first appeared in OpenSSL 0.9.2b. -.Fn X509V3_EXT_i2d -first appeared in OpenSSL 0.9.3. -Both functions have been available since -.Ox 2.6 . -.Pp -.Fn X509V3_get_d2i , -.Fn X509_get_ext_d2i , -.Fn X509_CRL_get_ext_d2i , -and -.Fn X509_REVOKED_get_ext_d2i -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn X509V3_add1_i2d , -.Fn X509_add1_ext_i2d , -.Fn X509_CRL_add1_ext_i2d , -and -.Fn X509_REVOKED_add1_ext_i2d -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn X509_get0_extensions , -.Fn X509_CRL_get0_extensions , -and -.Fn X509_REVOKED_get0_extensions -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_ALGOR_dup.3 b/src/lib/libcrypto/man/X509_ALGOR_dup.3 deleted file mode 100644 index 2cfe36184d..0000000000 --- a/src/lib/libcrypto/man/X509_ALGOR_dup.3 +++ /dev/null @@ -1,242 +0,0 @@ -.\" $OpenBSD: X509_ALGOR_dup.3,v 1.16 2021/07/06 16:05:44 schwarze Exp $ -.\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 6 2021 $ -.Dt X509_ALGOR_DUP 3 -.Os -.Sh NAME -.Nm X509_ALGOR_new , -.Nm X509_ALGOR_free , -.Nm X509_ALGOR_dup , -.Nm X509_ALGOR_set0 , -.Nm X509_ALGOR_get0 , -.Nm X509_ALGOR_set_md , -.Nm X509_ALGOR_cmp -.Nd create, change, and inspect algorithm identifiers -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_ALGOR * -.Fn X509_ALGOR_new void -.Ft void -.Fn X509_ALGOR_free "X509_ALGOR *alg" -.Ft X509_ALGOR * -.Fo X509_ALGOR_dup -.Fa "X509_ALGOR *alg" -.Fc -.Ft int -.Fo X509_ALGOR_set0 -.Fa "X509_ALGOR *alg" -.Fa "ASN1_OBJECT *aobj" -.Fa "int ptype" -.Fa "void *pval" -.Fc -.Ft void -.Fo X509_ALGOR_get0 -.Fa "const ASN1_OBJECT **paobj" -.Fa "int *pptype" -.Fa "const void **ppval" -.Fa "const X509_ALGOR *alg" -.Fc -.Ft void -.Fo X509_ALGOR_set_md -.Fa "X509_ALGOR *alg" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo X509_ALGOR_cmp -.Fa "const X509_ALGOR *a" -.Fa "const X509_ALGOR *b" -.Fc -.Sh DESCRIPTION -.Fn X509_ALGOR_new -allocates and initializes an empty -.Vt X509_ALGOR -object, representing an ASN.1 -.Vt AlgorithmIdentifier -structure defined in RFC 5280 section 4.1.1.2. -Such objects can specify a cryptographic algorithm together -with algorithm-specific parameters. -They are used by many other objects, for example certificates, -certificate revocation lists, and certificate requests. -.Pp -.Fn X509_ALGOR_free -frees -.Fa alg . -.Pp -.Fn X509_ALGOR_dup -copies -.Fa alg -by calling -.Xr i2d_X509_ALGOR 3 -and -.Xr d2i_X509_ALGOR 3 . -.Pp -.Fn X509_ALGOR_set0 -sets the algorithm OID of -.Fa alg -to -.Fa aobj -and the associated parameter type to -.Fa ptype -with value -.Fa pval . -If -.Fa ptype -is -.Dv V_ASN1_UNDEF -the parameter is omitted, otherwise -.Fa ptype -and -.Fa pval -have the same meaning as the -.Fa type -and -.Fa value -parameters to -.Xr ASN1_TYPE_set 3 . -All the supplied parameters are used internally so must -.Sy NOT -be freed after this call. -.Pp -.Fn X509_ALGOR_get0 -is the inverse of -.Fn X509_ALGOR_set0 : -it returns the algorithm OID in -.Pf * Fa paobj -and the associated parameter in -.Pf * Fa pptype -and -.Pf * Fa ppval -from -.Fa alg . -.Pp -.Fn X509_ALGOR_set_md -sets -.Fa alg -to appropriate values for the message digest -.Fa md . -.Pp -.Fn X509_ALGOR_cmp -compares -.Fa a -and -.Fa b . -.Sh RETURN VALUES -.Fn X509_ALGOR_new -and -.Fn X509_ALGOR_dup -return a new -.Vt X509_ALGOR -object or -.Dv NULL -if an error occurs. -.Pp -.Fn X509_ALGOR_set0 -returns 1 for success or 0 for failure. -.Pp -.Fn X509_ALGOR_cmp -returns 0 if -.Fa a -and -.Fa b -have identical encodings or non-zero otherwise. -.Sh SEE ALSO -.Xr ASN1_TYPE_set 3 , -.Xr d2i_X509_ALGOR 3 , -.Xr EVP_DigestInit 3 , -.Xr X509_get0_signature 3 , -.Xr X509_new 3 , -.Xr X509_PUBKEY_get0_param 3 , -.Xr X509_signature_dump 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn X509_ALGOR_new -and -.Fn X509_ALGOR_free -appeared in SSLeay 0.4 or earlier and have been available since -.Ox 2.4 . -.Pp -.Fn X509_ALGOR_dup -first appeared in SSLeay 0.9.1 and has been available since -.Ox 2.6 . -.Pp -.Fn X509_ALGOR_set0 -and -.Fn X509_ALGOR_get0 -first appeared in OpenSSL 0.9.8h and have been available since -.Ox 4.5 . -.Pp -.Fn X509_ALGOR_cmp -first appeared in OpenSSL 0.9.8zd, 1.0.0p, and 1.0.1k -and has been available since -.Ox 4.9 . -.Pp -.Fn X509_ALGOR_set_md -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 b/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 deleted file mode 100644 index 66779d637b..0000000000 --- a/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 +++ /dev/null @@ -1,122 +0,0 @@ -.\" $OpenBSD: X509_ATTRIBUTE_new.3,v 1.8 2020/06/04 10:24:27 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 4 2020 $ -.Dt X509_ATTRIBUTE_NEW 3 -.Os -.Sh NAME -.Nm X509_ATTRIBUTE_new , -.Nm X509_ATTRIBUTE_free -.\" In the following line, "X.501" and "Attribute" are not typos. -.\" The "Attribute" type is defined in X.501, not in X.509. -.\" The type in called "Attribute" with capital "A", not "attribute". -.Nd generic X.501 Attribute -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_ATTRIBUTE * -.Fn X509_ATTRIBUTE_new void -.Ft void -.Fn X509_ATTRIBUTE_free "X509_ATTRIBUTE *attr" -.Sh DESCRIPTION -In the X.501 standard, an -.Vt Attribute -is the fundamental ASN.1 data type used to represent any kind of -property of any kind of directory entry. -In OpenSSL, very few objects use it directly, most notably the -.Vt X509_REQ_INFO -object used for PKCS#10 certification requests described in -.Xr X509_REQ_new 3 , -the -.Vt PKCS8_PRIV_KEY_INFO -object used for PKCS#8 private key information described in -.Xr PKCS8_PRIV_KEY_INFO_new 3 , -and the -.Vt PKCS12_SAFEBAG -container object described in -.Xr PKCS12_SAFEBAG_new 3 . -.Pp -.Fn X509_ATTRIBUTE_new -allocates and initializes an empty -.Vt X509_ATTRIBUTE -object. -.Fn X509_ATTRIBUTE_free -frees -.Fa attr . -.Sh RETURN VALUES -.Fn X509_ATTRIBUTE_new -returns the new -.Vt X509_ATTRIBUTE -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_X509_ATTRIBUTE 3 , -.Xr PKCS12_SAFEBAG_new 3 , -.Xr PKCS7_add_attribute 3 , -.Xr PKCS8_PRIV_KEY_INFO_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 , -.Xr X509_REQ_new 3 -.Sh STANDARDS -.Bl -ohang -.It Xo -For the general definition of the -.Vt Attribute -data type: -.Xc -ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: -Information Technology \(en Open Systems Interconnection \(en -The Directory: Models, section 8.2: Overall structure -.It For the specific definition in the context of certification requests: -RFC 2986: PKCS #10: Certification Request Syntax Specification, -section 4.1: CertificationRequestInfo -.It For the specific use in the context of private key information: -RFC 5208: Public-Key Cryptography Standards (PKCS) #8: -Private-Key Information Syntax Specification -.It For the specific definition in the context of PFX: -RFC 7292: PKCS #12: Personal Information Exchange Syntax, -section 4.2: The SafeBag Type -.El -.Sh HISTORY -.Fn X509_ATTRIBUTE_new -and -.Fn X509_ATTRIBUTE_free -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Sh BUGS -A data type designed to hold arbitrary data is an oxymoron. -.Pp -While it may occasionally be useful for abstract syntax specification -or for generic container objects, using it for the representation -of specific data in a specific data structure feels like dubious -design. -.Pp -Having two distinct data types to hold arbitrary data \(en -in this case, -.Vt X509_ATTRIBUTE -on the X.501 language level and -.Vt X509_EXTENSION -as described in -.Xr X509_EXTENSION_new 3 -on the X.509 language level \(en feels even more questionable, -in particular considering that Attributes in certification requests -can be used to ask for Extensions in certificates. -.Pp -At the very least, the direct use of the low-level generic -.Vt X509_ATTRIBUTE -type in specific data types like certification requests or private -key information looks like a layering violation and appears to put -type safety into jeopardy. diff --git a/src/lib/libcrypto/man/X509_CINF_new.3 b/src/lib/libcrypto/man/X509_CINF_new.3 deleted file mode 100644 index f7de4d9524..0000000000 --- a/src/lib/libcrypto/man/X509_CINF_new.3 +++ /dev/null @@ -1,118 +0,0 @@ -.\" $OpenBSD: X509_CINF_new.3,v 1.10 2021/07/24 14:33:14 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 24 2021 $ -.Dt X509_CINF_NEW 3 -.Os -.Sh NAME -.Nm X509_CINF_new , -.Nm X509_CINF_free , -.Nm X509_VAL_new , -.Nm X509_VAL_free , -.Nm X509_CERT_AUX_new , -.Nm X509_CERT_AUX_free -.Nd X.509 certificate information objects -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_CINF * -.Fn X509_CINF_new void -.Ft void -.Fn X509_CINF_free "X509_CINF *inf" -.Ft X509_VAL * -.Fn X509_VAL_new void -.Ft void -.Fn X509_VAL_free "X509_VAL *val" -.Ft X509_CERT_AUX * -.Fn X509_CERT_AUX_new void -.Ft void -.Fn X509_CERT_AUX_free "X509_CERT_AUX *aux" -.Sh DESCRIPTION -.Fn X509_CINF_new -allocates and initializes an empty -.Vt X509_CINF -object, representing an ASN.1 -.Vt TBSCertificate -structure defined in RFC 5280 section 4.1. -It is used inside the -.Vt X509 -object and holds the main information contained in the X.509 -certificate including subject, public key, issuer, serial number, -validity period, and extensions. -.Fn X509_CINF_free -frees -.Fa inf . -.Pp -.Fn X509_VAL_new -allocates and initializes an empty -.Vt X509_VAL -object, representing an ASN.1 -.Vt Validity -structure defined in RFC 5280 section 4.1. -It is used inside the -.Vt X509_CINF -object and holds the validity period of the certificate. -.Fn X509_VAL_free -frees -.Fa val . -.Pp -.Fn X509_CERT_AUX_new -allocates and initializes an empty -.Vt X509_CERT_AUX -structure. -It can be used inside an -.Vt X509 -object to hold optional non-standard auxiliary data appended to a -certificate, for example friendly alias names and trust data. -.Fn X509_CERT_AUX_free -frees -.Fa aux . -.Sh RETURN VALUES -.Fn X509_CINF_new , -.Fn X509_VAL_new , -and -.Fn X509_CERT_AUX_new -return the new -.Vt X509_CINF , -.Vt X509_VAL , -or -.Vt X509_CERT_AUX -object, respectively, or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_X509_CINF 3 , -.Xr X509_add1_trust_object 3 , -.Xr X509_CERT_AUX_print 3 , -.Xr X509_check_trust 3 , -.Xr X509_keyid_set1 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn X509_CINF_new , -.Fn X509_CINF_free , -.Fn X509_VAL_new , -and -.Fn X509_VAL_free -appeared in SSLeay 0.4 or earlier and have been available since -.Ox 2.4 . -.Pp -.Fn X509_CERT_AUX_new -and -.Fn X509_CERT_AUX_free -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 deleted file mode 100644 index 8db046051b..0000000000 --- a/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.11 2020/10/21 17:17:43 tb Exp $ -.\" OpenSSL X509_CRL_get0_by_serial.pod cdd6c8c5 Mar 20 12:29:37 2017 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: October 21 2020 $ -.Dt X509_CRL_GET0_BY_SERIAL 3 -.Os -.Sh NAME -.Nm X509_CRL_get0_by_serial , -.Nm X509_CRL_get0_by_cert , -.Nm X509_CRL_get_REVOKED , -.Nm X509_CRL_add0_revoked , -.Nm X509_CRL_sort -.Nd add, sort, and retrieve CRL entries -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_CRL_get0_by_serial -.Fa "X509_CRL *crl" -.Fa "X509_REVOKED **ret" -.Fa "ASN1_INTEGER *serial" -.Fc -.Ft int -.Fo X509_CRL_get0_by_cert -.Fa "X509_CRL *crl" -.Fa "X509_REVOKED **ret" -.Fa "X509 *x" -.Fc -.Ft STACK_OF(X509_REVOKED) * -.Fo X509_CRL_get_REVOKED -.Fa "X509_CRL *crl" -.Fc -.Ft int -.Fo X509_CRL_add0_revoked -.Fa "X509_CRL *crl" -.Fa "X509_REVOKED *rev" -.Fc -.Ft int -.Fo X509_CRL_sort -.Fa "X509_CRL *crl" -.Fc -.Sh DESCRIPTION -.Fn X509_CRL_get0_by_serial -attempts to find a revoked entry in -.Fa crl -for serial number -.Fa serial . -If it is successful, it sets -.Pf * Fa ret -to the internal pointer of the matching entry. -Consequently, -.Pf * Fa ret -must not be freed up after the call. -.Pp -.Fn X509_CRL_get0_by_cert -is similar to -.Fn X509_CRL_get0_by_serial -except that it looks for a revoked entry using the serial number -of certificate -.Fa x . -.Pp -.Fn X509_CRL_get_REVOKED -returns an internal pointer to a stack of all revoked entries for -.Fa crl . -.Pp -.Fn X509_CRL_add0_revoked -appends revoked entry -.Fa rev -to CRL -.Fa crl . -The pointer -.Fa rev -is used internally so it must not be freed up after the call: it is -freed when the parent CRL is freed. -.Pp -.Fn X509_CRL_sort -sorts the revoked entries of -.Fa crl -into ascending serial number order. -.Pp -Applications can determine the number of revoked entries returned by -.Fn X509_CRL_get_revoked -using -.Fn sk_X509_REVOKED_num -and examine each one in turn using -.Fn sk_X509_REVOKED_value , -both defined in -.In openssl/safestack.h . -.Sh RETURN VALUES -.Fn X509_CRL_get0_by_serial -and -.Fn X509_CRL_get0_by_cert -return 0 for failure or 1 for success, except if the revoked entry -has the reason -.Qq removeFromCRL , -in which case 2 is returned. -.Pp -The -.Fn X509_CRL_add0_revoked -function returns 1 if successful; -otherwise 0 is returned and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Pp -.Fn X509_CRL_sort -returns 1 for success or 0 for failure. -The current implementation cannot fail. -.Pp -.Fn X509_CRL_get_REVOKED -returns a STACK of revoked entries. -.Sh SEE ALSO -.Xr d2i_X509_CRL 3 , -.Xr X509_CRL_get_ext 3 , -.Xr X509_CRL_get_issuer 3 , -.Xr X509_CRL_get_version 3 , -.Xr X509_CRL_new 3 , -.Xr X509_REVOKED_new 3 , -.Xr X509V3_get_d2i 3 -.Sh HISTORY -.Fn X509_CRL_get_REVOKED -first appeared in OpenSSL 0.9.2b and has been available since -.Ox 2.6 . -.Pp -.Fn X509_CRL_add0_revoked -and -.Fn X509_CRL_sort -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn X509_CRL_get0_by_serial -and -.Fn X509_CRL_get0_by_cert -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/X509_CRL_new.3 b/src/lib/libcrypto/man/X509_CRL_new.3 deleted file mode 100644 index 4d3f97afdb..0000000000 --- a/src/lib/libcrypto/man/X509_CRL_new.3 +++ /dev/null @@ -1,143 +0,0 @@ -.\" $OpenBSD: X509_CRL_new.3,v 1.12 2021/08/02 16:21:11 schwarze Exp $ -.\" -.\" Copyright (c) 2016, 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 2 2021 $ -.Dt X509_CRL_NEW 3 -.Os -.Sh NAME -.Nm X509_CRL_new , -.Nm X509_CRL_dup , -.Nm X509_CRL_up_ref , -.Nm X509_CRL_free , -.Nm X509_CRL_INFO_new , -.Nm X509_CRL_INFO_free -.Nd X.509 certificate revocation lists -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_CRL * -.Fn X509_CRL_new void -.Ft X509_CRL * -.Fn X509_CRL_dup "X509_CRL *crl" -.Ft int -.Fn X509_CRL_up_ref "X509_CRL *crl" -.Ft void -.Fn X509_CRL_free "X509_CRL *crl" -.Ft X509_CRL_INFO * -.Fn X509_CRL_INFO_new void -.Ft void -.Fn X509_CRL_INFO_free "X509_CRL_INFO *crl_info" -.Sh DESCRIPTION -.Fn X509_CRL_new -allocates and initializes an empty -.Vt X509_CRL -object, representing an ASN.1 -.Vt CertificateList -structure defined in RFC 5280 section 5.1. -It can hold a pointer to an -.Vt X509_CRL_INFO -object discussed below together with a cryptographic signature -and information about the signature algorithm used. -The reference count is set to 1. -.Pp -.Fn X509_CRL_dup -creates a deep copy of -.Fa crl . -.Pp -.Fn X509_CRL_up_ref -increments the reference count of -.Fa crl -by 1. -.Pp -.Fn X509_CRL_free -decrements the reference count of -.Fa crl -by 1. -If the reference count reaches 0, it frees -.Fa crl . -.Pp -.Fn X509_CRL_INFO_new -allocates and initializes an empty -.Vt X509_CRL_INFO -object, representing an ASN.1 -.Vt TBSCertList -structure defined in RFC 5280 section 5.1. -It is used inside the -.Vt X509_CRL -object and can hold a list of revoked certificates, an issuer name, -the time the list was issued, the time when the next update of the -list is due, and optional extensions. -.Fn X509_CRL_INFO_free -frees -.Fa crl_info . -.Sh RETURN VALUES -.Fn X509_CRL_new , -.Fn X509_CRL_dup , -and -.Fn X509_CRL_INFO_new -return the new -.Vt X509_CRL -or -.Vt X509_CRL_INFO -object, respectively, or -.Dv NULL -if an error occurs. -.Pp -.Fn X509_CRL_up_ref -returns 1 on success or 0 on error. -.Sh SEE ALSO -.Xr ACCESS_DESCRIPTION_new 3 , -.Xr AUTHORITY_KEYID_new 3 , -.Xr d2i_X509_CRL 3 , -.Xr DIST_POINT_new 3 , -.Xr PEM_read_X509_CRL 3 , -.Xr X509_CRL_digest 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_get0_lastUpdate 3 , -.Xr X509_CRL_get0_signature 3 , -.Xr X509_CRL_get_ext 3 , -.Xr X509_CRL_get_ext_d2i 3 , -.Xr X509_CRL_get_issuer 3 , -.Xr X509_CRL_get_version 3 , -.Xr X509_CRL_match 3 , -.Xr X509_CRL_print 3 , -.Xr X509_CRL_sign 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_INFO_new 3 , -.Xr X509_load_crl_file 3 , -.Xr X509_new 3 , -.Xr X509_OBJECT_get0_X509_CRL 3 , -.Xr X509_REVOKED_new 3 , -.Xr X509_STORE_CTX_set0_crls 3 , -.Xr X509_STORE_get1_crls 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, section 5: CRL and CRL -Extensions Profile -.Sh HISTORY -.Fn X509_CRL_new , -.Fn X509_CRL_free , -.Fn X509_CRL_INFO_new , -and -.Fn X509_CRL_INFO_free -first appeared in SSLeay 0.4.4. -.Fn X509_CRL_dup -first appeared in SSLeay 0.5.1. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_CRL_up_ref -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_CRL_print.3 b/src/lib/libcrypto/man/X509_CRL_print.3 deleted file mode 100644 index 2f4832f0e7..0000000000 --- a/src/lib/libcrypto/man/X509_CRL_print.3 +++ /dev/null @@ -1,113 +0,0 @@ -.\" $OpenBSD: X509_CRL_print.3,v 1.1 2021/07/19 13:16:43 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 19 2021 $ -.Dt X509_CRL_PRINT 3 -.Os -.Sh NAME -.Nm X509_CRL_print , -.Nm X509_CRL_print_fp -.Nd pretty-print a certificate revocation list -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_CRL_print -.Fa "BIO *bio" -.Fa "X509_CRL *crl" -.Fc -.Ft int -.Fo X509_CRL_print_fp -.Fa "FILE *fp" -.Fa "X509_CRL *crl" -.Fc -.Sh DESCRIPTION -.Fn X509_CRL_print -prints information contained in -.Fa crl -to -.Fa bio -in human-readable form, in the following order: -.Bl -bullet -.It -The certificate revocation list version number as defined by -the standard, followed in parentheses by the value contained -in the version field in hexadecimal notation. -See -.Xr X509_CRL_get_version 3 -for details. -.It -The name of the signature algorithm is printed with -.Xr X509_signature_print 3 . -.It -The issuer name as returned by -.Xr X509_CRL_get_issuer 3 . -.It -The times of the last and next updates as returned by -.Xr X509_CRL_get0_lastUpdate 3 -and -.Xr X509_CRL_get0_nextUpdate 3 -are printed with -.Xr ASN1_TIME_print 3 . -.It -All X.509 extensions directly contained -in the certificate revocation list object -.Fa crl -are printed with -.Xr X509V3_extensions_print 3 . -.It -Information about revoked certificates is retrieved with -.Xr X509_CRL_get_REVOKED 3 , -and for each revoked certificate, the following is printed: -.Bl -bullet -.It -The serial number of the certificate is printed with -.Xr i2a_ASN1_INTEGER 3 . -.It -The revocation date is printed with -.Xr ASN1_TIME_print 3 . -.It -All X.509 extensions contained in the revocation entry are printed with -.Xr X509V3_extensions_print 3 . -.El -.It -The signature of -.Fa crl -is printed with -.Xr X509_signature_print 3 . -.El -.Pp -.Fn X509_CRL_print_fp -is similar to -.Fn X509_CRL_print -except that it prints to -.Fa fp . -.Sh RETURN VALUES -These functions are intended to return 1 for success and 0 for error. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr X509_CRL_new 3 , -.Xr X509_print_ex 3 , -.Xr X509_REVOKED_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.2 and have been available since -.Ox 2.6 . -.Sh BUGS -Most I/O errors are silently ignored. -Even if the information printed is incomplete, these functions may -return 1 anyway. -.Pp -If the version number is invalid, no information from the CRL is printed -and the functions fail. diff --git a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 deleted file mode 100644 index ef14f7cca3..0000000000 --- a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 +++ /dev/null @@ -1,313 +0,0 @@ -.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.12 2021/07/12 14:54:00 schwarze Exp $ -.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 12 2021 $ -.Dt X509_EXTENSION_SET_OBJECT 3 -.Os -.Sh NAME -.Nm X509_EXTENSION_new , -.Nm X509_EXTENSION_free , -.Nm X509_EXTENSION_create_by_NID , -.Nm X509_EXTENSION_create_by_OBJ , -.Nm X509_EXTENSION_set_object , -.Nm X509_EXTENSION_set_critical , -.Nm X509_EXTENSION_set_data , -.Nm X509_EXTENSION_get_object , -.Nm X509_EXTENSION_get_critical , -.Nm X509_EXTENSION_get_data -.\" In the next line, the capital "E" is not a typo. -.\" The ASN.1 structure is called "Extension", not "extension". -.Nd create, change, and inspect X.509 Extension objects -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_EXTENSION * -.Fn X509_EXTENSION_new void -.Ft void -.Fn X509_EXTENSION_free "X509_EXTENSION *ex" -.Ft X509_EXTENSION * -.Fo X509_EXTENSION_create_by_NID -.Fa "X509_EXTENSION **ex" -.Fa "int nid" -.Fa "int crit" -.Fa "ASN1_OCTET_STRING *data" -.Fc -.Ft X509_EXTENSION * -.Fo X509_EXTENSION_create_by_OBJ -.Fa "X509_EXTENSION **ex" -.Fa "ASN1_OBJECT *obj" -.Fa "int crit" -.Fa "ASN1_OCTET_STRING *data" -.Fc -.Ft int -.Fo X509_EXTENSION_set_object -.Fa "X509_EXTENSION *ex" -.Fa "const ASN1_OBJECT *obj" -.Fc -.Ft int -.Fo X509_EXTENSION_set_critical -.Fa "X509_EXTENSION *ex" -.Fa "int crit" -.Fc -.Ft int -.Fo X509_EXTENSION_set_data -.Fa "X509_EXTENSION *ex" -.Fa "ASN1_OCTET_STRING *data" -.Fc -.Ft ASN1_OBJECT * -.Fo X509_EXTENSION_get_object -.Fa "X509_EXTENSION *ex" -.Fc -.Ft int -.Fo X509_EXTENSION_get_critical -.Fa "const X509_EXTENSION *ex" -.Fc -.Ft ASN1_OCTET_STRING * -.Fo X509_EXTENSION_get_data -.Fa "X509_EXTENSION *ne" -.Fc -.Sh DESCRIPTION -.Fn X509_EXTENSION_new -allocates and initializes an empty -.Vt X509_EXTENSION -object, representing an ASN.1 -.Vt Extension -structure defined in RFC 5280 section 4.1. -It is a wrapper object around specific extension objects of different -types and stores an extension type identifier and a criticality -flag in addition to the DER-encoded form of the wrapped object. -.Vt X509_EXTENSION -objects can be used for X.509 v3 certificates inside -.Vt X509_CINF -objects and for X.509 v2 certificate revocation lists inside -.Vt X509_CRL_INFO -and -.Vt X509_REVOKED -objects. -.Pp -.Fn X509_EXTENSION_free -frees -.Fa ex -and all objects it is using. -.Pp -.Fn X509_EXTENSION_create_by_NID -creates an extension of type -.Fa nid -and criticality -.Fa crit -using data -.Fa data . -The created extension is returned and written to -.Pf * Fa ex -reusing or allocating a new extension if necessary, so -.Pf * Fa ex -should either be -.Dv NULL -or a valid -.Vt X509_EXTENSION -structure. -It must not be an uninitialised pointer. -.Pp -.Fn X509_EXTENSION_create_by_OBJ -is identical to -.Fn X509_EXTENSION_create_by_NID -except that it creates an extension using -.Fa obj -instead of a NID. -.Pp -.Fn X509_EXTENSION_set_object -sets the extension type of -.Fa ex -to -.Fa obj . -The -.Fa obj -pointer is duplicated internally so -.Fa obj -should be freed up after use. -.Pp -.Fn X509_EXTENSION_set_critical -sets the criticality of -.Fa ex -to -.Fa crit . -If -.Fa crit -is zero, the extension in non-critical, otherwise it is critical. -.Pp -.Fn X509_EXTENSION_set_data -sets the data in extension -.Fa ex -to -.Fa data . -The -.Fa data -pointer is duplicated internally. -.Pp -.Fn X509_EXTENSION_get_object -returns the extension type of -.Fa ex -as an -.Vt ASN1_OBJECT -pointer. -The returned pointer is an internal value which must not be freed up. -.Pp -.Fn X509_EXTENSION_get_critical -returns the criticality of extension -.Fa ex -it returns 1 for critical and 0 for non-critical. -.Pp -.Fn X509_EXTENSION_get_data -returns the data of extension -.Fa ex . -The returned pointer is an internal value which must not be freed up. -.Pp -These functions manipulate the contents of an extension directly. -Most applications will want to parse or encode and add an extension: -they should use the extension encode and decode functions instead -such as -.Xr X509_add1_ext_i2d 3 -and -.Xr X509_get_ext_d2i 3 . -.Pp -The -.Fa data -associated with an extension is the extension encoding in an -.Vt ASN1_OCTET_STRING -structure. -.Sh RETURN VALUES -.Fn X509_EXTENSION_new , -.Fn X509_EXTENSION_create_by_NID , -and -.Fn X509_EXTENSION_create_by_OBJ -return an -.Vt X509_EXTENSION -pointer or -.Dv NULL -if an error occurs. -.Pp -.Fn X509_EXTENSION_set_object , -.Fn X509_EXTENSION_set_critical , -and -.Fn X509_EXTENSION_set_data -return 1 for success or 0 for failure. -.Pp -.Fn X509_EXTENSION_get_object -returns an -.Vt ASN1_OBJECT -pointer. -.Pp -.Fn X509_EXTENSION_get_critical -returns 0 for non-critical or 1 for critical. -.Pp -.Fn X509_EXTENSION_get_data -returns an -.Vt ASN1_OCTET_STRING -pointer. -.Sh SEE ALSO -.Xr ACCESS_DESCRIPTION_new 3 , -.Xr AUTHORITY_KEYID_new 3 , -.Xr BASIC_CONSTRAINTS_new 3 , -.Xr d2i_X509_EXTENSION 3 , -.Xr DIST_POINT_new 3 , -.Xr ESS_SIGNING_CERT_new 3 , -.Xr EXTENDED_KEY_USAGE_new 3 , -.Xr GENERAL_NAME_new 3 , -.Xr NAME_CONSTRAINTS_new 3 , -.Xr OCSP_CRLID_new 3 , -.Xr OCSP_SERVICELOC_new 3 , -.Xr PKEY_USAGE_PERIOD_new 3 , -.Xr POLICYINFO_new 3 , -.Xr PROXY_POLICY_new 3 , -.Xr SXNET_new 3 , -.Xr TS_REQ_new 3 , -.Xr X509_check_ca 3 , -.Xr X509_check_host 3 , -.Xr X509_check_issued 3 , -.Xr X509V3_EXT_print 3 , -.Xr X509V3_extensions_print 3 , -.Xr X509V3_get_d2i 3 , -.Xr X509v3_get_ext_by_NID 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn X509_EXTENSION_new -and -.Fn X509_EXTENSION_free -first appeared in SSLeay 0.6.2. -.Fn X509_EXTENSION_create_by_NID , -.Fn X509_EXTENSION_create_by_OBJ , -.Fn X509_EXTENSION_set_object , -.Fn X509_EXTENSION_set_critical , -.Fn X509_EXTENSION_set_data , -.Fn X509_EXTENSION_get_object , -.Fn X509_EXTENSION_get_critical , -and -.Fn X509_EXTENSION_get_data -first appeared in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_INFO_new.3 b/src/lib/libcrypto/man/X509_INFO_new.3 deleted file mode 100644 index 9c601ccb03..0000000000 --- a/src/lib/libcrypto/man/X509_INFO_new.3 +++ /dev/null @@ -1,71 +0,0 @@ -.\" $OpenBSD: X509_INFO_new.3,v 1.2 2020/07/23 17:34:53 schwarze Exp $ -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 23 2020 $ -.Dt X509_INFO_NEW 3 -.Os -.Sh NAME -.Nm X509_INFO_new , -.Nm X509_INFO_free -.Nd X.509 certificate wrapper object -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_INFO * -.Fn X509_INFO_new void -.Ft void -.Fn X509_INFO_free "X509_INFO *info" -.Sh DESCRIPTION -.Vt X509_INFO -is a reference-counted wrapper object storing a pointer to an X.509 -certificate together with pointers to the associated private key -and to an associated certificate revocation list. -It is for example used internally by -.Xr X509_load_cert_crl_file 3 . -.Pp -.Fn X509_INFO_new -allocates and initializes an empty -.Vt X509_INFO -object and sets its reference count to 1. -.Pp -.Fn X509_INFO_free -decrements the reference count of -.Fa info -by 1. -If the reference count reaches 0, it frees all referenced objects -as well as the storage needed for -.Fa info -itself. -If -.Fa info -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -.Fn X509_INFO_new -returns the newly allocated -.Vt X509_INFO -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr PEM_X509_INFO_read 3 , -.Xr X509_CRL_new 3 , -.Xr X509_new 3 -.Sh HISTORY -.Fn X509_INFO_new -and -.Fn X509_INFO_free -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 deleted file mode 100644 index 14e49f3a77..0000000000 --- a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 +++ /dev/null @@ -1,281 +0,0 @@ -.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.10 2021/07/31 14:54:33 schwarze Exp $ -.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Victor B. Wagner -.\" and Claus Assmann. -.\" Copyright (c) 2015, 2016, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 31 2021 $ -.Dt X509_LOOKUP_HASH_DIR 3 -.Os -.Sh NAME -.Nm X509_LOOKUP_hash_dir , -.Nm X509_LOOKUP_file , -.Nm X509_LOOKUP_mem , -.Nm X509_load_cert_file , -.Nm X509_load_crl_file , -.Nm X509_load_cert_crl_file -.Nd default certificate lookup methods -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft X509_LOOKUP_METHOD * -.Fn X509_LOOKUP_hash_dir void -.Ft X509_LOOKUP_METHOD * -.Fn X509_LOOKUP_file void -.Ft X509_LOOKUP_METHOD * -.Fn X509_LOOKUP_mem void -.Ft int -.Fo X509_load_cert_file -.Fa "X509_LOOKUP *ctx" -.Fa "const char *file" -.Fa "int type" -.Fc -.Ft int -.Fo X509_load_crl_file -.Fa "X509_LOOKUP *ctx" -.Fa "const char *file" -.Fa "int type" -.Fc -.Ft int -.Fo X509_load_cert_crl_file -.Fa "X509_LOOKUP *ctx" -.Fa "const char *file" -.Fa "int type" -.Fc -.Sh DESCRIPTION -.Fn X509_LOOKUP_hash_dir , -.Fn X509_LOOKUP_file , -and -.Fn X509_LOOKUP_mem -return pointers to static certificate lookup method objects -built into the library, for use with -.Vt X509_STORE . -.Pp -Users of the library typically do not need -to retrieve pointers to these method objects manually. -They are automatically used by the -.Xr X509_STORE_load_locations 3 -or -.Xr SSL_CTX_load_verify_locations 3 -functions. -.Pp -Internally, loading of certificates and CRLs is implemented via the functions -.Fn X509_load_cert_crl_file , -.Fn X509_load_cert_file -and -.Fn X509_load_crl_file . -These functions support a parameter -.Fa type , -which can be one of the constants -.Dv FILETYPE_PEM , -.Dv FILETYPE_ASN1 , -and -.Dv FILETYPE_DEFAULT . -They load certificates and/or CRLs from the specified file into a -memory cache of -.Vt X509_STORE -objects which the given -.Fa ctx -parameter is associated with. -.Pp -The functions -.Fn X509_load_cert_file -and -.Fn X509_load_crl_file -can load both PEM and DER formats depending on the -.Fa type -value. -Because DER format cannot contain more than one certificate or CRL -object (while PEM can contain several concatenated PEM objects), -.Fn X509_load_cert_crl_file -with -.Dv FILETYPE_ASN1 -is equivalent to -.Fn X509_load_cert_file . -.Pp -The constant -.Dv FILETYPE_DEFAULT -with -.Dv NULL -filename causes these functions to load the default certificate -store file (see -.Xr X509_STORE_set_default_paths 3 ) . -.Pp -All three methods support adding several certificate locations into one -.Sy X509_STORE . -.Pp -This page documents certificate store formats used by these methods and -caching policy. -.Ss File Method -The -.Fn X509_LOOKUP_file -method loads all the certificates or CRLs present in a file into memory -at the time the file is added as a lookup source. -.Pp -The file format is ASCII text which contains concatenated PEM -certificates and CRLs. -.Pp -This method should be used by applications which work with a small set -of CAs. -.Ss Hashed Directory Method -.Fa X509_LOOKUP_hash_dir -is a more advanced method which loads certificates and CRLs on demand, -and caches them in memory once they are loaded. -As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so -that newer CRLs are used as soon as they appear in the directory. -.Pp -The directory should contain one certificate or CRL per file in PEM -format, with a file name of the form -.Ar hash . Ns Ar N -for a certificate, or -.Ar hash . Ns Sy r Ns Ar N -for a CRL. -The -.Ar hash -is the value returned by the -.Xr X509_NAME_hash 3 -function applied to the subject name for certificates or issuer -name for CRLs. -The hash can also be obtained via the -.Fl hash -option of the -.Xr openssl 1 -.Cm x509 -or -.Cm crl -commands. -.Pp -The -.Ar N -suffix is a sequence number that starts at zero and is incremented -consecutively for each certificate or CRL with the same -.Ar hash -value. -Gaps in the sequence numbers are not supported. -It is assumed that there are no more objects with the same hash -beyond the first missing number in the sequence. -.Pp -Sequence numbers make it possible for the directory to contain multiple -certificates with the same subject name hash value. -For example, it is possible to have in the store several certificates -with the same subject or several CRLs with the same issuer (and, for -example, a different validity period). -.Pp -When checking for new CRLs, once one CRL for a given hash value is -loaded, hash_dir lookup method checks only for certificates with -sequence number greater than that of the already cached CRL. -.Pp -Note that the hash algorithm used for subject name hashing changed in -OpenSSL 1.0.0, and all certificate stores have to be rehashed when -moving from OpenSSL 0.9.8 to 1.0.0. -.Ss Memory Method -The -.Fn X509_LOOKUP_mem -method supports loading PEM-encoded certificates and revocation lists -that are already stored in memory, using the function -.Xr X509_LOOKUP_add_mem 3 . -This is particularly useful in processes using -.Xr chroot 2 . -.Sh RETURN VALUES -.Fn X509_LOOKUP_hash_dir , -.Fn X509_LOOKUP_file , -and -.Fn X509_LOOKUP_mem -always return a pointer to a static -.Vt X509_LOOKUP_METHOD -object. -.Pp -.Fn X509_load_cert_file , -.Fn X509_load_crl_file , -and -.Fn X509_load_cert_crl_file -return the number of objects loaded from the -.Fa file -or 0 on error. -.Sh SEE ALSO -.Xr d2i_X509_bio 3 , -.Xr PEM_read_PrivateKey 3 , -.Xr SSL_CTX_load_verify_locations 3 , -.Xr X509_LOOKUP_new 3 , -.Xr X509_OBJECT_get0_X509 3 , -.Xr X509_STORE_load_locations 3 , -.Xr X509_STORE_new 3 -.Sh HISTORY -.Fn X509_LOOKUP_hash_dir , -.Fn X509_LOOKUP_file , -and -.Fn X509_load_cert_file -first appeared in SSLeay 0.8.0. -.Fn X509_load_crl_file -first appeared in SSLeay 0.9.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_load_cert_crl_file -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn X509_LOOKUP_mem -first appeared in -.Ox 5.7 . diff --git a/src/lib/libcrypto/man/X509_LOOKUP_new.3 b/src/lib/libcrypto/man/X509_LOOKUP_new.3 deleted file mode 100644 index 02420d664b..0000000000 --- a/src/lib/libcrypto/man/X509_LOOKUP_new.3 +++ /dev/null @@ -1,616 +0,0 @@ -.\" $OpenBSD: X509_LOOKUP_new.3,v 1.4 2021/08/06 19:09:56 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 6 2021 $ -.Dt X509_LOOKUP_NEW 3 -.Os -.Sh NAME -.Nm X509_LOOKUP_new , -.Nm X509_LOOKUP_free , -.Nm X509_LOOKUP_ctrl , -.Nm X509_LOOKUP_add_dir , -.Nm X509_LOOKUP_load_file , -.Nm X509_LOOKUP_add_mem , -.Nm X509_LOOKUP_by_subject , -.Nm X509_LOOKUP_init , -.Nm X509_LOOKUP_shutdown , -.Nm X509_LOOKUP_by_issuer_serial , -.Nm X509_LOOKUP_by_fingerprint , -.Nm X509_LOOKUP_by_alias , -.Nm X509_get_default_cert_dir , -.Nm X509_get_default_cert_file , -.Nm X509_get_default_cert_dir_env , -.Nm X509_get_default_cert_file_env -.\" X509_get_default_private_dir is intentionally undocumented -.\" because it appears to be unused by any real-world software -.\" and because it doesn't do much in the first place. -.Nd certificate lookup object -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft X509_LOOKUP * -.Fn X509_LOOKUP_new "X509_LOOKUP_METHOD *method" -.Ft void -.Fn X509_LOOKUP_free "X509_LOOKUP *lookup" -.Ft int -.Fo X509_LOOKUP_ctrl -.Fa "X509_LOOKUP *lookup" -.Fa "int command" -.Fa "const char *source" -.Fa "long type" -.Fa "char **ret" -.Fc -.Ft int -.Fo X509_LOOKUP_add_dir -.Fa "X509_LOOKUP *lookup" -.Fa "const char *source" -.Fa "long type" -.Fc -.Ft int -.Fo X509_LOOKUP_load_file -.Fa "X509_LOOKUP *lookup" -.Fa "const char *source" -.Fa "long type" -.Fc -.Ft int -.Fo X509_LOOKUP_add_mem -.Fa "X509_LOOKUP *lookup" -.Fa "const struct iovec *source" -.Fa "long type" -.Fc -.Ft int -.Fo X509_LOOKUP_by_subject -.Fa "X509_LOOKUP *lookup" -.Fa "int type" -.Fa "X509_NAME *name" -.Fa "X509_OBJECT *object" -.Fc -.Ft int -.Fn X509_LOOKUP_init "X509_LOOKUP *lookup" -.Ft int -.Fn X509_LOOKUP_shutdown "X509_LOOKUP *lookup" -.Ft int -.Fo X509_LOOKUP_by_issuer_serial -.Fa "X509_LOOKUP *lookup" -.Fa "int type" -.Fa "X509_NAME *name" -.Fa "ASN1_INTEGER *serial" -.Fa "X509_OBJECT *object" -.Fc -.Ft int -.Fo X509_LOOKUP_by_fingerprint -.Fa "X509_LOOKUP *lookup" -.Fa "int type" -.Fa "const unsigned char *bytes" -.Fa "int length" -.Fa "X509_OBJECT *object" -.Fc -.Ft int -.Fo X509_LOOKUP_by_alias -.Fa "X509_LOOKUP *lookup" -.Fa "int type" -.Fa "const char *string" -.Fa "int length" -.Fa "X509_OBJECT *object" -.Fc -.In openssl/x509.h -.Ft const char * -.Fn X509_get_default_cert_dir void -.Ft const char * -.Fn X509_get_default_cert_file void -.Ft const char * -.Fn X509_get_default_cert_dir_env void -.Ft const char * -.Fn X509_get_default_cert_file_env void -.Sh DESCRIPTION -.Fn X509_LOOKUP_new -allocates a new, empty -.Vt X509_LOOKUP -object and associates it with the -.Fa method -which is a static objects returned from either -.Xr X509_LOOKUP_hash_dir 3 -or -.Xr X509_LOOKUP_file 3 -or -.Xr X509_LOOKUP_mem 3 . -.Pp -.Fn X509_LOOKUP_free -releases the memory used by -.Fa lookup . -If -.Fa lookup -is a -.Dv NULL -pointer, no action occurs. -.Pp -The operation of -.Fn X509_LOOKUP_ctrl -depends on the -.Vt X509_LOOKUP_METHOD -used by -.Fa lookup : -.Bl -tag -width 4n -.It Xr X509_LOOKUP_hash_dir 3 -The -.Fa command -is required to be -.Dv X509_L_ADD_DIR -and the -.Fa source -argument is interpreted -as a colon-separated, NUL-terminated list of directory names. -These directories are added to an internal list of directories to search -for certificate files of the given -.Fa type . -.Pp -If -.Fa type -is -.Dv X509_FILETYPE_DEFAULT , -the -.Fa source -argument is ignored and -.Pa /etc/ssl/certs -and a type of -.Dv X509_FILETYPE_PEM -are used instead. -.Pp -.Fn X509_LOOKUP_add_dir -is a macro that calls -.Fn X509_LOOKUP_ctrl -with a -.Fa command -of -.Dv X509_L_ADD_DIR -and -.Fa ret -set to -.Dv NULL . -.Pp -This lookup method is peculiar in so far as calling -.Fn X509_LOOKUP_ctrl -on a lookup object using it does not yet add any certificates to the associated -.Vt X509_STORE -object. -They need to be added selectively using -.Fn X509_LOOKUP_by_subject . -.It Xr X509_LOOKUP_file 3 -The -.Fa command -is required to be -.Dv X509_L_FILE_LOAD -and the -.Fa source -argument is interpreted as a NUL-terminated file name. -If the -.Fa type -is -.Dv X509_FILETYPE_PEM , -the file is read with -.Xr BIO_new_file 3 -and -.Xr PEM_X509_INFO_read_bio 3 -and the certificates and revocation lists found are added to the -.Vt X509_STORE -object associated with -.Fa lookup -using -.Xr X509_STORE_add_cert 3 -and -.Xr X509_STORE_add_crl 3 . -If -.Fa type -is -.Dv X509_FILETYPE_DEFAULT , -the -.Fa source -argument is ignored and -.Pa /etc/ssl/certs.pem -and a type of -.Dv X509_FILETYPE_PEM -are used instead. -If -.Fa type -is -.Dv X509_FILETYPE_ASN1 , -the file is read with -.Xr d2i_X509_bio 3 -and the single certificate is added to the -.Vt X509_STORE -object associated with -.Fa lookup -using -.Xr X509_STORE_add_cert 3 . -.Pp -.Fn X509_LOOKUP_load_file -is a macro calling -.Fn X509_LOOKUP_ctrl -with a -.Fa command -of -.Dv X509_L_FILE_LOAD -and -.Fa ret -set to -.Dv NULL . -.It Xr X509_LOOKUP_mem 3 -The -.Fa command -and -.Fa type -are required to be -.Dv X509_L_MEM -and -.Dv X509_FILETYPE_PEM , -respectively. -The -.Fa source -argument is interpreted as a pointer to an -.Vt iovec -structure defined in -.In sys/uio.h . -The memory area described by that structure is read with -.Xr BIO_new_mem_buf 3 -and -.Xr PEM_X509_INFO_read_bio 3 -and the certificates and revocation lists found are added to the -.Vt X509_STORE -object associated with -.Fa lookup -using -.Xr X509_STORE_add_cert 3 -and -.Xr X509_STORE_add_crl 3 . -.Pp -.Fn X509_LOOKUP_add_mem -is a macro calling -.Fn X509_LOOKUP_ctrl -with a command of -.Dv X509_L_MEM -and -.Fa ret -set to -.Dv NULL . -.El -.Pp -.Fn X509_LOOKUP_ctrl -always ignores the -.Fa ret -argument when the built-in -.Vt X509_LOOKUP_METHOD -objects are used. -.Pp -When using built-in -.Vt X509_LOOKUP_METHOD -objects, -.Fn X509_LOOKUP_by_subject -is only useful if -.Fa lookup -uses -.Xr X509_LOOKUP_hash_dir 3 . -It passes the -.Fa name -to -.Xr X509_NAME_hash 3 -and converts the resulting hash to an eight-digit lower-case -hexadecimal number. -.Pp -If the -.Fa type -is -.Dv X509_LU_X509 , -it searches the configured directories for files having that name, -with a file name extension that is a small, non-negative decimal integer -starting at -.Qq ".0" . -These files are read with -.Xr X509_load_cert_file 3 . -In each directory, the search is ended once a file with the expected name -and extension does not exists. -.Pp -If the -.Fa type -is -.Dv X509_LU_CRL , -the file name extensions are expected to have a prefix of -.Qq "r" , -i.e. they start with -.Qq ".r0" , -and the files are read with -.Xr X509_load_crl_file 3 . -.Pp -In case of success, the first match is returned in the -.Pf * Fa object -provided by the caller, overwriting any previous content. -.Pp -Unless an application program manually constructs its own -.Vt X509_LOOKUP_METHOD -object containing its own callback functions, -.Fn X509_LOOKUP_init , -.Fn X509_LOOKUP_shutdown , -.Fn X509_LOOKUP_by_issuer_serial , -.Fn X509_LOOKUP_by_fingerprint , -and -.Fn X509_LOOKUP_by_alias -have no effect. -.Fn X509_LOOKUP_init -is supposed to be called after -.Fn X509_LOOKUP_new -and before using the -.Fa lookup -object, -.Fn X509_LOOKUP_shutdown -after using it and before -.Fn X509_LOOKUP_free . -.Sh RETURN VALUES -.Fn X509_LOOKUP_new -returns the new object or -.Dv NULL -if memory allocation fails. -.Pp -.Fn X509_LOOKUP_ctrl -returns 1 for success or 0 for failure. -If -.Fa lookup -uses a user-defined -.Vt X509_LOOKUP_METHOD -object, it might also return \-1 for internal errors. -.Pp -.Fn X509_LOOKUP_by_subject -returns -.Dv X509_LU_X509 -for success or -.Dv X509_LU_FAIL -for failure. -In particular, it fails if -.Fa lookup -uses -.Xr X509_LOOKUP_file 3 -or -.Xr X509_LOOKUP_mem 3 , -if -.Fa name -is -.Dv NULL , -if -.Fa type -is neither -.Dv X509_LU_X509 -nor -.Dv X509_LU_CRL , -if no match is found, or if memory allocation fails. -If -.Fa lookup -uses a user-defined -.Vt X509_LOOKUP_METHOD -object, it might also return negative values for internal errors. -.Pp -.Fn X509_LOOKUP_init -and -.Fn X509_LOOKUP_shutdown -are supposed to return 1 for success and 0 for failure. -When using the built-in -.Vt X509_LOOKUP_METHOD -objects, they always return 1. -.Pp -.Fn X509_LOOKUP_by_issuer_serial , -.Fn X509_LOOKUP_by_fingerprint , -and -.Fn X509_LOOKUP_by_alias -always return -.Dv X509_LU_FAIL -when using the built-in -.Vt X509_LOOKUP_METHOD -objects. -.Pp -.Fn X509_get_default_cert_dir -returns a pointer to the constant string -.Qq /etc/ssl/certs , -.Fn X509_get_default_cert_file -to -.Qq /etc/ssl/certs.pem , -.Fn X509_get_default_cert_dir_env -to -.Qq SSL_CERT_DIR , -and -.Fn X509_get_default_cert_file_env -to -.Qq SSL_CERT_FILE . -.Sh ENVIRONMENT -For reasons of security and simplicity, -LibreSSL ignores the environment variables -.Ev SSL_CERT_DIR -and -.Ev SSL_CERT_FILE , -but other library implementations may use their contents instead -of the standard locations for trusted certificates, and a few -third-party application programs also inspect these variables -directly and may pass their values to -.Fn X509_LOOKUP_add_dir -and -.Fn X509_LOOKUP_load_file . -.Sh FILES -.Bl -tag -width /etc/ssl/certs.pem -compact -.It Pa /etc/ssl/certs/ -default directory for storing trusted certificates -.It Pa /etc/ssl/certs.pem -default file for storing trusted certificates -.El -.Sh ERRORS -The following diagnostics can be retrieved with -.Xr ERR_get_error 3 , -.Xr ERR_GET_REASON 3 , -and -.Xr ERR_reason_error_string 3 : -.Bl -tag -width Ds -.It Dv ERR_R_ASN1_LIB Qq "ASN1 lib" -.Xr d2i_X509_bio 3 -failed in -.Fn X509_LOOKUP_ctrl . -.It Dv X509_R_BAD_X509_FILETYPE Qq "bad x509 filetype" -.Fn X509_LOOKUP_ctrl -was called with an invalid -.Fa type . -.It Dv ERR_R_BUF_LIB Qq "BUF lib" -Memory allocation failed in -.Fn X509_LOOKUP_by_subject . -.It Dv X509_R_INVALID_DIRECTORY Qq "invalid directory" -The -.Fa source -argument of -.Fn X509_LOOKUP_ctrl -with -.Dv X509_L_ADD_DIR -or -.Fn X509_LOOKUP_add_dir -was -.Dv NULL -or an empty string. -.It Dv X509_R_LOADING_CERT_DIR Qq "loading cert dir" -.Fn X509_LOOKUP_ctrl -with -.Dv X509_L_ADD_DIR -or -.Fn X509_LOOKUP_add_dir -was called with -.Dv X509_FILETYPE_DEFAULT -and adding the default directories failed. -This error is added after and in addition to a more specific diagnostic. -.It Dv X509_R_LOADING_DEFAULTS Qq "loading defaults" -.Fn X509_LOOKUP_ctrl -with -.Dv X509_L_FILE_LOAD -or -.Fn X509_LOOKUP_load_file -was called with -.Dv X509_FILETYPE_DEFAULT -and adding the certificates and revocation lists failed. -This error is added after and in addition to a more specific diagnostic. -.It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure" -Memory allocation failed in -.Fn X509_LOOKUP_ctrl -or -.Fn X509_LOOKUP_by_subject . -.It Dv ERR_R_PEM_LIB Qq "PEM lib" -.Xr PEM_X509_INFO_read_bio 3 , -.Xr PEM_read_bio_X509_AUX 3 , -or -.Xr PEM_read_bio_X509_CRL 3 -failed in -.Fn X509_LOOKUP_ctrl . -.It Dv ERR_R_SYS_LIB Qq "system lib" -.Xr BIO_new 3 , -.Xr BIO_new_file 3 , -or -.Xr BIO_read_filename 3 -failed in -.Fn X509_LOOKUP_ctrl . -.It Dv X509_R_WRONG_LOOKUP_TYPE Qq "wrong lookup type" -.Fn X509_LOOKUP_by_subject -was called with an invalid -.Fa type . -.El -.Pp -Passing an invalid -.Fa command -to -.Fn X509_LOOKUP_ctrl -or calling -.Fn X509_LOOKUP_by_subject -with a -.Dv NULL -.Fa name -or with arguments that yield no match -causes failure but provides no diagnostics. -.Sh SEE ALSO -.Xr d2i_X509_bio 3 , -.Xr PEM_read_bio_X509_AUX 3 , -.Xr PEM_X509_INFO_read_bio 3 , -.Xr X509_LOOKUP_hash_dir 3 , -.Xr X509_NAME_hash 3 , -.Xr X509_NAME_new 3 , -.Xr X509_new 3 , -.Xr X509_OBJECT_get_type 3 , -.Xr X509_STORE_add_cert 3 , -.Xr X509_STORE_get_by_subject 3 -.Sh HISTORY -.Fn X509_get_default_cert_dir , -.Fn X509_get_default_cert_file , -.Fn X509_get_default_cert_dir_env , -and -.Fn X509_get_default_cert_file_env -first appeared in SSLeay 0.4.1 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_LOOKUP_add_mem -first appeared in -.Ox 5.7 . -.Pp -The other functions first appeared in SSLeay 0.8.0 -and have been available since -.Ox 2.4 . -.Sh BUGS -If the -.Fa type -is -.Dv X509_FILETYPE_DEFAULT -or -.Dv X509_FILETYPE_PEM , -.Fn X509_LOOKUP_ctrl -with -.Dv X509_L_FILE_LOAD -and -.Fn X509_LOOKUP_load_file -silently ignore failure of -.Xr X509_STORE_add_cert 3 -and -.Xr X509_STORE_add_crl 3 -and indicate success anyway. -.Pp -Handling of a -.Dv NULL -.Fa source -is inconsistent for -.Fn X509_LOOKUP_ctrl -with -.Dv X509_L_FILE_LOAD -and for -.Fn X509_LOOKUP_load_file . -With -.Dv X509_FILETYPE_PEM , -it causes failure, but with -.Dv X509_FILETYPE_ASN1 , -no action occurs and success is indicated. -.Pp -When called on a -.Fa lookup -object using -.Xr X509_LOOKUP_mem 3 , -.Fn X509_LOOKUP_ctrl -raises -.Dv ERR_R_PEM_LIB -when called with an invalid -.Fa command -or -.Fa type , -when -.Xr BIO_new_mem_buf 3 -fails, when -.Fa source -contains zero objects, or when -.Xr X509_STORE_add_cert 3 -fails on the first object encountered, which is all inconsistent -with the behaviour of the other lookup methods. diff --git a/src/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/src/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 deleted file mode 100644 index 7437ee82c1..0000000000 --- a/src/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ /dev/null @@ -1,369 +0,0 @@ -.\" $OpenBSD: X509_NAME_ENTRY_get_object.3,v 1.14 2021/07/02 16:13:56 schwarze Exp $ -.\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 -.\" selective merge up to: OpenSSL ca34e08d Dec 12 07:38:07 2018 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016, 2018, 2019, 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2005, 2006, 2017 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 2 2021 $ -.Dt X509_NAME_ENTRY_GET_OBJECT 3 -.Os -.Sh NAME -.Nm X509_NAME_ENTRY_new , -.Nm X509_NAME_ENTRY_free , -.Nm X509_NAME_ENTRY_get_object , -.Nm X509_NAME_ENTRY_get_data , -.Nm X509_NAME_ENTRY_set , -.Nm X509_NAME_ENTRY_set_object , -.Nm X509_NAME_ENTRY_set_data , -.Nm X509_NAME_ENTRY_create_by_txt , -.Nm X509_NAME_ENTRY_create_by_NID , -.Nm X509_NAME_ENTRY_create_by_OBJ -.\" In the following line, "X.501" is not a typo. -.\" This object defined in X.501, not in X.509. -.Nd X.501 relative distinguished name -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_NAME_ENTRY * -.Fn X509_NAME_ENTRY_new void -.Ft void -.Fo X509_NAME_ENTRY_free -.Fa "X509_NAME_ENTRY* ne" -.Fc -.Ft ASN1_OBJECT * -.Fo X509_NAME_ENTRY_get_object -.Fa "const X509_NAME_ENTRY *ne" -.Fc -.Ft ASN1_STRING * -.Fo X509_NAME_ENTRY_get_data -.Fa "const X509_NAME_ENTRY *ne" -.Fc -.Ft int -.Fo X509_NAME_ENTRY_set -.Fa "const X509_NAME_ENTRY *ne" -.Fc -.Ft int -.Fo X509_NAME_ENTRY_set_object -.Fa "X509_NAME_ENTRY *ne" -.Fa "const ASN1_OBJECT *obj" -.Fc -.Ft int -.Fo X509_NAME_ENTRY_set_data -.Fa "X509_NAME_ENTRY *ne" -.Fa "int type" -.Fa "const unsigned char *bytes" -.Fa "int len" -.Fc -.Ft X509_NAME_ENTRY * -.Fo X509_NAME_ENTRY_create_by_txt -.Fa "X509_NAME_ENTRY **ne" -.Fa "const char *field" -.Fa "int type" -.Fa "const unsigned char *bytes" -.Fa "int len" -.Fc -.Ft X509_NAME_ENTRY * -.Fo X509_NAME_ENTRY_create_by_NID -.Fa "X509_NAME_ENTRY **ne" -.Fa "int nid" -.Fa "int type" -.Fa "const unsigned char *bytes" -.Fa "int len" -.Fc -.Ft X509_NAME_ENTRY * -.Fo X509_NAME_ENTRY_create_by_OBJ -.Fa "X509_NAME_ENTRY **ne" -.Fa "const ASN1_OBJECT *obj" -.Fa "int type" -.Fa "const unsigned char *bytes" -.Fa "int len" -.Fc -.Sh DESCRIPTION -An X.501 -.Vt RelativeDistinguishedName -is an ordered set of field type and value pairs. -It is the building block for constructing X.501 -.Vt Name -objects. -The -.Vt X509_NAME_ENTRY -object stores one such pair, containing one field type and one value. -.Pp -.Vt X509_NAME_ENTRY -objects are intended for use by the -.Vt X509_NAME -objects documented in -.Xr X509_NAME_new 3 . -Since part of the information about how several -.Vt X509_NAME_ENTRY -objects combine to form an X.501 -.Vt Name -is stored in the individual -.Vt X509_NAME_ENTRY -objects rather than in the -.Vt X509_NAME -object, any given -.Vt X509_NAME_ENTRY -object can only be used by one -.Vt X509_NAME -object at a time. -.Pp -.Fn X509_NAME_ENTRY_new -allocates and initializes an empty -.Vt X509_NAME_ENTRY -object, representing an ASN.1 -.Vt RelativeDistinguishedName -structure defined in RFC 5280 section 4.1.2.4, but containing not more -than one type-value-pair. -.Pp -.Fn X509_NAME_ENTRY_free -frees -.Fa ne -and the type and value contained in it. -.Pp -.Fn X509_NAME_ENTRY_get_object -retrieves the field type of -.Fa ne -in an -.Vt ASN1_OBJECT -structure. -.Fn X509_NAME_ENTRY_get_data -retrieves the field value of -.Fa ne -in an -.Vt ASN1_STRING -structure. -These two functions can be used to examine an -.Vt X509_NAME_ENTRY -object as returned by -.Xr X509_NAME_get_entry 3 . -.Pp -.Fn X509_NAME_ENTRY_set -retrieves the index of the X.501 -.Vt RelativeDistinguishedName Pq RDN -that -.Fa ne -is part of in the X.501 -.Vt Name -object using it. -The first RDN has index 0. -If an RDN consists of more than one -.Vt X509_NAME_ENTRY -object, they all share the same index. -In practice, RDNs containing more than one type-value-pair are rarely -used, so if an -.Va X509_NAME *name -object uses -.Fa ne , -then -.Fn X509_NAME_ENTRY_set ne -usually agrees with -.Fn sk_X509_NAME_ENTRY_find name->entries ne , -but when multi-pair RDNs are used, it may be smaller. -.Pp -.Fn X509_NAME_ENTRY_set_object -sets the field type of -.Fa ne -to -.Fa obj . -.Pp -.Fn X509_NAME_ENTRY_set_data -sets the field value of -.Fa ne -to string type -.Fa type -and the value determined by -.Fa bytes -and -.Fa len . -.Pp -.Fn X509_NAME_ENTRY_create_by_txt , -.Fn X509_NAME_ENTRY_create_by_NID , -and -.Fn X509_NAME_ENTRY_create_by_OBJ -create and return an -.Vt X509_NAME_ENTRY -structure. -.Pp -Except for -.Fn X509_NAME_ENTRY_get_object -and -.Fn X509_NAME_ENTRY_get_data , -these functions are rarely used because -.Vt X509_NAME_ENTRY -structures are almost always part of -.Vt X509_NAME -structures and the functions described in -.Xr X509_NAME_add_entry_by_txt 3 -are typically used to create and add new entries in a single operation. -.Pp -The arguments of these functions support similar options to the -similarly named ones described in -.Xr X509_NAME_add_entry_by_txt 3 . -So for example -.Fa type -can be set to -.Dv MBSTRING_ASC , -but in the case of -.Fn X509_NAME_ENTRY_set_data -the field type must be set first so the relevant field information -can be looked up internally. -.Sh RETURN VALUES -The -.Fn X509_NAME_ENTRY_new -function returns a valid -.Vt X509_NAME_ENTRY -structure if successful; otherwise -.Dv NULL -is returned and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Pp -.Fn X509_NAME_ENTRY_get_object -returns a valid -.Vt ASN1_OBJECT -structure if it is set or -.Dv NULL -if an error occurred. -.Pp -.Fn X509_NAME_ENTRY_get_data -returns a valid -.Vt ASN1_STRING -structure if it is set or -.Dv NULL -if an error occurred. -.Pp -.Fn X509_NAME_ENTRY_set -returns the zero-based index of the RDN -.Fa ne -is used in, or 0 if -.Fa ne -is not yet used by any -.Vt X509_NAME -object. -.Pp -The -.Fn X509_NAME_ENTRY_set_object -function returns 1 if successful; -otherwise 0 is returned and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Pp -.Fn X509_NAME_ENTRY_set_data -returns 1 on success or 0 on error. -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Pp -.Fn X509_NAME_ENTRY_create_by_txt , -.Fn X509_NAME_ENTRY_create_by_NID , -and -.Fn X509_NAME_ENTRY_create_by_OBJ -return a valid -.Vt X509_NAME_ENTRY -structure on success or -.Dv NULL -if an error occurred. -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr OBJ_nid2obj 3 , -.Xr X509_NAME_add_entry 3 , -.Xr X509_NAME_get_entry 3 , -.Xr X509_NAME_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Pp -ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: Information -Technology Open Systems Interconnection The Directory: Models, -section 9.3: Relative distinguished name -.Sh HISTORY -.Fn X509_NAME_ENTRY_new -and -.Fn X509_NAME_ENTRY_free -first appeared in SSLeay 0.5.1. -.Fn X509_NAME_ENTRY_get_object , -.Fn X509_NAME_ENTRY_get_data , -.Fn X509_NAME_ENTRY_set_object , -.Fn X509_NAME_ENTRY_set_data , -.Fn X509_NAME_ENTRY_create_by_NID , -and -.Fn X509_NAME_ENTRY_create_by_OBJ -first appeared in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_NAME_ENTRY_create_by_txt -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn X509_NAME_ENTRY_set -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . -.Sh CAVEATS -Despite its name, -.Fn X509_NAME_ENTRY_set -does not set anything. -Something like -.Dq X509_NAME_ENTRY_get_set -would have been a better name. diff --git a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 deleted file mode 100644 index 56e1564a63..0000000000 --- a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ /dev/null @@ -1,281 +0,0 @@ -.\" $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.14 2019/06/14 13:59:32 schwarze Exp $ -.\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2005, 2006, 2013, 2014 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt X509_NAME_ADD_ENTRY_BY_TXT 3 -.Os -.Sh NAME -.Nm X509_NAME_add_entry_by_txt , -.Nm X509_NAME_add_entry_by_OBJ , -.Nm X509_NAME_add_entry_by_NID , -.Nm X509_NAME_add_entry , -.Nm X509_NAME_delete_entry -.Nd X509_NAME modification functions -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_NAME_add_entry_by_txt -.Fa "X509_NAME *name" -.Fa "const char *field" -.Fa "int type" -.Fa "const unsigned char *bytes" -.Fa "int len" -.Fa "int loc" -.Fa "int set" -.Fc -.Ft int -.Fo X509_NAME_add_entry_by_OBJ -.Fa "X509_NAME *name" -.Fa "const ASN1_OBJECT *obj" -.Fa "int type" -.Fa "const unsigned char *bytes" -.Fa "int len" -.Fa "int loc" -.Fa "int set" -.Fc -.Ft int -.Fo X509_NAME_add_entry_by_NID -.Fa "X509_NAME *name" -.Fa "int nid" -.Fa "int type" -.Fa "const unsigned char *bytes" -.Fa "int len" -.Fa "int loc" -.Fa "int set" -.Fc -.Ft int -.Fo X509_NAME_add_entry -.Fa "X509_NAME *name" -.Fa "const X509_NAME_ENTRY *ne" -.Fa "int loc" -.Fa "int set" -.Fc -.Ft X509_NAME_ENTRY * -.Fo X509_NAME_delete_entry -.Fa "X509_NAME *name" -.Fa "int loc" -.Fc -.Sh DESCRIPTION -.Fn X509_NAME_add_entry_by_txt , -.Fn X509_NAME_add_entry_by_OBJ , -and -.Fn X509_NAME_add_entry_by_NID -add a field whose name is defined by a string -.Fa field , -an object -.Fa obj -or a NID -.Fa nid , -respectively. -The field value to be added is in -.Fa bytes -of length -.Fa len . -If -.Fa len -is -1 then the field length is calculated internally using -.Fn strlen bytes . -.Pp -The type of field is determined by -.Fa type -which can either be a definition of the type of -.Fa bytes -(such as -.Dv MBSTRING_ASC ) -or a standard ASN.1 type (such as -.Dv V_ASN1_IA5STRING ) . -The new entry is added to a position determined by -.Fa loc -and -.Fa set . -.Pp -.Fn X509_NAME_add_entry -adds a copy of an -.Vt X509_NAME_ENTRY -structure -.Fa ne -to -.Fa name . -The new entry is added to a position determined by -.Fa loc -and -.Fa set . -Since a copy of -.Fa ne -is added, -.Fa ne -must be freed up after the call. -.Pp -.Fn X509_NAME_delete_entry -deletes an entry from -.Fa name -at position -.Fa loc . -The deleted entry is returned and must be freed up. -.Pp -The use of string types such as -.Dv MBSTRING_ASC -or -.Dv MBSTRING_UTF8 -is strongly recommended for the -.Fa type -parameter. -This allows the internal code to correctly determine the type of the -field and to apply length checks according to the relevant standards. -.Pp -If instead an ASN.1 type is used, no checks are performed and the supplied -data in -.Fa bytes -is used directly. -.Pp -In -.Fn X509_NAME_add_entry_by_txt -the -.Fa field -string represents the field name using -.Fn OBJ_txt2obj field 0 . -.Pp -The -.Fa loc -and -.Fa set -parameters determine where a new entry should be added. -For almost all applications, -.Fa loc -can be set to -1 and -.Fa set -to 0. -This adds a new entry to the end of -.Fa name -as a single valued -.Vt RelativeDistinguishedName -(RDN). -.Pp -.Fa loc -actually determines the index where the new entry is inserted: -if it is -1 it is appended. -.Pp -.Fa set -determines how the new type is added. -If it is zero a new RDN is created. -.Pp -If -.Fa set -is -1 or 1 it is added to the previous or next RDN structure -respectively. -This will then be a multivalued RDN: since multivalue RDNs are very -seldom used, -.Fa set -is almost always set to zero. -.Sh RETURN VALUES -.Fn X509_NAME_add_entry_by_txt , -.Fn X509_NAME_add_entry_by_OBJ , -.Fn X509_NAME_add_entry_by_NID , -and -.Fn X509_NAME_add_entry -return 1 for success or 0 if an error occurred. -.Pp -.Fn X509_NAME_delete_entry -returns either the deleted -.Vt X509_NAME_ENTRY -structure or -.Dv NULL -if an error occurred. -.Pp -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Sh EXAMPLES -Create an -.Vt X509_NAME -structure: -.Bd -literal -offset indent -C=UK, O=Disorganized Organization, CN=Joe Bloggs - -X509_NAME *nm; -nm = X509_NAME_new(); -if (nm == NULL) - /* Some error */ -if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, - "UK", -1, -1, 0)) - /* Error */ -if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, - "Disorganized Organization", -1, -1, 0)) - /* Error */ -if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, - "Joe Bloggs", -1, -1, 0)) - /* Error */ -.Ed -.Sh SEE ALSO -.Xr d2i_X509_NAME 3 , -.Xr X509_NAME_ENTRY_get_object 3 , -.Xr X509_NAME_get_index_by_NID 3 , -.Xr X509_NAME_new 3 -.Sh HISTORY -.Fn X509_NAME_add_entry -and -.Fn X509_NAME_delete_entry -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_NAME_add_entry_by_txt , -.Fn X509_NAME_add_entry_by_OBJ , -and -.Fn X509_NAME_add_entry_by_NID -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Sh BUGS -.Fa type -can still be set to -.Dv V_ASN1_APP_CHOOSE -to use a different algorithm to determine field types. -Since this form does not understand multicharacter types, performs -no length checks, and can result in invalid field types, its use -is strongly discouraged. diff --git a/src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 deleted file mode 100644 index ce0247b202..0000000000 --- a/src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ /dev/null @@ -1,256 +0,0 @@ -.\" $OpenBSD: X509_NAME_get_index_by_NID.3,v 1.12 2019/06/14 13:59:32 schwarze Exp $ -.\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2006, 2014, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt X509_NAME_GET_INDEX_BY_NID 3 -.Os -.Sh NAME -.Nm X509_NAME_get_index_by_NID , -.Nm X509_NAME_get_index_by_OBJ , -.Nm X509_NAME_entry_count , -.Nm X509_NAME_get_entry , -.Nm X509_NAME_get_text_by_NID , -.Nm X509_NAME_get_text_by_OBJ -.Nd X509_NAME lookup and enumeration functions -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_NAME_get_index_by_NID -.Fa "const X509_NAME *name" -.Fa "int nid" -.Fa "int lastpos" -.Fc -.Ft int -.Fo X509_NAME_get_index_by_OBJ -.Fa "const X509_NAME *name" -.Fa "const ASN1_OBJECT *obj" -.Fa "int lastpos" -.Fc -.Ft int -.Fo X509_NAME_entry_count -.Fa "const X509_NAME *name" -.Fc -.Ft X509_NAME_ENTRY * -.Fo X509_NAME_get_entry -.Fa "const X509_NAME *name" -.Fa "int loc" -.Fc -.Ft int -.Fo X509_NAME_get_text_by_NID -.Fa "X509_NAME *name" -.Fa "int nid" -.Fa "char *buf" -.Fa "int len" -.Fc -.Ft int -.Fo X509_NAME_get_text_by_OBJ -.Fa "X509_NAME *name" -.Fa "const ASN1_OBJECT *obj" -.Fa "char *buf" -.Fa "int len" -.Fc -.Sh DESCRIPTION -These functions allow an -.Vt X509_NAME -structure to be examined. -The -.Vt X509_NAME -structure is the same as the ASN.1 -.Vt Name -type defined in RFC 2459 (and elsewhere) and used, for example, -in certificate subject and issuer names. -.Pp -.Fn X509_NAME_get_index_by_NID -and -.Fn X509_NAME_get_index_by_OBJ -retrieve the next index matching -.Fa nid -or -.Fa obj -after -.Fa lastpos . -.Fa lastpos -should initially be set to -1. -.Pp -.Fn X509_NAME_get_entry -retrieves the -.Vt X509_NAME_ENTRY -from -.Fa name -corresponding to index -.Fa loc . -Acceptable values for -.Fa loc -run from 0 to -.Fn X509_NAME_entry_count name -- 1. -.Pp -.Fn X509_NAME_get_text_by_NID -and -.Fn X509_NAME_get_text_by_OBJ -retrieve the "text" from the first entry in -.Fa name -which matches -.Fa nid -or -.Fa obj . -At most -.Fa len -bytes will be written and the text written to -.Fa buf -will be NUL terminated. -If -.Fa buf -is -.Dv NULL , -nothing is written, but the return value is calculated as usual. -.Pp -All relevant -.Dv NID_* -and -.Dv OBJ_* -codes can be found in the header files -.In openssl/obj_mac.h -and -.In openssl/objects.h . -.Pp -Applications which could pass invalid NIDs to -.Fn X509_NAME_get_index_by_NID -should check for the return value of -2. -Alternatively the NID validity can be determined first by checking that -.Fn OBJ_nid2obj nid -is not -.Dv NULL . -.Sh RETURN VALUES -.Fn X509_NAME_get_index_by_NID -returns the index of the next matching entry, -1 if not found, or -2 if the -.Fa nid -does not correspond to a valid OID. -.Pp -.Fn X509_NAME_get_index_by_OBJ -returns the index of the next matching entry or -1 if not found. -.Pp -.Fn X509_NAME_entry_count -returns the total number of entries in -.Fa name . -.Pp -.Fn X509_NAME_get_entry -returns an internal pointer which must not be freed by the caller or -.Dv NULL -if the index is invalid. -.Pp -.Fn X509_NAME_get_text_by_NID -and -.Fn X509_NAME_get_text_by_OBJ -return the length of the output string written, not counting the -terminating NUL, or -1 if no match is found. -.Pp -In some cases of failure of -.Fn X509_NAME_get_index_by_NID -and -.Fn X509_NAME_get_text_by_NID , -the reason can be determined with -.Xr ERR_get_error 3 . -.Sh EXAMPLES -Process all entries: -.Bd -literal -int i; -X509_NAME_ENTRY *e; - -for (i = 0; i < X509_NAME_entry_count(nm); i++) { - e = X509_NAME_get_entry(nm, i); - /* Do something with e */ -} -.Ed -.Pp -Process all commonName entries: -.Bd -literal -int lastpos = -1; -X509_NAME_ENTRY *e; - -for (;;) { - lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); - if (lastpos == -1) - break; - e = X509_NAME_get_entry(nm, lastpos); - /* Do something with e */ -} -.Ed -.Sh SEE ALSO -.Xr d2i_X509_NAME 3 , -.Xr X509_NAME_ENTRY_get_object 3 , -.Xr X509_NAME_new 3 -.Sh HISTORY -These functions first appeared in SSLeay 0.8.0 -and have been available since -.Ox 2.4 . -.Sh CAVEATS -.Fn X509_NAME_get_text_by_NID -and -.Fn X509_NAME_get_text_by_OBJ -are legacy functions which have various limitations which make them of -minimal use in practice. -They can only find the first matching entry and will copy the contents -of the field verbatim: this can be highly confusing if the target is a -multicharacter string type like a -.Vt BMPString -or a -.Vt UTF8String . -.Pp -For a more general solution, -.Fn X509_NAME_get_index_by_NID -or -.Fn X509_NAME_get_index_by_OBJ -should be used, followed by -.Fn X509_NAME_get_entry -on any matching indices and then the various -.Vt X509_NAME_ENTRY -utility functions on the result. diff --git a/src/lib/libcrypto/man/X509_NAME_hash.3 b/src/lib/libcrypto/man/X509_NAME_hash.3 deleted file mode 100644 index 8766109525..0000000000 --- a/src/lib/libcrypto/man/X509_NAME_hash.3 +++ /dev/null @@ -1,97 +0,0 @@ -.\" $OpenBSD: X509_NAME_hash.3,v 1.3 2021/07/31 14:54:33 schwarze Exp $ -.\" -.\" Copyright (c) 2017, 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 31 2021 $ -.Dt X509_NAME_HASH 3 -.Os -.Sh NAME -.Nm X509_NAME_hash , -.Nm X509_issuer_name_hash , -.Nm X509_subject_name_hash , -.\" X509_issuer_and_serial_hash() is intentionally undocumented -.\" because it uses MD5 only and is unused in real-world code. -.Nm X509_NAME_hash_old , -.Nm X509_issuer_name_hash_old , -.Nm X509_subject_name_hash_old -.\" In the following line, "X.501" and "Name" are not typos. -.\" The "Name" type is defined in X.501, not in X.509. -.\" The type is called "Name" with capital "N", not "name". -.Nd calculate SHA-1 or MD5 hashes of X.501 Name objects -.Sh SYNOPSIS -.In openssl/x509.h -.Ft unsigned long -.Fn X509_NAME_hash "X509_NAME *name" -.Ft unsigned long -.Fn X509_issuer_name_hash "X509 *x" -.Ft unsigned long -.Fn X509_subject_name_hash "X509 *x" -.Ft unsigned long -.Fn X509_NAME_hash_old "X509_NAME *name" -.Ft unsigned long -.Fn X509_issuer_name_hash_old "X509 *x" -.Ft unsigned long -.Fn X509_subject_name_hash_old "X509 *x" -.Sh DESCRIPTION -.Fn X509_NAME_hash -calculates an -.Xr SHA1 3 -hash of the DER-encoded form of -.Fa name . -It is for example used by -.Xr X509_LOOKUP_hash_dir 3 -to locate certificate files in the file system. -.Pp -.Fn X509_issuer_name_hash -and -.Fn X509_subject_name_hash -are wrappers to calculate this hash of the issuer or subject name of -.Fa x , -respectively. -.Pp -.Fn X509_NAME_hash_old , -.Fn X509_issuer_name_hash_old , -and -.Fn X509_subject_name_hash_old -are variants that use MD5 instead of SHA-1. -.Sh RETURN VALUES -These functions return the hash value or 0 if an error occurs. -.Sh SEE ALSO -.Xr i2d_X509_NAME 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_LOOKUP_new 3 , -.Xr X509_NAME_digest 3 , -.Xr X509_NAME_new 3 -.Sh HISTORY -.Fn X509_subject_name_hash -first appeared in SSLeay 0.4.0, -.Fn X509_issuer_name_hash -in SSLeay 0.5.1, and -.Fn X509_NAME_hash -in SSLeay 0.8.0. -They were switched to hashing the DER representation of the name -rather than an ASCII rendering in SSLeay 0.9.0 and have all been -available since -.Ox 2.4 . -.Pp -They were switched to using SHA1 instead of MD5 in OpenSSL 1.0.0 and in -.Ox 4.9 . -.Pp -.Fn X509_NAME_hash_old , -.Fn X509_issuer_name_hash_old , -and -.Fn X509_subject_name_hash_old -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/X509_NAME_new.3 b/src/lib/libcrypto/man/X509_NAME_new.3 deleted file mode 100644 index 3a4786a9ae..0000000000 --- a/src/lib/libcrypto/man/X509_NAME_new.3 +++ /dev/null @@ -1,103 +0,0 @@ -.\" $OpenBSD: X509_NAME_new.3,v 1.9 2021/07/20 17:31:32 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 20 2021 $ -.Dt X509_NAME_NEW 3 -.Os -.Sh NAME -.Nm X509_NAME_new , -.Nm X509_NAME_free -.\" In the following line, "X.501" and "Name" are not typos. -.\" The "Name" type is defined in X.501, not in X.509. -.\" The type in called "Name" with capital "N", not "name". -.Nd X.501 Name object -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_NAME * -.Fn X509_NAME_new void -.Ft void -.Fn X509_NAME_free "X509_NAME *name" -.Sh DESCRIPTION -An X.501 -.Vt Name -is an ordered sequence of relative distinguished names. -A relative distinguished name is a set of key-value pairs; see -.Xr X509_NAME_ENTRY_new 3 -for details. -.Pp -Various X.509 structures contain X.501 -.Vt Name -substructures. -They are for example used for the issuers of certificates and -certificate revocation lists and for the subjects of certificates -and certificate requests. -.Pp -.Fn X509_NAME_new -allocates and initializes an empty -.Vt X509_NAME -object, representing an ASN.1 -.Vt Name -structure defined in RFC 5280 section 4.1.2.4. -Data can be added to such objects with the functions described in -.Xr X509_NAME_add_entry_by_txt 3 , -and they can be inspected with the functions described in -.Xr X509_NAME_get_index_by_NID 3 . -.Pp -.Fn X509_NAME_free -frees -.Fa name -and all the -.Vt X509_NAME_ENTRY -objects contained in it. -If -.Fa name -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -.Fn X509_NAME_new -returns a new -.Vt X509_NAME -object or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr d2i_X509_NAME 3 , -.Xr GENERAL_NAME_new 3 , -.Xr NAME_CONSTRAINTS_new 3 , -.Xr SSL_load_client_CA_file 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_NAME_add_entry_by_txt 3 , -.Xr X509_NAME_cmp 3 , -.Xr X509_NAME_digest 3 , -.Xr X509_NAME_ENTRY_new 3 , -.Xr X509_NAME_get_index_by_NID 3 , -.Xr X509_NAME_hash 3 , -.Xr X509_NAME_print_ex 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Pp -ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: -Information Technology \(en Open Systems Interconnection \(en -The Directory: Models, section 9: Names -.Sh HISTORY -.Fn X509_NAME_new -and -.Fn X509_NAME_free -appeared in SSLeay 0.4 or earlier and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_NAME_print_ex.3 b/src/lib/libcrypto/man/X509_NAME_print_ex.3 deleted file mode 100644 index 494066ff9c..0000000000 --- a/src/lib/libcrypto/man/X509_NAME_print_ex.3 +++ /dev/null @@ -1,286 +0,0 @@ -.\" $OpenBSD: X509_NAME_print_ex.3,v 1.11 2018/05/19 22:05:58 schwarze Exp $ -.\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 -.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2004, 2007, 2016, 2017 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 19 2018 $ -.Dt X509_NAME_PRINT_EX 3 -.Os -.Sh NAME -.Nm X509_NAME_print_ex , -.Nm X509_NAME_print_ex_fp , -.Nm X509_NAME_oneline , -.Nm X509_NAME_print -.Nd X509_NAME printing routines -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_NAME_print_ex -.Fa "BIO *out" -.Fa "const X509_NAME *nm" -.Fa "int indent" -.Fa "unsigned long flags" -.Fc -.Ft int -.Fo X509_NAME_print_ex_fp -.Fa "FILE *fp" -.Fa "const X509_NAME *nm" -.Fa "int indent" -.Fa "unsigned long flags" -.Fc -.Ft char * -.Fo X509_NAME_oneline -.Fa "const X509_NAME *a" -.Fa "char *buf" -.Fa "int size" -.Fc -.Ft int -.Fo X509_NAME_print -.Fa "BIO *bp" -.Fa "const X509_NAME *name" -.Fa "int obase" -.Fc -.Sh DESCRIPTION -.Fn X509_NAME_print_ex -prints a human readable version of -.Fa nm -to -.Vt BIO -.Fa out . -Each line (for multiline formats) is indented by -.Fa indent -spaces. -The output format can be extensively customised by use of the -.Fa flags -parameter. -.Pp -.Fn X509_NAME_print_ex_fp -is identical to -.Fn X509_NAME_print_ex -except the output is written to the -.Vt FILE -pointer -.Fa fp . -.Pp -.Fn X509_NAME_oneline -prints an ASCII version of -.Fa a -to -.Fa buf . -If -.Fa buf -is -.Dv NULL , -then a buffer is dynamically allocated and returned, and -.Fa size -is ignored. -Otherwise, at most -.Fa size -bytes will be written, including the ending NUL, and -.Fa buf -is returned. -.Pp -.Fn X509_NAME_print -prints out -.Fa name -to -.Fa bp -indenting each line by -.Fa obase -characters. -Multiple lines are used if the output (including indent) exceeds 80 -characters. -.Pp -The functions -.Fn X509_NAME_oneline -and -.Fn X509_NAME_print -are legacy functions which produce a non-standard output form. -They don't handle multi-character fields and have various quirks -and inconsistencies. -Their use is strongly discouraged in new applications. -.Pp -Although there are a large number of possible flags, for most purposes -.Dv XN_FLAG_ONELINE , -.Dv XN_FLAG_MULTILINE , -or -.Dv XN_FLAG_RFC2253 -will suffice. -As noted on the -.Xr ASN1_STRING_print_ex 3 -manual page, for UTF-8 terminals the -.Dv ASN1_STRFLGS_ESC_MSB -should be unset: so for example -.Dv XN_FLAG_ONELINE No & Pf ~ Dv ASN1_STRFLGS_ESC_MSB -would be used. -.Pp -The complete set of the flags supported by -.Dv X509_NAME_print_ex -is listed below. -.Pp -Several options can be OR'ed together. -.Pp -The options -.Dv XN_FLAG_SEP_COMMA_PLUS , -.Dv XN_FLAG_SEP_CPLUS_SPC , -.Dv XN_FLAG_SEP_SPLUS_SPC , -and -.Dv XN_FLAG_SEP_MULTILINE -determine the field separators to use. -Two distinct separators are used between distinct -.Vt RelativeDistinguishedName -components and separate values in the same RDN for a multi-valued RDN. -Multi-valued RDNs are currently very rare so the second separator -will hardly ever be used. -.Pp -.Dv XN_FLAG_SEP_COMMA_PLUS -uses comma and plus as separators. -.Dv XN_FLAG_SEP_CPLUS_SPC -uses comma and plus with spaces: -this is more readable that plain comma and plus. -.Dv XN_FLAG_SEP_SPLUS_SPC -uses spaced semicolon and plus. -.Dv XN_FLAG_SEP_MULTILINE -uses spaced newline and plus respectively. -.Pp -If -.Dv XN_FLAG_DN_REV -is set, the whole DN is printed in reversed order. -.Pp -The fields -.Dv XN_FLAG_FN_SN , -.Dv XN_FLAG_FN_LN , -.Dv XN_FLAG_FN_OID , -and -.Dv XN_FLAG_FN_NONE -determine how a field name is displayed. -It will use the short name (e.g. CN), the long name (e.g. commonName), -always use OID numerical form (normally OIDs are only used if the -field name is not recognised) and no field name, respectively. -.Pp -If -.Dv XN_FLAG_SPC_EQ -is set, then spaces will be placed around the -.Ql = -character separating field names and values. -.Pp -If -.Dv XN_FLAG_DUMP_UNKNOWN_FIELDS -is set, then the encoding of unknown fields is printed instead of the -values. -.Pp -If -.Dv XN_FLAG_FN_ALIGN -is set, then field names are padded to 20 characters: -this is only of use for multiline format. -.Pp -Additionally, all the options supported by -.Xr ASN1_STRING_print_ex 3 -can be used to control how each field value is displayed. -.Pp -In addition a number of options can be set for commonly used formats. -.Pp -.Dv XN_FLAG_RFC2253 -sets options which produce an output compatible with RFC 2253. -It is equivalent to -.Dv ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | -.Dv XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS . -.Pp -.Dv XN_FLAG_ONELINE -is a more readable one line format which is the same as: -.Dv ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | -.Dv XN_FLAG_SPC_EQ | XN_FLAG_FN_SN . -.Pp -.Dv XN_FLAG_MULTILINE -is a multiline format which is the same as: -.Dv ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | -.Dv XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN . -.Pp -.Dv XN_FLAG_COMPAT -uses a format identical to -.Fn X509_NAME_print : -in fact it calls -.Fn X509_NAME_print -internally. -.Sh RETURN VALUES -.Fn X509_NAME_print_ex -and -.Fn X509_NAME_print_ex_fp -return 1 on success or 0 on error if -.Dv XN_FLAG_COMPAT -is set in -.Fa flags . -Otherwise, they return the number of printed bytes including the -indentation or \-1 on error. -.Pp -.Fn X509_NAME_oneline -returns a valid string on success or -.Dv NULL -on error. -.Pp -.Fn X509_NAME_print -returns 1 on success or 0 on error. -.Sh SEE ALSO -.Xr ASN1_STRING_print_ex 3 , -.Xr d2i_X509_NAME 3 , -.Xr X509_NAME_get_index_by_NID 3 , -.Xr X509_NAME_new 3 -.Sh HISTORY -.Fn X509_NAME_oneline -and -.Fn X509_NAME_print -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_NAME_print_ex -and -.Fn X509_NAME_print_ex_fp -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . diff --git a/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 b/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 deleted file mode 100644 index ef3dbd1bba..0000000000 --- a/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 +++ /dev/null @@ -1,253 +0,0 @@ -.\" $OpenBSD: X509_OBJECT_get0_X509.3,v 1.11 2021/08/02 16:21:11 schwarze Exp $ -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 2 2021 $ -.Dt X509_OBJECT_GET0_X509 3 -.Os -.Sh NAME -.Nm X509_OBJECT_get_type , -.Nm X509_OBJECT_up_ref_count , -.Nm X509_OBJECT_free_contents , -.Nm X509_OBJECT_get0_X509 , -.Nm X509_OBJECT_get0_X509_CRL , -.Nm X509_OBJECT_idx_by_subject , -.Nm X509_OBJECT_retrieve_by_subject , -.Nm X509_OBJECT_retrieve_match -.Nd certificate, CRL, private key, and string wrapper for certificate stores -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft int -.Fo X509_OBJECT_get_type -.Fa "const X509_OBJECT *obj" -.Fc -.Ft int -.Fo X509_OBJECT_up_ref_count -.Fa "X509_OBJECT *obj" -.Fc -.Ft void -.Fo X509_OBJECT_free_contents -.Fa "X509_OBJECT *obj" -.Fc -.Ft X509 * -.Fo X509_OBJECT_get0_X509 -.Fa "const X509_OBJECT *obj" -.Fc -.Ft X509_CRL * -.Fo X509_OBJECT_get0_X509_CRL -.Fa "X509_OBJECT *obj" -.Fc -.Ft int -.Fo X509_OBJECT_idx_by_subject -.Fa "STACK_OF(X509_OBJECT) *stack" -.Fa "int type" -.Fa "X509_NAME *name" -.Fc -.Ft X509_OBJECT * -.Fo X509_OBJECT_retrieve_by_subject -.Fa "STACK_OF(X509_OBJECT) *stack" -.Fa "int type" -.Fa "X509_NAME *name" -.Fc -.Ft X509_OBJECT * -.Fo X509_OBJECT_retrieve_match -.Fa "STACK_OF(X509_OBJECT) *stack" -.Fa "X509_OBJECT *obj" -.Fc -.Sh DESCRIPTION -The -.Vt X509_OBJECT -structure is a shallow wrapper around one -.Vt X509 -certificate object, one -.Vt X509_CRL -certificate revocation list object, one -.Vt EVP_PKEY -private key object, or one -.Vt char * -string. -The type of object stored at any given time can be inspected with -.Fn X509_OBJECT_get_type . -.Pp -Each -.Vt X509_STORE -object uses one stack of -.Vt X509_OBJECT -structures as its main storage area. -.Pp -If -.Fa obj -contains an -.Vt X509 -certificate or an -.Vt X509_CRL -certificate revocation list, -.Fn X509_OBJECT_up_ref_count -increments the reference count of that inner object by 1. -Otherwise, no action occurs. -.Pp -If -.Fa obj -contains an -.Vt X509 -certificate, -.Fn X509_OBJECT_free_contents -calls -.Xr X509_free 3 -on that inner object. -If -.Fa obj -contains an -.Vt X509_CRL -certificate revocation list, it calls -.Xr X509_CRL_free 3 -on that inner list. -Otherwise, no action occurs. -.Fn X509_OBJECT_free_contents -does not free -.Fa obj -itself. -.Pp -If -.Fa type -is -.Dv X509_LU_X509 , -.Fn X509_OBJECT_idx_by_subject -and -.Fn X509_OBJECT_retrieve_by_subject -search the given -.Fa stack -for a certificate with the subject -.Fa name . -If -.Fa type -is -.Dv X509_LU_CRL , -they search for a certificate revocation list with the issuer -.Fa name -instead. -.Pp -If -.Fa obj -contains a certificate, -.Fn X509_OBJECT_retrieve_match -searches the given -.Fa stack -for a certificate with a matching subject name; -if it contains a certificate revocation list, it searches for a -certificate revocation list with a matching issuer name instead; -otherwise, it searches for an -.Vt X509_OBJECT -with a matching type. -.Sh RETURN VALUES -.Fn X509_OBJECT_get_type -returns -.Dv X509_LU_X509 -if -.Fa obj -contains a certificate, -.Dv X509_LU_CRL -if it contains a certificate revocation list, -or 0 if an error occurs. -.Pp -.Fn X509_OBJECT_up_ref_count -returns 1 on success and 0 on failure. -.Pp -.Fn X509_OBJECT_get0_X509 -returns an internal pointer to the certificate contained in -.Fa obj -or -.Dv NULL -if -.Fa obj -is -.Dv NULL -or contains no certificate. -.Pp -.Fn X509_OBJECT_get0_X509_CRL -returns an internal pointer to the certificate revocation list contained in -.Fa obj -or -.Dv NULL -if -.Fa obj -is -.Dv NULL -or contains no certificate revocation list. -.Pp -.Fn X509_OBJECT_idx_by_subject -returns the zero-based index of the first matching certificate -or revocation list in the -.Fa stack -or \-1 if -.Fa type -is neither -.Dv X509_LU_X509 -nor -.Dv X509_LU_CRL -or if no match is found. -.Pp -.Fn X509_OBJECT_retrieve_by_subject -returns the first matching certificate or revocation list in the -.Fa stack -or -.Dv NULL -if -.Fa type -is neither -.Dv X509_LU_X509 -nor -.Dv X509_LU_CRL -or if no match is found. -.Pp -.Fn X509_OBJECT_retrieve_match -returns the first mathching -.Vt X509_OBJECT -or -.Dv NULL -if -.Fa stack -or -.Fa obj -is -.Dv NULL -or no match is found. -.Sh SEE ALSO -.Xr X509_CRL_new 3 , -.Xr X509_LOOKUP_new 3 , -.Xr X509_NAME_new 3 , -.Xr X509_STORE_get0_objects 3 , -.Xr X509_STORE_get_by_subject 3 , -.Xr X509_STORE_load_locations 3 , -.Xr X509_STORE_new 3 -.Sh HISTORY -.Fn X509_OBJECT_up_ref_count -and -.Fn X509_OBJECT_free_contents -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_OBJECT_idx_by_subject , -.Fn X509_OBJECT_retrieve_by_subject , -and -.Fn X509_OBJECT_retrieve_match -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . -.Pp -.Fn X509_OBJECT_get_type , -.Fn X509_OBJECT_get0_X509 , -and -.Fn X509_OBJECT_get0_X509_CRL -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_PUBKEY_new.3 b/src/lib/libcrypto/man/X509_PUBKEY_new.3 deleted file mode 100644 index 69afcb5adb..0000000000 --- a/src/lib/libcrypto/man/X509_PUBKEY_new.3 +++ /dev/null @@ -1,368 +0,0 @@ -.\" $OpenBSD: X509_PUBKEY_new.3,v 1.16 2020/06/19 14:04:25 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 19 2020 $ -.Dt X509_PUBKEY_NEW 3 -.Os -.Sh NAME -.Nm X509_PUBKEY_new , -.Nm X509_PUBKEY_free , -.Nm X509_PUBKEY_set , -.Nm X509_PUBKEY_get0 , -.Nm X509_PUBKEY_get , -.Nm d2i_PUBKEY , -.Nm i2d_PUBKEY , -.Nm d2i_PUBKEY_bio , -.Nm d2i_PUBKEY_fp , -.Nm i2d_PUBKEY_fp , -.Nm i2d_PUBKEY_bio , -.Nm X509_PUBKEY_set0_param , -.Nm X509_PUBKEY_get0_param -.Nd X.509 SubjectPublicKeyInfo structure -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_PUBKEY * -.Fn X509_PUBKEY_new void -.Ft void -.Fo X509_PUBKEY_free -.Fa "X509_PUBKEY *a" -.Fc -.Ft int -.Fo X509_PUBKEY_set -.Fa "X509_PUBKEY **x" -.Fa "EVP_PKEY *pkey" -.Fc -.Ft EVP_PKEY * -.Fo X509_PUBKEY_get0 -.Fa "X509_PUBKEY *key" -.Fc -.Ft EVP_PKEY * -.Fo X509_PUBKEY_get -.Fa "X509_PUBKEY *key" -.Fc -.Ft EVP_PKEY * -.Fo d2i_PUBKEY -.Fa "EVP_PKEY **a" -.Fa "const unsigned char **pp" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PUBKEY -.Fa "EVP_PKEY *a" -.Fa "unsigned char **pp" -.Fc -.Ft EVP_PKEY * -.Fo d2i_PUBKEY_bio -.Fa "BIO *bp" -.Fa "EVP_PKEY **a" -.Fc -.Ft EVP_PKEY * -.Fo d2i_PUBKEY_fp -.Fa "FILE *fp" -.Fa "EVP_PKEY **a" -.Fc -.Ft int -.Fo i2d_PUBKEY_fp -.Fa "FILE *fp" -.Fa "EVP_PKEY *pkey" -.Fc -.Ft int -.Fo i2d_PUBKEY_bio -.Fa "BIO *bp" -.Fa "EVP_PKEY *pkey" -.Fc -.Ft int -.Fo X509_PUBKEY_set0_param -.Fa "X509_PUBKEY *pub" -.Fa "ASN1_OBJECT *aobj" -.Fa "int ptype" -.Fa "void *pval" -.Fa "unsigned char *penc" -.Fa "int penclen" -.Fc -.Ft int -.Fo X509_PUBKEY_get0_param -.Fa "ASN1_OBJECT **ppkalg" -.Fa "const unsigned char **pk" -.Fa "int *ppklen" -.Fa "X509_ALGOR **pa" -.Fa "X509_PUBKEY *pub" -.Fc -.Sh DESCRIPTION -The -.Vt X509_PUBKEY -structure represents the ASN.1 -.Vt SubjectPublicKeyInfo -structure defined in RFC 5280 section 4.1 and used in certificates -and certificate requests. -.Pp -.Fn X509_PUBKEY_new -allocates and initializes an -.Vt X509_PUBKEY -structure. -.Pp -.Fn X509_PUBKEY_free -frees up the -.Vt X509_PUBKEY -structure -.Fa a . -If -.Fa a -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn X509_PUBKEY_set -sets the public key in -.Pf * Fa x -to the public key contained in the -.Vt EVP_PKEY -structure -.Fa pkey . -If -.Pf * Fa x -is not -.Dv NULL , -any existing public key structure will be freed. -.Pp -.Fn X509_PUBKEY_get0 -returns the public key contained in -.Fa key . -The returned value is an internal pointer which must not be freed after use. -.Pp -.Fn X509_PUBKEY_get -is similar to -.Fn X509_PUBKEY_get0 -except that the reference -count on the returned key is incremented so it must be freed using -.Xr EVP_PKEY_free 3 -after use. -.Pp -.Fn d2i_PUBKEY -and -.Fn i2d_PUBKEY -decode and encode an -.Vt EVP_PKEY -structure using -.Vt SubjectPublicKeyInfo -format. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Fn d2i_PUBKEY_bio , -.Fn d2i_PUBKEY_fp , -.Fn i2d_PUBKEY_bio -and -.Fn i2d_PUBKEY_fp -are similar except they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn X509_PUBKEY_set0_param -sets the public key parameters of -.Fa pub . -The OID associated with the algorithm is set to -.Fa aobj . -The type of the algorithm parameters is set to -.Fa ptype -using the structure -.Fa pval . -The encoding of the public key itself is set to the -.Fa penclen -bytes contained in buffer -.Fa penc . -On success ownership of all the supplied parameters is passed to -.Fa pub -so they must not be freed after the call. -.Pp -.Fn X509_PUBKEY_get0_param -retrieves the public key parameters from -.Fa pub , -.Pf * Fa ppkalg -is set to the associated OID and the encoding consists of -.Pf * Fa ppklen -bytes at -.Pf * Fa pk , -and -.Pf * Fa pa -is set to the associated -.Vt AlgorithmIdentifier -for the public key. -If the value of any of these parameters is not required, -it can be set to -.Dv NULL . -All of the retrieved pointers are internal and must not be freed after -the call. -.Sh RETURN VALUES -If the allocation fails, -.Fn X509_PUBKEY_new -returns -.Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 . -Otherwise it returns a pointer to the newly allocated structure. -.Pp -.Fn X509_PUBKEY_get0 , -.Fn X509_PUBKEY_get , -.Fn d2i_PUBKEY , -.Fn d2i_PUBKEY_bio , -and -.Fn d2i_PUBKEY_fp -return a pointer to an -.Vt EVP_PKEY -structure or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_PUBKEY -returns the number of bytes successfully encoded or a negative value -if an error occurs. -.Pp -.Fn X509_PUBKEY_set , -.Fn X509_PUBKEY_set0_param , -.Fn X509_PUBKEY_get0_param , -.Fn i2d_PUBKEY_fp , -and -.Fn i2d_PUBKEY_bio -return 1 for success and 0 if an error occurred. -.Sh ERRORS -After failure of -.Fn X509_PUBKEY_get0 -or -.Fn X509_PUBKEY_get , -one of the following diagnostics can be retrieved with -.Xr ERR_get_error 3 , -.Xr ERR_GET_REASON 3 , -and -.Xr ERR_reason_error_string 3 : -.Bl -tag -width Ds -.It Dv X509_R_UNSUPPORTED_ALGORITHM Qq "unsupported algorithm" -The public key uses an algorithm unsupported by -.Xr EVP_PKEY_set_type 3 . -.It X509_R_METHOD_NOT_SUPPORTED Qq "method not supported" -While the algorithm is known to -.Xr EVP_PKEY_set_type 3 , -using it for decoding is not supported. -.It X509_R_PUBLIC_KEY_DECODE_ERROR Qq "public key decode error" -Decoding the public key failed. -.It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure" -Memory was exhausted when trying to allocate the new -.Vt EVP_PKEY -object. -.El -.Pp -If -.Fa key -is -.Dv NULL -or does not contain a public key, -these functions fail but no error is pushed onto the stack. -.Sh SEE ALSO -.Xr d2i_X509 3 , -.Xr EVP_PKEY_asn1_set_public 3 , -.Xr X509_ALGOR_new 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn X509_PUBKEY_new -and -.Fn X509_PUBKEY_free -appeared in SSLeay 0.4 or earlier. -.Fn X509_PUBKEY_set -and -.Fn X509_PUBKEY_get -first appeared in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn d2i_PUBKEY -and -.Fn i2d_PUBKEY -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn d2i_PUBKEY_bio , -.Fn d2i_PUBKEY_fp , -.Fn i2d_PUBKEY_fp , -and -.Fn i2d_PUBKEY_bio -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . -.Pp -.Fn X509_PUBKEY_set0_param -and -.Fn X509_PUBKEY_get0_param -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Pp -.Fn X509_PUBKEY_get0 -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_PURPOSE_set.3 b/src/lib/libcrypto/man/X509_PURPOSE_set.3 deleted file mode 100644 index 1f723e9b9f..0000000000 --- a/src/lib/libcrypto/man/X509_PURPOSE_set.3 +++ /dev/null @@ -1,295 +0,0 @@ -.\" $OpenBSD: X509_PURPOSE_set.3,v 1.1 2021/07/23 14:27:32 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 23 2021 $ -.Dt X509_PURPOSE_SET 3 -.Os -.Sh NAME -.Nm X509_PURPOSE_set , -.Nm X509_PURPOSE_get_by_id , -.Nm X509_PURPOSE_add , -.Nm X509_PURPOSE_get_count , -.Nm X509_PURPOSE_cleanup , -.Nm X509_PURPOSE_get0 , -.Nm X509_PURPOSE_get_by_sname , -.Nm X509_PURPOSE_get_id , -.Nm X509_PURPOSE_get0_name , -.Nm X509_PURPOSE_get0_sname , -.Nm X509_PURPOSE_get_trust -.Nd purpose objects, indices, and identifiers -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft int -.Fo X509_PURPOSE_set -.Fa "int *id_out" -.Fa "int id_in" -.Fc -.Ft int -.Fn X509_PURPOSE_get_by_id "int identifier" -.Ft int -.Fo X509_PURPOSE_add -.Fa "int identifier" -.Fa "int trust" -.Fa "int flags" -.Fa "int (*check_purpose)(const X509_PURPOSE *, const X509 *, int)" -.Fa "const char *name" -.Fa "const char *sname" -.Fa "void *usr_data" -.Fc -.Ft int -.Fn X509_PURPOSE_get_count void -.Ft void -.Fn X509_PURPOSE_cleanup void -.Ft X509_PURPOSE * -.Fn X509_PURPOSE_get0 "int index" -.Ft int -.Fn X509_PURPOSE_get_by_sname "const char *sname" -.Ft int -.Fn X509_PURPOSE_get_id "const X509_PURPOSE *object" -.Ft char * -.Fn X509_PURPOSE_get0_name "const X509_PURPOSE *object" -.Ft char * -.Fn X509_PURPOSE_get0_sname "const X509_PURPOSE *object" -.Ft int -.Fn X509_PURPOSE_get_trust "const X509_PURPOSE *object" -.Sh DESCRIPTION -The purposes that an X.509 certificate is intended to be used for -can be identified in three equivalent ways: -.Bl -enum -.It -By purpose identifiers, which are positive integer constants. -Standard purpose identifiers lie in the range from -.Dv X509_PURPOSE_MIN -to -.Dv X509_PURPOSE_MAX , -inclusive, and are listed in the -.Xr X509_check_purpose 3 -manual page. -User defined purpose identifiers are larger than -.Dv X509_PURPOSE_MAX . -.It -By purpose indices, which are non-negative integer constants -but differ from the purpose identifiers for the same purpose. -Standard purpose indices are smaller than -.Dv X509_PURPOSE_MAX . -User defined purpose indices are larger than or equal to -.Dv X509_PURPOSE_MAX . -.It -By purpose objects of the type -.Vt X509_PURPOSE . -Standard purpose objects are available in static storage. -User defined purpose objects can be created with -.Fn X509_PURPOSE_add . -.El -.Pp -Application programmers cannot choose the way to identify purposes -that they like best; depending on the circumstances, all three ways -are needed. -Be warned that the naming of most functions is misleading. -.Pp -Most API functions documented outside the present manual page -use purpose identifiers rather than purpose indices. -.Ss Using purpose identifiers -.Fn X509_PURPOSE_set -validates the purpose identifier -.Fa id_in . -If it is valid, it is copied to -.Pf * Fa id_out . -Otherwise, -.Pf * Fa id_out -remains unchanged. -.Pp -.Fn X509_PURPOSE_get_by_id -converts the purpose -.Fa identifier -to the corresponding purpose index. -To find the corresponding purpose object, pass the result to -.Fn X509_PURPOSE_get0 . -.Pp -.Fn X509_PURPOSE_add -defines a purpose with the given -.Fa identifier -or modifies its properties if it already exists. -The purpose -.Fa identifier , -the -.Fa trust -identifier, the -.Fa flags , -the -.Fa check_purpose -function, the -.Fa name , -the short name -.Fa sname , -and the -.Fa usr_data -pointer are copied into the -.Vt X509_PURPOSE -object. -When modifying an existing purpose object, previous values of fields are -overwritten and previous -.Fa name -and -.Fa sname -strings are freed if they were dynamically allocated. -When creating a new purpose object, -it is added to the global array of user-defined purpose objects. -.Pp -.Dv X509_PURPOSE_DYNAMIC -and -.Dv X509_PURPOSE_DYNAMIC_NAME -are always ignored in the -.Fa flags -argument. -.Dv X509_PURPOSE_DYNAMIC -is automatically set if the object was created by the user. -It is never set for standard objects, not even if they were -modified by the user. -.Dv X509_PURPOSE_DYNAMIC_NAME -is automatically set if the object was created or modified by the user. -It is only unset for unmodified standard objects. -The library does not appear to define any other flags, so the -.Fa flags -argument is probably useless unless users define their own flags -and use them in the -.Fa check_purpose -function. -.Pp -The third and final argument of the -.Fa check_purpose -function is the -.Fa ca -argument documented in -.Xr X509_check_purpose 3 . -.Pp -.Fn X509_PURPOSE_get_count -returns the total number of purposes currently defined, -including both standard and user-defined purposes. -If no user-defined purposes exist, the returned value is -.Dv X509_PURPOSE_MAX . -.Pp -.Fn X509_PURPOSE_cleanup -deletes all user-defined purpose objects -and invalidates their purpose identifiers and purpose indices. -If any of the standard purpose objects were modified by the user, -those changes are -.Em not -reverted. -.Ss Using purpose indices -.Fn X509_PURPOSE_get0 -converts the purpose -.Fa index -to a pointer to the corresponding purpose object. -To find the corresponding purpose identifier, pass the result to -.Fn X509_PURPOSE_get_id . -.Pp -.Fn X509_PURPOSE_get_by_sname -returns the lowest index of a purpose with the given short name. -.Ss Using purpose objects -.Fn X509_PURPOSE_get_id -converts a pointer to a purpose -.Fa object -to the corresponding purpose identifier. -To find the corresponding purpose index, pass the result to -.Fn X509_PURPOSE_get_by_id . -.Pp -.Fn X509_PURPOSE_get0_name , -.Fn X509_PURPOSE_get0_sname , -and -.Fn X509_PURPOSE_get_trust -retrieve the name, short name, and trust identifier from the -.Fa object , -respectively. -.Sh RETURN VALUES -.Fn X509_PURPOSE_set -returns 1 if -.Fa id_in -is valid or 0 otherwise. -.Pp -.Fn X509_PURPOSE_get_by_id -and -.Fn X509_PURPOSE_get_by_sname -return the corresponding purpose index -or \-1 if no matching purpose is found. -.Pp -.Fn X509_PURPOSE_add -returns 1 for success or 0 for failure. -.Pp -.Fn X509_PURPOSE_get_count -returns the total number of purposes currently defined. -.Pp -.Fn X509_PURPOSE_get0 -returns a standard or user-defined purpose object or -.Dv NULL -if the -.Fa index -is invalid. -.Pp -.Fn X509_PURPOSE_get_id -always returns a valid purpose identifier. -.Pp -.Fn X509_PURPOSE_get0_name -and -.Fn X509_PURPOSE_get0_sname -return pointers to storage owned by the -.Fa object . -.Pp -.Fn X509_PURPOSE_get_trust -returns the trust identifier associated with the -.Fa object . -.Sh ERRORS -The following diagnostics can be retrieved with -.Xr ERR_get_error 3 , -.Xr ERR_GET_REASON 3 , -and -.Xr ERR_reason_error_string 3 : -.Bl -tag -width Ds -.It Dv X509V3_R_INVALID_PURPOSE Qq "invalid purpose" -.Fn X509_PURPOSE_set -was called with an invalid -.Fa id_in -argument. -.It Dv X509V3_R_INVALID_NULL_ARGUMENT Qq "invalid null argument" -.Fn X509_PURPOSE_add -was called with a -.Fa name -or -.Fa sname -argument of -.Dv NULL . -.It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure" -.Fn X509_PURPOSE_add -failed to allocate memory. -.El -.Pp -The other functions provide no diagnostics. -.Sh SEE ALSO -.Xr X509_check_purpose 3 , -.Xr X509_new 3 , -.Xr X509_STORE_set_purpose 3 , -.Xr X509_VERIFY_PARAM_set_purpose 3 -.Sh HISTORY -.Fn X509_PURPOSE_set -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . -.Pp -The other functions first appeared in OpenSSL 0.9.5 -and have been available since -.Ox 2.7 . -.Sh CAVEATS -The difference between purpose identifiers and purpose indices provides -an ideal breeding ground for off-by-one bugs. diff --git a/src/lib/libcrypto/man/X509_REQ_new.3 b/src/lib/libcrypto/man/X509_REQ_new.3 deleted file mode 100644 index 26460048d3..0000000000 --- a/src/lib/libcrypto/man/X509_REQ_new.3 +++ /dev/null @@ -1,105 +0,0 @@ -.\" $OpenBSD: X509_REQ_new.3,v 1.6 2019/06/06 01:06:59 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt X509_REQ_NEW 3 -.Os -.Sh NAME -.Nm X509_REQ_new , -.Nm X509_REQ_free , -.Nm X509_REQ_INFO_new , -.Nm X509_REQ_INFO_free -.Nd PKCS#10 certification requests -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_REQ * -.Fn X509_REQ_new void -.Ft void -.Fn X509_REQ_free "X509_REQ *req" -.Ft X509_REQ_INFO * -.Fn X509_REQ_INFO_new void -.Ft void -.Fn X509_REQ_INFO_free "X509_REQ_INFO *req_info" -.Sh DESCRIPTION -.Fn X509_REQ_new -allocates and initializes an empty -.Vt X509_REQ -object, representing an ASN.1 -.Vt CertificationRequest -structure defined in RFC 2986 section 4.2. -It can hold a pointer to an -.Vt X509_REQ_INFO -object discussed below together with a cryptographic signature and -information about the signature algorithm used. -.Fn X509_REQ_free -frees -.Fa req . -If -.Fa req -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn X509_REQ_INFO_new -allocates and initializes an empty -.Vt X509_REQ_INFO -object, representing an ASN.1 -.Vt CertificationRequestInfo -structure defined in RFC 2986 section 4.1. -It is used inside the -.Vt X509_REQ -object and can hold the subject and the public key of the requested -certificate and additional attributes. -.Fn X509_REQ_INFO_free -frees -.Fa req_info . -If -.Fa req_info -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -.Fn X509_REQ_new -and -.Fn X509_REQ_INFO_new -return the new -.Vt X509_REQ -or -.Vt X509_REQ_INFO -object, respectively, or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_X509_REQ 3 , -.Xr PEM_read_X509_REQ 3 , -.Xr X509_new 3 , -.Xr X509_REQ_check_private_key 3 , -.Xr X509_REQ_digest 3 , -.Xr X509_REQ_get0_signature 3 , -.Xr X509_REQ_get_pubkey 3 , -.Xr X509_REQ_get_subject_name 3 , -.Xr X509_REQ_get_version 3 , -.Xr X509_REQ_sign 3 -.Sh STANDARDS -RFC 2986: PKCS #10: Certification Request Syntax Specification -.Sh HISTORY -.Fn X509_REQ_new , -.Fn X509_REQ_free , -.Fn X509_REQ_INFO_new , -and -.Fn X509_REQ_INFO_free -first appeared in SSLeay 0.4.4 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_REVOKED_new.3 b/src/lib/libcrypto/man/X509_REVOKED_new.3 deleted file mode 100644 index c1a50d1c9a..0000000000 --- a/src/lib/libcrypto/man/X509_REVOKED_new.3 +++ /dev/null @@ -1,213 +0,0 @@ -.\" $OpenBSD: X509_REVOKED_new.3,v 1.12 2021/07/19 13:16:43 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL man3/X509_CRL_get0_by_serial cdd6c8c5 Mar 20 12:29:37 2017 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 19 2021 $ -.Dt X509_REVOKED_NEW 3 -.Os -.Sh NAME -.Nm X509_REVOKED_new , -.Nm X509_REVOKED_dup , -.Nm X509_REVOKED_free , -.Nm X509_REVOKED_get0_serialNumber , -.Nm X509_REVOKED_get0_revocationDate , -.Nm X509_REVOKED_set_serialNumber , -.Nm X509_REVOKED_set_revocationDate -.Nd create, change, and inspect an X.509 CRL revoked entry -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_REVOKED * -.Fn X509_REVOKED_new void -.Ft X509_REVOKED * -.Fo X509_REVOKED_dup -.Fa "X509_REVOKED *r" -.Fc -.Ft void -.Fn X509_REVOKED_free "X509_REVOKED *r" -.Ft const ASN1_INTEGER * -.Fo X509_REVOKED_get0_serialNumber -.Fa "const X509_REVOKED *r" -.Fc -.Ft const ASN1_TIME * -.Fo X509_REVOKED_get0_revocationDate -.Fa "const X509_REVOKED *r" -.Fc -.Ft int -.Fo X509_REVOKED_set_serialNumber -.Fa "X509_REVOKED *r" -.Fa "ASN1_INTEGER *serial" -.Fc -.Ft int -.Fo X509_REVOKED_set_revocationDate -.Fa "X509_REVOKED *r" -.Fa "ASN1_TIME *tm" -.Fc -.Sh DESCRIPTION -.Fn X509_REVOKED_new -allocates and initializes an empty -.Vt X509_REVOKED -object, representing one of the elements of -the revokedCertificates field of the ASN.1 -.Vt TBSCertList -structure defined in RFC 5280 section 5.1. -It is used by -.Vt X509_CRL -objects and can hold information about one revoked certificate -including issuer names, serial number, revocation date, and revocation -reason. -.Pp -.Fn X509_REVOKED_dup -creates a deep copy of -.Fa r . -.Pp -.Fn X509_REVOKED_free -frees -.Fa r . -.Pp -.Fn X509_REVOKED_set_serialNumber -sets the serial number of -.Fa r -to -.Fa serial . -The supplied -.Fa serial -pointer is not used internally so it should be freed up after use. -.Pp -.Fn X509_REVOKED_set_revocationDate -sets the revocation date of -.Fa r -to -.Fa tm . -The supplied -.Fa tm -pointer is not used internally so it should be freed up after use. -.Sh RETURN VALUES -The -.Fn X509_REVOKED_new -function returns the new -.Vt X509_REVOKED -object if successful; otherwise -.Dv NULL -is returned and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Pp -.Fn X509_REVOKED_dup -return the new -.Vt X509_REVOKED -object or -.Dv NULL -if an error occurs. -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Pp -.Fn X509_REVOKED_get0_serialNumber -returns an internal pointer to the serial number of -.Fa r . -.Pp -.Fn X509_REVOKED_get0_revocationDate -returns an internal pointer to the revocation date of -.Fa r . -.Pp -.Fn X509_REVOKED_set_serialNumber -and -.Fn X509_REVOKED_set_revocationDate -return 1 for success or 0 for failure. -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr d2i_X509_CRL 3 , -.Xr PEM_read_X509_CRL 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_new 3 , -.Xr X509_CRL_print 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_REVOKED_get_ext 3 , -.Xr X509_REVOKED_get_ext_d2i 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, section 5.1: CRL Fields -.Sh HISTORY -.Fn X509_REVOKED_new -and -.Fn X509_REVOKED_free -first appeared in SSLeay 0.4.4 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_REVOKED_set_serialNumber -and -.Fn X509_REVOKED_set_revocationDate -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn X509_REVOKED_dup -first appeared in OpenSSL 1.0.2. -.Fn X509_REVOKED_get0_serialNumber -and -.Fn X509_REVOKED_get0_revocationDate -first appeared in OpenSSL 1.1.0. -These functions have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_SIG_new.3 b/src/lib/libcrypto/man/X509_SIG_new.3 deleted file mode 100644 index 79a7125202..0000000000 --- a/src/lib/libcrypto/man/X509_SIG_new.3 +++ /dev/null @@ -1,67 +0,0 @@ -.\" $OpenBSD: X509_SIG_new.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt X509_SIG_NEW 3 -.Os -.Sh NAME -.Nm X509_SIG_new , -.Nm X509_SIG_free -.Nd PKCS#7 digest information -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_SIG * -.Fn X509_SIG_new void -.Ft void -.Fn X509_SIG_free "X509_SIG *sig" -.Sh DESCRIPTION -.Fn X509_SIG_new -allocates and initializes an empty -.Vt X509_SIG -object, representing an ASN.1 -.Vt DigestInfo -structure defined in RFC 2315 section 9.4 -and equivalently in RFC 8017 section 9.2. -It can hold a message digest together with information about -the algorithm used. -.Pp -.Fn X509_SIG_free -frees -.Fa sig . -.Sh RETURN VALUES -.Fn X509_SIG_new -returns the new -.Vt X509_SIG -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr d2i_X509_SIG 3 , -.Xr PEM_read_PKCS8 3 , -.Xr RSA_sign 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 2315: PKCS #7: Cryptographic Message Syntax, -section 9: Signed-data content type -.Pp -RFC 8017: PKCS #1: RSA Cryptography Specifications, -section 9: Encoding Methods for Signatures -.Sh HISTORY -.Fn X509_SIG_new -and -.Fn X509_SIG_free -appeared in SSLeay 0.4 or earlier and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 deleted file mode 100644 index c97e60330b..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ /dev/null @@ -1,508 +0,0 @@ -.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.18 2021/07/29 09:14:23 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL crypto/X509_STORE_CTX_get_error f0e0fd51 Apr 14 23:59:26 2016 -0400 -.\" selective merge up to: -.\" OpenSSL man3/X509_STORE_CTX_get_error 24a535ea Sep 22 13:14:20 2020 +0100 -.\" OpenSSL man3/X509_STORE_CTX_new 24a535ea Sep 22 13:14:20 2020 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson -.\" and Rich Salz . -.\" Copyright (c) 2009, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 29 2021 $ -.Dt X509_STORE_CTX_GET_ERROR 3 -.Os -.Sh NAME -.Nm X509_STORE_CTX_get_error , -.Nm X509_STORE_CTX_set_error , -.Nm X509_STORE_CTX_get_error_depth , -.Nm X509_STORE_CTX_get_current_cert , -.Nm X509_STORE_CTX_get0_current_issuer , -.Nm X509_STORE_CTX_get0_current_crl , -.Nm X509_STORE_CTX_get0_parent_ctx , -.Nm X509_STORE_CTX_get0_chain , -.Nm X509_STORE_CTX_get_chain , -.Nm X509_STORE_CTX_get1_chain , -.Nm X509_STORE_CTX_get0_policy_tree , -.Nm X509_STORE_CTX_get_explicit_policy , -.Nm X509_verify_cert_error_string -.Nd get or set certificate verification status information -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft int -.Fo X509_STORE_CTX_get_error -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft void -.Fo X509_STORE_CTX_set_error -.Fa "X509_STORE_CTX *ctx" -.Fa "int s" -.Fc -.Ft int -.Fo X509_STORE_CTX_get_error_depth -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft X509 * -.Fo X509_STORE_CTX_get_current_cert -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft X509 * -.Fo X509_STORE_CTX_get0_current_issuer -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft X509_CRL * -.Fo X509_STORE_CTX_get0_current_crl -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft X509_STORE_CTX * -.Fo X509_STORE_CTX_get0_parent_ctx -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft STACK_OF(X509) * -.Fo X509_STORE_CTX_get0_chain -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft STACK_OF(X509) * -.Fo X509_STORE_CTX_get_chain -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft STACK_OF(X509) * -.Fo X509_STORE_CTX_get1_chain -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft X509_POLICY_TREE * -.Fo X509_STORE_CTX_get0_policy_tree -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft int -.Fo X509_STORE_CTX_get_explicit_policy -.Fa "X509_STORE_CTX *ctx" -.Fc -.In openssl/x509.h -.Ft const char * -.Fo X509_verify_cert_error_string -.Fa "long n" -.Fc -.Sh DESCRIPTION -Most of these functions are typically called after -.Xr X509_verify_cert 3 -to inspect status information related to certificate verification. -Some may also be called in a verification callback to determine the -nature of an error. -.Pp -.Fn X509_STORE_CTX_get_error -returns the error code of -.Fa ctx . -See the -.Sy ERROR CODES -section for a full description of all error codes. -.Pp -.Fn X509_STORE_CTX_set_error -sets the error code of -.Fa ctx -to -.Fa s . -For example it might be used in a verification callback to set an error -based on additional checks. -.Pp -.Fn X509_STORE_CTX_get_error_depth -returns the depth of the error. -This is a non-negative integer representing where in the certificate -chain the error occurred. -If it is zero, it occurred in the end entity certificate, one if it is -the certificate which signed the end entity certificate, and so on. -.Pp -.Fn X509_STORE_CTX_get_current_cert -returns the certificate in -.Fa ctx -which caused the error or -.Dv NULL -if no certificate is relevant. -.Pp -.Fn X509_STORE_CTX_get0_current_issuer -returns the certificate that caused issuer validation to fail or -.Dv NULL -if no CA certificate is relevant. -.Pp -.Fn X509_STORE_CTX_get0_current_crl -returns the certificate revocation list that caused CRL checking to fail or -.Dv NULL -if no CRL is relevant. -.Pp -When, during certification path validation, the need arises to check -the validity of the certification path of a CRL issuer certificate, -the library creates a new, temporary -.Vt X509_STORE_CTX -object. -If -.Fn X509_STORE_CTX_get0_parent_ctx -is called on that temporary object, a pointer to the original -certification path validation context is returned. -This may be useful in callback functions called from -.Xr X509_verify_cert 3 -or from its subroutines to find out whether the callback is called -from the path validation of the target certificate or from the path -validation of a related CRL issuer certificate, and if the latter, -what the target certificate is. -.Pp -.Fn X509_STORE_CTX_get0_chain -returns an internal pointer to a complete validate chain -if a previous call to -.Xr X509_verify_cert 3 -was successful. -If the call to -.Xr X509_verify_cert 3 -was not successful, the returned chain may be incomplete or invalid. -.Fn X509_STORE_CTX_get_chain -is a deprecated alias of -.Fn X509_STORE_CTX_get0_chain . -.Fn X509_STORE_CTX_get1_chain -returns a deep copy of the same chain which persists even after the -.Fa ctx -structure is freed. -When it is no longer needed, it should be freed using -.Fn sk_X509_pop_free chain X509_free . -.Pp -.Fn X509_verify_cert_error_string -returns a human readable error string for verification error -.Fa n . -.Pp -The above functions should be used instead of directly referencing the -fields in the -.Sy X509_VERIFY_CTX -structure. -.Pp -In versions of OpenSSL before 1.0, the current certificate returned by -.Fn X509_STORE_CTX_get_current_cert -was never -.Dv NULL . -Applications should check the return value before printing out any -debugging information relating to the current certificate. -.Pp -If an unrecognised error code is passed to -.Fn X509_verify_cert_error_string , -the numerical value of the unknown code is returned in a static buffer. -This is not thread safe but will never happen unless an invalid code is -passed. -.Sh RETURN VALUES -.Fn X509_STORE_CTX_get_error -returns -.Dv X509_V_OK -or an error code. -.Pp -.Fn X509_STORE_CTX_get_error_depth -returns a non-negative error depth. -.Pp -.Fn X509_STORE_CTX_get_current_cert , -.Fn X509_STORE_CTX_get0_current_issuer , -and -.Fn X509_STORE_CTX_get0_current_crl -return the object which caused the error or -.Dv NULL -if no object of the requested kind is relevant to the error. -.Pp -.Fn X509_STORE_CTX_get0_parent_ctx -returns the parent context or -.Dv NULL -if -.Fa ctx -is not a temporary child context -used for path validation of a CRL issuer certificate. -.Pp -.Fn X509_STORE_CTX_get0_chain , -.Fn X509_STORE_CTX_get_chain , -and -.Fn X509_STORE_CTX_get1_chain -return a pointer to a stack of certificates or -.Dv NULL -if an error occurs. -.Pp -.Fn X509_STORE_CTX_get0_policy_tree -returns an internal pointer to the -.Fa valid_policy_tree -created by -.Xr X509_policy_check 3 -or -.Dv NULL -if validation failed or the resulting tree was empty. -.Pp -.Fn X509_STORE_CTX_get_explicit_policy -returns the -.Pf * Fa pexplicit_policy -output argument of -.Xr X509_policy_check 3 . -If validation succeeded, it is 1 if -.Dv X509_V_FLAG_EXPLICIT_POLICY -was requested or 0 otherwise. -.Pp -.Fn X509_verify_cert_error_string -returns a human readable error string for verification error -.Fa n . -.Sh ERROR CODES -A list of error codes and messages is shown below. -Some of the error codes are defined but currently never returned: -these are described as "unused". -.Bl -tag -width Ds -.It Dv X509_V_OK : No ok -The operation was successful. -.It Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT : \ - No unable to get issuer certificate -The issuer certificate of a locally looked up certificate could not be found. -This normally means the list of trusted certificates is not complete. -.It Dv X509_V_ERR_UNABLE_TO_GET_CRL : No unable to get certificate CRL -The CRL of a certificate could not be found. -.It Dv X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE : \ - No unable to decrypt certificate's signature -The certificate signature could not be decrypted. -This means that the actual signature value could not be determined -rather than it not matching the expected value. -This is only meaningful for RSA keys. -.It Dv X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE : \ - No unable to decrypt CRL's signature -The CRL signature could not be decrypted: this means that the actual -signature value could not be determined rather than it not matching the -expected value. -Unused. -.It Dv X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY : \ - No unable to decode issuer public key -The public key in the certificate -.Vt SubjectPublicKeyInfo -could not be read. -.It Dv X509_V_ERR_CERT_SIGNATURE_FAILURE : No certificate signature failure -The signature of the certificate is invalid. -.It Dv X509_V_ERR_CRL_SIGNATURE_FAILURE : No CRL signature failure -The signature of the certificate is invalid. -.It Dv X509_V_ERR_CERT_NOT_YET_VALID : No certificate is not yet valid -The certificate is not yet valid: the notBefore date is after the -current time. -.It Dv X509_V_ERR_CERT_HAS_EXPIRED : No certificate has expired -The certificate has expired: that is the notAfter date is before the -current time. -.It Dv X509_V_ERR_CRL_NOT_YET_VALID : No CRL is not yet valid -The CRL is not yet valid. -.It Dv X509_V_ERR_CRL_HAS_EXPIRED : No CRL has expired -The CRL has expired. -.It Dv X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD : \ - No format error in certificate's notBefore field -The certificate notBefore field contains an invalid time. -.It Dv X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD : \ - No format error in certificate's notAfter field -The certificate notAfter field contains an invalid time. -.It Dv X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD : \ - No format error in CRL's lastUpdate field -The CRL lastUpdate field contains an invalid time. -.It Dv X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD : \ - No format error in CRL's nextUpdate field -The CRL nextUpdate field contains an invalid time. -.It Dv X509_V_ERR_OUT_OF_MEM : No out of memory -An error occurred trying to allocate memory. -This should never happen. -.It Dv X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT : No self signed certificate -The passed certificate is self signed and the same certificate cannot be -found in the list of trusted certificates. -.It Dv X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN : \ - No self signed certificate in certificate chain -The certificate chain could be built up using the untrusted certificates -but the root could not be found locally. -.It Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY : \ - No unable to get local issuer certificate -The issuer certificate could not be found: this occurs if the issuer -certificate of an untrusted certificate cannot be found. -.It Dv X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE : \ - No unable to verify the first certificate -No signatures could be verified because the chain contains only one -certificate and it is not self signed. -.It Dv X509_V_ERR_CERT_CHAIN_TOO_LONG : No certificate chain too long -The certificate chain length is greater than the supplied maximum depth. -Unused. -.It Dv X509_V_ERR_CERT_REVOKED : No certificate revoked -The certificate has been revoked. -.It Dv X509_V_ERR_INVALID_CA : No invalid CA certificate -A CA certificate is invalid. -Either it is not a CA or its extensions are not consistent with the -supplied purpose. -.It Dv X509_V_ERR_PATH_LENGTH_EXCEEDED : No path length constraint exceeded -The basicConstraints path-length parameter has been exceeded. -.It Dv X509_V_ERR_INVALID_PURPOSE : No unsupported certificate purpose -The supplied certificate cannot be used for the specified purpose. -.It Dv X509_V_ERR_CERT_UNTRUSTED : No certificate not trusted -The root CA is not marked as trusted for the specified purpose. -.It Dv X509_V_ERR_CERT_REJECTED : No certificate rejected -The root CA is marked to reject the specified purpose. -.It Dv X509_V_ERR_SUBJECT_ISSUER_MISMATCH : No subject issuer mismatch -The current candidate issuer certificate was rejected because its -subject name did not match the issuer name of the current certificate. -This is only set if issuer check debugging is enabled; it is used for -status notification and is -.Sy not -in itself an error. -.It Dv X509_V_ERR_AKID_SKID_MISMATCH : \ - No authority and subject key identifier mismatch -The current candidate issuer certificate was rejected because its -subject key identifier was present and did not match the authority key -identifier current certificate. -This is only set if issuer check debugging is enabled; it is used for -status notification and is -.Sy not -in itself an error. -.It Dv X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH : \ - Noauthority and issuer serial number mismatch -The current candidate issuer certificate was rejected because its issuer -name and serial number was present and did not match the authority key -identifier of the current certificate. -This is only set if issuer check debugging is enabled; it is used for -status notification and is -.Sy not -in itself an error. -.It Dv X509_V_ERR_KEYUSAGE_NO_CERTSIGN : \ - No key usage does not include certificate signing -The current candidate issuer certificate was rejected because its -keyUsage extension does not permit certificate signing. -This is only set if issuer check debugging is enabled it is used for -status notification and is -.Sy not -in itself an error. -.It Dv X509_V_ERR_INVALID_EXTENSION : \ - No invalid or inconsistent certificate extension -A certificate extension had an invalid value (for example an incorrect -encoding) or some value inconsistent with other extensions. -.It Dv X509_V_ERR_INVALID_POLICY_EXTENSION : \ - No invalid or inconsistent certificate policy extension -A certificate policies extension had an invalid value (for example an -incorrect encoding) or some value inconsistent with other extensions. -This error only occurs if policy processing is enabled. -.It Dv X509_V_ERR_NO_EXPLICIT_POLICY : No no explicit policy -The verification flags were set to require an explicit policy but none -was present. -.It Dv X509_V_ERR_DIFFERENT_CRL_SCOPE : No different CRL scope -The only CRLs that could be found did not match the scope of the -certificate. -.It Dv X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE : \ - No unsupported extension feature -Some feature of a certificate extension is not supported. -Unused. -.It Dv X509_V_ERR_PERMITTED_VIOLATION : No permitted subtree violation -A name constraint violation occurred in the permitted subtrees. -.It Dv X509_V_ERR_EXCLUDED_VIOLATION : No excluded subtree violation -A name constraint violation occurred in the excluded subtrees. -.It Dv X509_V_ERR_SUBTREE_MINMAX : \ - No name constraints minimum and maximum not supported -A certificate name constraints extension included a minimum or maximum -field: this is not supported. -.It Dv X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE : \ - No unsupported name constraint type -An unsupported name constraint type was encountered. -OpenSSL currently only supports directory name, DNS name, email and URI -types. -.It Dv X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX : \ - No unsupported or invalid name constraint syntax -The format of the name constraint is not recognised: for example an -email address format of a form not mentioned in RFC 3280. -This could be caused by a garbage extension or some new feature not -currently supported. -.It Dv X509_V_ERR_CRL_PATH_VALIDATION_ERROR : No CRL path validation error -An error occurred when attempting to verify the CRL path. -This error can only happen if extended CRL checking is enabled. -.It Dv X509_V_ERR_APPLICATION_VERIFICATION : \ - No application verification failure -An application specific error. -This will never be returned unless explicitly set by an application. -.El -.Sh SEE ALSO -.Xr X509_policy_check 3 , -.Xr X509_policy_tree_level_count 3 , -.Xr X509_STORE_CTX_new 3 , -.Xr X509_up_ref 3 , -.Xr X509_verify_cert 3 -.Sh HISTORY -.Fn X509_STORE_CTX_get_error , -.Fn X509_STORE_CTX_set_error , -.Fn X509_STORE_CTX_get_error_depth , -.Fn X509_STORE_CTX_get_current_cert , -.Fn X509_STORE_CTX_get_chain , -and -.Fn X509_verify_cert_error_string -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_STORE_CTX_get1_chain -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn X509_STORE_CTX_get0_policy_tree -and -.Fn X509_STORE_CTX_get_explicit_policy -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn X509_STORE_CTX_get0_current_issuer , -.Fn X509_STORE_CTX_get0_current_crl , -and -.Fn X509_STORE_CTX_get0_parent_ctx -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . -.Pp -.Fn X509_STORE_CTX_get0_chain -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/src/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 deleted file mode 100644 index bfec65a123..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 +++ /dev/null @@ -1,153 +0,0 @@ -.\" $OpenBSD: X509_STORE_CTX_get_ex_new_index.3,v 1.6 2021/07/29 08:32:13 schwarze Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2009, 2014 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 29 2021 $ -.Dt X509_STORE_CTX_GET_EX_NEW_INDEX 3 -.Os -.Sh NAME -.Nm X509_STORE_CTX_get_ex_new_index , -.Nm X509_STORE_CTX_set_ex_data , -.Nm X509_STORE_CTX_get_ex_data , -.Nm X509_STORE_CTX_set_app_data , -.Nm X509_STORE_CTX_get_app_data -.Nd add application specific data to X509_STORE_CTX structures -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft int -.Fo X509_STORE_CTX_get_ex_new_index -.Fa "long argl" -.Fa "void *argp" -.Fa "CRYPTO_EX_new *new_func" -.Fa "CRYPTO_EX_dup *dup_func" -.Fa "CRYPTO_EX_free *free_func" -.Fc -.Ft int -.Fo X509_STORE_CTX_set_ex_data -.Fa "X509_STORE_CTX *d" -.Fa "int idx" -.Fa "void *arg" -.Fc -.Ft void * -.Fo X509_STORE_CTX_get_ex_data -.Fa "X509_STORE_CTX *d" -.Fa "int idx" -.Fc -.Ft int -.Fo X509_STORE_CTX_set_app_data -.Fa "X509_STORE_CTX *d" -.Fa "void *arg" -.Fc -.Ft void * -.Fo X509_STORE_CTX_get_app_data -.Fa "X509_STORE_CTX *d" -.Fc -.Sh DESCRIPTION -These functions handle application specific data in -.Vt X509_STORE_CTX -structures. -Their usage is identical to that of -.Xr RSA_get_ex_new_index 3 , -.Xr RSA_set_ex_data 3 , -and -.Xr RSA_get_ex_data 3 . -.Pp -This mechanism is used internally by the -.Xr ssl 3 -library to store the -.Vt SSL -structure associated with a verification operation in an -.Vt X509_STORE_CTX -structure. -.Pp -.Fn X509_STORE_CTX_set_app_data -and -.Fn X509_STORE_CTX_get_app_data -are macros calling -.Fn X509_STORE_CTX_set_ex_data -and -.Fn X509_STORE_CTX_get_ex_data , -respectively, with an -.Fa idx -of 0. -.Sh RETURN VALUES -.Fn X509_STORE_CTX_get_ex_new_index -returns a new index or \-1 on failure. -.Pp -.Fn X509_STORE_CTX_set_ex_data -and -.Fn X509_STORE_CTX_set_app_data -return 1 on success or 0 on failure. -.Pp -.Fn X509_STORE_CTX_get_ex_data -and -.Fn X509_STORE_CTX_get_app_data -return the application data or -.Dv NULL -on failure. -.Dv NULL -may also be valid application data, but currently these functions -can only fail if given an invalid -.Fa idx -argument. -.Sh SEE ALSO -.Xr RSA_get_ex_new_index 3 , -.Xr X509_STORE_CTX_new 3 -.Sh HISTORY -.Fn X509_STORE_CTX_set_app_data -and -.Fn X509_STORE_CTX_get_app_data -first appeared in SSLeay 0.8.0 and -.Fn X509_STORE_CTX_get_ex_new_index , -.Fn X509_STORE_CTX_set_ex_data , -and -.Fn X509_STORE_CTX_get_ex_data -in SSLeay 0.9.0. -All these functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 b/src/lib/libcrypto/man/X509_STORE_CTX_new.3 deleted file mode 100644 index f285045194..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ /dev/null @@ -1,355 +0,0 @@ -.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.24 2021/08/02 16:21:11 schwarze Exp $ -.\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100 -.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson -.\" and Rich Salz . -.\" Copyright (c) 2009, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 2 2021 $ -.Dt X509_STORE_CTX_NEW 3 -.Os -.Sh NAME -.Nm X509_STORE_CTX_new , -.Nm X509_STORE_CTX_init , -.Nm X509_STORE_CTX_cleanup , -.Nm X509_STORE_CTX_free , -.Nm X509_STORE_CTX_get0_store , -.Nm X509_STORE_CTX_set0_trusted_stack , -.Nm X509_STORE_CTX_trusted_stack , -.Nm X509_STORE_CTX_set_cert , -.Nm X509_STORE_CTX_get0_cert , -.\" X509_STORE_CTX_get0_chain moved to X509_STORE_CTX_get_error(3) -.Nm X509_STORE_CTX_set_chain , -.Nm X509_STORE_CTX_set0_untrusted , -.Nm X509_STORE_CTX_get0_untrusted , -.Nm X509_STORE_CTX_set0_crls -.Nd X509_STORE_CTX initialisation -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft X509_STORE_CTX * -.Fn X509_STORE_CTX_new void -.Ft int -.Fo X509_STORE_CTX_init -.Fa "X509_STORE_CTX *ctx" -.Fa "X509_STORE *store" -.Fa "X509 *x" -.Fa "STACK_OF(X509) *untrusted" -.Fc -.Ft void -.Fo X509_STORE_CTX_cleanup -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft void -.Fo X509_STORE_CTX_free -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft X509_STORE * -.Fo X509_STORE_CTX_get0_store -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft void -.Fo X509_STORE_CTX_set0_trusted_stack -.Fa "X509_STORE_CTX *ctx" -.Fa "STACK_OF(X509) *trusted" -.Fc -.Ft void -.Fo X509_STORE_CTX_trusted_stack -.Fa "X509_STORE_CTX *ctx" -.Fa "STACK_OF(X509) *trusted" -.Fc -.Ft void -.Fo X509_STORE_CTX_set_cert -.Fa "X509_STORE_CTX *ctx" -.Fa "X509 *x" -.Fc -.Ft X509 * -.Fo X509_STORE_CTX_get0_cert -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft void -.Fo X509_STORE_CTX_set_chain -.Fa "X509_STORE_CTX *ctx" -.Fa "STACK_OF(X509) *untrusted" -.Fc -.Ft void -.Fo X509_STORE_CTX_set0_untrusted -.Fa "X509_STORE_CTX *ctx" -.Fa "STACK_OF(X509) *untrusted" -.Fc -.Ft STACK_OF(X509) * -.Fo X509_STORE_CTX_get0_untrusted -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft void -.Fo X509_STORE_CTX_set0_crls -.Fa "X509_STORE_CTX *ctx" -.Fa "STACK_OF(X509_CRL) *crls" -.Fc -.Sh DESCRIPTION -These functions set up an -.Vt X509_STORE_CTX -object for subsequent use by -.Xr X509_verify_cert 3 . -.Pp -.Fn X509_STORE_CTX_new -allocates an empty -.Vt X509_STORE_CTX -object not yet containing the subobjects required for normal operation. -.Pp -.Fn X509_STORE_CTX_init -needs to be called on each new -.Fa ctx -before any of the other functions become useful. -It prepares -.Fa ctx -for one single verification operation using -.Xr X509_verify_cert 3 . -The trusted certificate -.Fa store -to be used, the end entity certificate -.Fa x -to be verified, and a set of additional -.Fa untrusted -certificates, to be used for building the chain, -can be supplied, or any or all of them can be set to -.Dv NULL . -The three pointers passed in are stored internally, the three objects -pointed to are not copied, their reference count is not incremented, -and the caller remains responsible for managing their storage and for -not freeing them before -.Fn X509_STORE_CTX_free -is called on -.Fa ctx . -.Pp -.Fn X509_STORE_CTX_cleanup -internally cleans up -.Fa ctx , -returning it to an empty state similar to the one after -.Fn X509_STORE_CTX_new . -It can then be reused with a new call to -.Fn X509_STORE_CTX_init . -.Pp -.Fn X509_STORE_CTX_free -calls -.Fn X509_STORE_CTX_cleanup -and frees the storage pointed to by -.Fa ctx . -If -.Fa ctx -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn X509_STORE_CTX_get0_store -returns the internal pointer to the trusted certificate -.Fa store -that was set with -.Fn X509_STORE_CTX_init . -.Pp -.Fn X509_STORE_CTX_set0_trusted_stack -sets the set of -.Fa trusted -certificates used by -.Fa ctx . -This is an alternative way of specifying trusted certificates instead of -using the -.Fa store . -.Fn X509_STORE_CTX_trusted_stack -is a deprecated alias for -.Fn X509_STORE_CTX_set0_trusted_stack . -.Pp -.Fn X509_STORE_CTX_set_cert -sets the certificate to be verified in -.Fa ctx -to -.Fa x , -overriding the certificate that was set with -.Fn X509_STORE_CTX_init . -Again, the certificate is not copied -and its reference count is not incremented. -.Pp -.Fn X509_STORE_CTX_get0_cert -retrieves the internal pointer to the certificate being verified by -.Fa ctx , -i.e. the last one set using either -.Fn X509_STORE_CTX_init -or -.Fn X509_STORE_CTX_set_cert . -.Pp -.Fn X509_STORE_CTX_set_chain -and -.Fn X509_STORE_CTX_set0_untrusted -are identical and set the additional, -.Fa untrusted -certificates used by -.Fa ctx , -overriding the set of additional, untrusted certificates that was set with -.Fn X509_STORE_CTX_init . -Again, the set and the certificates contained in it are not copied -and their reference counts are not incremented. -.Pp -.Fn X509_STORE_CTX_get0_untrusted -retrieves the internal pointer -to the set of additional, untrusted certificates associated with -.Fa ctx , -i.e. the last one set using either -.Fn X509_STORE_CTX_init , -.Fn X509_STORE_CTX_set_chain , -or -.Fn X509_STORE_CTX_set0_untrusted . -.Pp -.Fn X509_STORE_CTX_set0_crls -sets a set of -.Fa crls -to use during certificate verification. -These CRLs will only be used if CRL verification is enabled in the -associated -.Vt X509_VERIFY_PARAM -structure. -This might be used where additional "useful" CRLs are supplied as part -of a protocol, for example in a PKCS#7 structure. -.Pp -Legacy applications might implicitly use an -.Vt X509_STORE_CTX -like this: -.Bd -literal -offset indent -X509_STORE_CTX ctx; -X509_STORE_CTX_init(&ctx, store, cert, chain); -.Ed -.Pp -This is -.Sy not -recommended in new applications. -They should instead do: -.Bd -literal -offset indent -X509_STORE_CTX *ctx; -ctx = X509_STORE_CTX_new(); -if (ctx == NULL) - /* Bad error */ -X509_STORE_CTX_init(ctx, store, cert, chain); -.Ed -.Sh RETURN VALUES -.Fn X509_STORE_CTX_new -returns a newly allocated context or -.Dv NULL -if an error occurred. -.Pp -.Fn X509_STORE_CTX_init -returns 1 for success or 0 if an error occurred. -.Pp -.Fn X509_STORE_CTX_get0_store -returns the internal pointer to the trusted certificate store or -.Dv NULL -if none was set. -.Pp -.Fn X509_STORE_CTX_get0_cert -returns the internal pointer to the certificate to be verified or -.Dv NULL -if no such certificate was set. -.Pp -.Fn X509_STORE_CTX_get0_untrusted -returns the internal pointer -to the set of additional, untrusted certificates or -.Dv NULL -if no set of additional certificates was provided. -.Sh SEE ALSO -.Xr X509_CRL_new 3 , -.Xr X509_STORE_CTX_get_error 3 , -.Xr X509_STORE_CTX_get_ex_new_index 3 , -.Xr X509_STORE_CTX_set_flags 3 , -.Xr X509_STORE_get_by_subject 3 , -.Xr X509_STORE_new 3 , -.Xr X509_STORE_set1_param 3 , -.Xr X509_verify_cert 3 , -.Xr X509_VERIFY_PARAM_set_flags 3 -.Sh HISTORY -.Fn X509_STORE_CTX_init , -.Fn X509_STORE_CTX_cleanup , -.Fn X509_STORE_CTX_set_cert , -and -.Fn X509_STORE_CTX_set_chain -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_STORE_CTX_new -and -.Fn X509_STORE_CTX_free -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn X509_STORE_CTX_trusted_stack -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . -.Pp -.Fn X509_STORE_CTX_get0_store -first appeared in OpenSSL 1.0.2. -.Fn X509_STORE_CTX_set0_trusted_stack , -.Fn X509_STORE_CTX_get0_cert , -.Fn X509_STORE_CTX_set0_untrusted , -and -.Fn X509_STORE_CTX_get0_untrusted -first appeared in OpenSSL 1.1.0. -These functions have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 b/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 deleted file mode 100644 index 7247927385..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_CTX_set_flags.3 +++ /dev/null @@ -1,420 +0,0 @@ -.\" $OpenBSD: X509_STORE_CTX_set_flags.3,v 1.3 2021/07/25 14:05:03 schwarze Exp $ -.\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100 -.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Claudio Jeker -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2009 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 25 2021 $ -.Dt X509_STORE_CTX_SET_FLAGS 3 -.Os -.Sh NAME -.Nm X509_STORE_CTX_set_flags , -.Nm X509_STORE_CTX_set_time , -.Nm X509_STORE_CTX_set_depth , -.Nm X509_STORE_CTX_set_trust , -.Nm X509_STORE_CTX_set_purpose , -.Nm X509_STORE_CTX_purpose_inherit , -.Nm X509_STORE_CTX_get0_param , -.Nm X509_STORE_CTX_set0_param , -.Nm X509_STORE_CTX_set_default -.Nd X509_STORE_CTX parameter initialisation -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft void -.Fo X509_STORE_CTX_set_flags -.Fa "X509_STORE_CTX *ctx" -.Fa "unsigned long flags" -.Fc -.Ft void -.Fo X509_STORE_CTX_set_time -.Fa "X509_STORE_CTX *ctx" -.Fa "unsigned long dummy" -.Fa "time_t time" -.Fc -.Ft void -.Fo X509_STORE_CTX_set_depth -.Fa "X509_STORE_CTX *ctx" -.Fa "int depth" -.Fc -.Ft int -.Fo X509_STORE_CTX_set_trust -.Fa "X509_STORE_CTX *ctx" -.Fa "int trust" -.Fc -.Ft int -.Fo X509_STORE_CTX_set_purpose -.Fa "X509_STORE_CTX *ctx" -.Fa "int purpose" -.Fc -.Ft int -.Fo X509_STORE_CTX_purpose_inherit -.Fa "X509_STORE_CTX *ctx" -.Fa "int def_purpose" -.Fa "int purpose" -.Fa "int trust" -.Fc -.Ft X509_VERIFY_PARAM * -.Fo X509_STORE_CTX_get0_param -.Fa "X509_STORE_CTX *ctx" -.Fc -.Ft void -.Fo X509_STORE_CTX_set0_param -.Fa "X509_STORE_CTX *ctx" -.Fa "X509_VERIFY_PARAM *param" -.Fc -.Ft int -.Fo X509_STORE_CTX_set_default -.Fa "X509_STORE_CTX *ctx" -.Fa "const char *name" -.Fc -.Sh DESCRIPTION -These functions operate on the -.Vt X509_VERIFY_PARAM -object used by -.Fa ctx . -Usually, -.Xr X509_STORE_CTX_init 3 -is called on -.Fa ctx -before these functions, and -.Xr X509_verify_cert 3 -afterwards. -.Pp -.Fn X509_STORE_CTX_set_flags -sets the internal verification parameter flags to -.Fa flags . -See -.Xr X509_VERIFY_PARAM_set_flags 3 -for a description of the verification flags. -.Pp -.Fn X509_STORE_CTX_set_time -sets the verification -.Fa time -using -.Xr X509_VERIFY_PARAM_set_time 3 . -The -.Fa dummy -argument is ignored. -.Pp -.Fn X509_STORE_CTX_set_depth -sets the maximum verification -.Fa depth -using -.Xr X509_VERIFY_PARAM_set_depth 3 . -That is the maximum number of untrusted CA certificates -that can appear in a chain. -.Pp -.Fn X509_STORE_CTX_set_trust -sets the -.Fa trust -identifier that can also be set using -.Xr X509_VERIFY_PARAM_set_trust 3 . -If the -.Fa trust -argument is 0 or invalid -or the trust identifier is already set to a non-zero value in the -.Vt X509_VERIFY_PARAM -object, no action occurs. -Here and in the following, -.Dv X509_TRUST_DEFAULT -counts as invalid. -.Pp -.Fn X509_STORE_CTX_set_purpose -sets the -.Fa purpose -identifier that can also be set using -.Xr X509_VERIFY_PARAM_set_purpose 3 . -If the -.Fa purpose -argument is 0 or any failure occurs, nothing is changed. -.Pp -In the following, the trust identifier contained in the -.Vt X509_PURPOSE -object associated with -.Fa purpose -is called the -.Dq associated trust . -.Pp -The function fails if the -.Fa purpose -argument or the associated trust is not 0 but invalid; otherwise, -.Fn X509_STORE_CTX_set_purpose -also does the equivalent of calling -.Fn X509_STORE_CTX_set_trust -with the associated trust. -.Pp -If the purpose identifier is already set to a non-zero value in the -.Vt X509_VERIFY_PARAM -object, it is not changed, even if the -.Fa purpose -argument is valid, too. -.Pp -.Fn X509_STORE_CTX_purpose_inherit -is similar to -.Fn X509_STORE_CTX_set_purpose , -with the following modifications: -.Bl -bullet -.It -If the -.Fa purpose -argument is 0, -.Fa def_purpose -is used instead. -.It -If the associated trust is -.Dv X509_TRUST_DEFAULT , -the trust associated with -.Fa def_purpose -is used instead, or if -.Fa def_purpose -is 0 or invalid, the function fails. -.It -If the -.Fa trust -argument is not 0, it is used instead of the associated trust, -and the equivalent of calling -.Fn X509_STORE_CTX_set_trust -is done even if both -.Fa purpose -and -.Fa def_purpose -are 0. -Even if the -.Fa trust -argument is not 0, if the (then unused) associated trust is -.Dv X509_TRUST_DEFAULT , -.Fa def_purpose -is still required to be valid. -.El -.Pp -Note that, even if all arguments are valid and the return value is 1, -it is possible that nothing changed, or that only either one of the -purpose and trust identifiers were set, or that both were set. -It can also happen that the purpose identifier gets set according to the -.Fa purpose -argument, but the trust identifier gets set according to the -.Fa def_purpose -argument in the same call. -.Pp -The intended way of using this function is to pass the purpose and -trust attributes of another structure of an arbitrary type as the -.Fa purpose -and -.Fa trust -arguments, and to provide -.Fa def_purpose -as a fallback in case the settings in the other structure are incomplete. -.Pp -.Fn X509_STORE_CTX_get0_param -retrieves an internal pointer to the verification parameters associated -with -.Fa ctx . -.Pp -.Fn X509_STORE_CTX_set0_param -sets the internal verification parameter pointer to -.Fa param . -After this call -.Fa param -should not be used. -.Pp -.Fn X509_STORE_CTX_set_default -looks up and sets the default verification method to -.Fa name . -This uses the function -.Xr X509_VERIFY_PARAM_lookup 3 -to find an appropriate set of parameters from -.Fa name . -.Sh RETURN VALUES -.Fn X509_STORE_CTX_set_trust -returns 1 if the -.Fa trust -argument is 0 or valid or 0 if it is not 0 but invalid. -A return value of 1 does -.Em not -imply that the trust identifier stored in the -.Vt X509_VERIFY_PARAM -object was changed. -.Pp -.Fn X509_STORE_CTX_set_purpose -returns 1 if both the -.Fa purpose -argument and the associated trust are 0 or valid. -It returns 0 if either the -.Fa purpose -argument or the associated trust is not 0 but invalid. -A return value of 1 does not imply that any data was changed. -.Pp -.Fn X509_STORE_CTX_purpose_inherit -returns 0 if: -.Bl -bullet -.It -The -.Fa purpose -argument is not 0 and invalid. -.It -The -.Fa purpose -argument is 0 and the -.Fa def_purpose -argument is not 0 and invalid. -.It -The associated trust is -.Dv X509_TRUST_DEFAULT -and the -.Fa def_purpose -argument is 0 or invalid, -or the trust identifier associated with it is not 0 but invalid. -.It -The -.Fa trust -argument is not 0 and invalid. -.It -The -.Fa trust -argument is 0 and the associated trust is neither 0 nor -.Dv X509_TRUST_DEFAULT -but invalid. -.El -.Pp -Otherwise, -.Fn X509_STORE_CTX_purpose_inherit -returns 1, which does not imply that any data was changed. -.Pp -.Fn X509_STORE_CTX_get0_param -returns a pointer to an -.Vt X509_VERIFY_PARAM -structure or -.Dv NULL -if an error occurred. -.Pp -.Fn X509_STORE_CTX_set_default -returns 1 for success or 0 if an error occurred. -.Sh ERRORS -For -.Fn X509_STORE_CTX_set_trust , -.Fn X509_STORE_CTX_set_purpose , -and -.Fn X509_STORE_CTX_purpose_inherit , -the following diagnostics can be retrieved with -.Xr ERR_get_error 3 , -.Xr ERR_GET_REASON 3 , -and -.Xr ERR_reason_error_string 3 : -.Bl -tag -width Ds -.It Dv X509_R_UNKNOWN_TRUST_ID Qq "unknown trust id" -The -.Fa trust -argument or the trust identifier associated with -.Fa purpose -or -.Fa def_purpose -is not 0 but invalid, -.It Dv X509_R_UNKNOWN_PURPOSE_ID Qq "unknown purpose id" -The -.Fa purpose -argument is not 0 and invalid. -Or it is 0 and the -.Fa def_purpose -argument is not 0 and invalid. -Or the associated trust is -.Dv X509_TRUST_DEFAULT -and -.Fa def_purpose -is 0 or invalid. -.El -.Pp -The other functions provide no diagnostics. -.Sh SEE ALSO -.Xr X509_STORE_CTX_get_error 3 , -.Xr X509_STORE_CTX_new 3 , -.Xr X509_STORE_new 3 , -.Xr X509_STORE_set1_param 3 , -.Xr X509_verify_cert 3 , -.Xr X509_VERIFY_PARAM_set_flags 3 -.Sh HISTORY -.Fn X509_STORE_CTX_set_depth -first appeared in OpenSSL 0.9.3 and has been available since -.Ox 2.4 . -.Pp -.Fn X509_STORE_CTX_set_trust , -.Fn X509_STORE_CTX_set_purpose , -and -.Fn X509_STORE_CTX_purpose_inherit -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn X509_STORE_CTX_set_flags -and -.Fn X509_STORE_CTX_set_time -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . -.Pp -.Fn X509_STORE_CTX_get0_param , -.Fn X509_STORE_CTX_set0_param , -and -.Fn X509_STORE_CTX_set_default -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 deleted file mode 100644 index 5a4bb3338a..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ /dev/null @@ -1,233 +0,0 @@ -.\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.5 2020/03/29 17:05:02 schwarze Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2009, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 29 2020 $ -.Dt X509_STORE_CTX_SET_VERIFY_CB 3 -.Os -.Sh NAME -.Nm X509_STORE_CTX_set_verify_cb -.Nd set verification callback -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft void -.Fo X509_STORE_CTX_set_verify_cb -.Fa "X509_STORE_CTX *ctx" -.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" -.Fc -.Sh DESCRIPTION -.Fn X509_STORE_CTX_set_verify_cb -sets the verification callback of -.Fa ctx -to -.Fa verify_cb -overwriting any existing callback. -.Pp -The verification callback can be used to customise the operation of -certificate verification, either by overriding error conditions or -logging errors for debugging purposes. -.Pp -However a verification callback is -.Sy not -essential and the default operation is often sufficient. -.Pp -The -.Fa ok -parameter to the callback indicates the value the callback should return -to retain the default behaviour. -If it is zero then an error condition is indicated. -If it is 1 then no error occurred. -If the flag -.Dv X509_V_FLAG_NOTIFY_POLICY -is set, then -.Fa ok -is set to 2 to indicate the policy checking is complete. -.Pp -The -.Fa ctx -parameter to the callback is the -.Vt X509_STORE_CTX -structure that is performing the verification operation. -A callback can examine this structure and receive additional information -about the error, for example by calling -.Xr X509_STORE_CTX_get_current_cert 3 . -Additional application data can be passed to the callback via the -.Sy ex_data -mechanism. -.Pp -The verification callback can be set and inherited from the parent -structure performing the operation. -In some cases (such as S/MIME verification) the -.Vt X509_STORE_CTX -structure is created and destroyed internally and the only way to set a -custom verification callback is by inheriting it from the associated -.Vt X509_STORE . -.Sh EXAMPLES -Default callback operation: -.Bd -literal -int -verify_callback(int ok, X509_STORE_CTX *ctx) - { - return ok; -} -.Ed -.Pp -Simple example, suppose a certificate in the chain is expired and we -wish to continue after this error: -.Bd -literal -int -verify_callback(int ok, X509_STORE_CTX *ctx) -{ - /* Tolerate certificate expiration */ - if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) - return 1; - /* Otherwise don't override */ - return ok; -} -.Ed -.Pp -More complex example, we don't wish to continue after -.Sy any -certificate has expired just one specific case: -.Bd -literal -int -verify_callback(int ok, X509_STORE_CTX *ctx) -{ - int err = X509_STORE_CTX_get_error(ctx); - X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); - - if (err == X509_V_ERR_CERT_HAS_EXPIRED) { - if (check_is_acceptable_expired_cert(err_cert) - return 1; - } - return ok; -} -.Ed -.Pp -Full featured logging callback. -In this case the -.Fa bio_err -is assumed to be a global logging -.Vt BIO , -an alternative would to store a -.Vt BIO -in -.Fa ctx -using -.Sy ex_data . -.Bd -literal -int -verify_callback(int ok, X509_STORE_CTX *ctx) -{ - X509 *err_cert; - int err,depth; - - err_cert = X509_STORE_CTX_get_current_cert(ctx); - err = X509_STORE_CTX_get_error(ctx); - depth = X509_STORE_CTX_get_error_depth(ctx); - - BIO_printf(bio_err,"depth=%d ",depth); - if (err_cert) { - X509_NAME_print_ex(bio_err, - X509_get_subject_name(err_cert), 0, - XN_FLAG_ONELINE); - BIO_puts(bio_err, "\en"); - } else - BIO_puts(bio_err, "\en"); - if (!ok) - BIO_printf(bio_err, "verify error:num=%d:%s\en", - err, X509_verify_cert_error_string(err)); - switch (err) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - BIO_puts(bio_err, "issuer= "); - X509_NAME_print_ex(bio_err, - X509_get_issuer_name(err_cert), 0, - XN_FLAG_ONELINE); - BIO_puts(bio_err, "\en"); - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - BIO_printf(bio_err, "notBefore="); - ASN1_TIME_print(bio_err, - X509_get_notBefore(err_cert)); - BIO_printf(bio_err, "\en"); - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - BIO_printf(bio_err, "notAfter="); - ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); - BIO_printf(bio_err, "\en"); - break; - case X509_V_ERR_NO_EXPLICIT_POLICY: - policies_print(bio_err, ctx); - break; - } - if (err == X509_V_OK && ok == 2) - /* print out policies */ - - BIO_printf(bio_err,"verify return:%d\en",ok); - return(ok); -} -.Ed -.Sh SEE ALSO -.Xr X509_STORE_CTX_get_error 3 , -.Xr X509_STORE_CTX_get_ex_new_index 3 , -.Xr X509_STORE_set_verify_cb_func 3 -.Sh HISTORY -.Fn X509_STORE_CTX_set_verify_cb -first appeared in OpenSSL 0.9.6c and has been available since -.Ox 3.2 . -.Sh CAVEATS -In general a verification callback should -.Sy NOT -unconditionally return 1 in all circumstances because this will allow -verification to succeed no matter what the error. -This effectively removes all security from the application because -.Sy any -certificate (including untrusted generated ones) will be accepted. diff --git a/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 b/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 deleted file mode 100644 index f9da13fba4..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_get_by_subject.3 +++ /dev/null @@ -1,199 +0,0 @@ -.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.1 2021/08/02 16:21:11 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 2 2021 $ -.Dt X509_STORE_GET_BY_SUBJECT 3 -.Os -.Sh NAME -.Nm X509_STORE_get_by_subject , -.Nm X509_STORE_get1_certs , -.Nm X509_STORE_get1_crls , -.Nm X509_STORE_CTX_get1_issuer -.Nd retrieve objects from a certificate store -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft int -.Fo X509_STORE_get_by_subject -.Fa "X509_STORE_CTX *ctx" -.Fa "int type" -.Fa "X509_NAME *name" -.Fa "X509_OBJECT *object" -.Fc -.Ft STACK_OF(X509) * -.Fo X509_STORE_get1_certs -.Fa "X509_STORE_CTX *ctx" -.Fa "X509_NAME *name" -.Fc -.Ft STACK_OF(X509_CRL) * -.Fo X509_STORE_get1_crls -.Fa "X509_STORE_CTX *ctx" -.Fa "X509_NAME *name" -.Fc -.Ft int -.Fo X509_STORE_CTX_get1_issuer -.Fa "X509 **issuer" -.Fa "X509_STORE_CTX *ctx" -.Fa "X509 *certificate" -.Fc -.Sh DESCRIPTION -.Fn X509_STORE_get_by_subject -retrieves the first object having a matching -.Fa type -and -.Fa name -from the -.Vt X509_STORE -associated with the -.Fa ctx . -The -.Fa type -can be -.Dv X509_LU_X509 -to retrieve a certificate or -.Dv X509_LU_CRL -to retrieve a revocation list. -.Pp -If the store does not yet contain a matching object or if the type is -.Dv X509_LU_CRL , -.Xr X509_LOOKUP_by_subject 3 -is called on -.Vt X509_LOOKUP -objects associated with the store until a match is found, -which may add zero or more objects to the store. -.Pp -In case of success, the content of the -.Fa object -provided by the caller is overwritten with a pointer to the first -match, and the reference count of that certificate or revocation -list is incremented by 1. -Avoiding a memory leak by making sure the provided -.Fa object -is empty is the responsibility of the caller. -.Pp -.Fn X509_STORE_get1_certs -retrieves all certificates matching the subject -.Vt name -from the -.Vt X509_STORE -associated with -.Fa ctx . -If there are none yet, -.Fn X509_STORE_get_by_subject -is called to try and add some. -In case of success, the reference counts of all certificates -added to the returned array are incremented by 1. -.Pp -.Fn X509_STORE_get1_crls -is similar except that it operates on certificate revocation lists -rather than on certificates and that it always calls -.Fn X509_STORE_get_by_subject , -even if the -.Vt X509_STORE -already contains a matching revocation list. -.Pp -.Fn X509_STORE_CTX_get1_issuer -retrieves the -.Fa issuer -CA certificate for the given -.Fa certificate -from the -.Vt X509_STORE -associated with -.Fa ctx . -Internally, the issuer name is retrieved with -.Xr X509_get_issuer_name 3 -and the candidate issuer CA certificate with -.Fn X509_STORE_get_by_subject -using that issuer name. -.Xr X509_check_issued 3 -or a user-supplied replacement function is used to check whether the -.Fa certificate -was indeed issued using the -.Fa issuer -CA certificate before returning it. -If verification parameters associated with -.Fa ctx -encourage checking of validity times, CAs with a valid time are -preferred, but if no matching CA has a valid time, one with an -invalid time is accepted anyway. -.Sh RETURN VALUES -.Fn X509_STORE_get_by_subject -returns 1 if a match is found or 0 on failure. -In addition to simply not finding a match, -it may also fail due to memory allocation failure in -.Xr X509_LOOKUP_by_subject 3 . -If -.Fa ctx -contains any -.Vt X509_LOOKUP -object using a user-defined -.Vt X509_LOOKUP_METHOD , -it might also return negative values for internal errors. -.Pp -.Fn X509_STORE_get1_certs -returns a newly allocated and populated array of certificates or -.Dv NULL -on failure. -It fails if no match is found, if -.Fn X509_STORE_get_by_subject -fails, or if memory allocation fails. -.Pp -.Fn X509_STORE_get1_crls -returns a newly allocated and populated array of CRLs or -.Dv NULL -on failure. -It fails if -.Fn X509_STORE_get_by_subject -finds no new match, even if the associated -.Vt X509_STORE -already contains matching CRLs, or if memory allocation fails. -.Pp -.Fn X509_STORE_CTX_get1_issuer -returns 1 if a matching -.Fa issuer -CA certificate is found or 0 otherwise. -If -.Fa ctx -contains any -.Vt X509_LOOKUP -object using a user-defined -.Vt X509_LOOKUP_METHOD , -it might also return negative values for internal errors. -.Sh SEE ALSO -.Xr STACK_OF 3 , -.Xr X509_check_issued 3 , -.Xr X509_CRL_new 3 , -.Xr X509_get_issuer_name 3 , -.Xr X509_LOOKUP_by_subject 3 , -.Xr X509_NAME_new 3 , -.Xr X509_new 3 , -.Xr X509_OBJECT_retrieve_by_subject 3 , -.Xr X509_STORE_CTX_new 3 , -.Xr X509_VERIFY_PARAM_set_flags 3 -.Sh HISTORY -.Fn X509_STORE_get_by_subject -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . -.Pp -.Fn X509_STORE_CTX_get1_issuer -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . -.Pp -.Fn X509_STORE_get1_certs -and -.Fn X509_STORE_get1_crls -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/X509_STORE_load_locations.3 b/src/lib/libcrypto/man/X509_STORE_load_locations.3 deleted file mode 100644 index 4dbfb5fce4..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_load_locations.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" $OpenBSD: X509_STORE_load_locations.3,v 1.8 2021/08/01 15:37:53 schwarze Exp $ -.\" full merge up to: -.\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 -.\" -.\" Copyright (c) 2017, 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 1 2021 $ -.Dt X509_STORE_LOAD_LOCATIONS 3 -.Os -.Sh NAME -.Nm X509_STORE_load_locations , -.Nm X509_STORE_set_default_paths , -.Nm X509_STORE_load_mem , -.Nm X509_STORE_add_lookup -.Nd configure files and directories used by a certificate store -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft int -.Fo X509_STORE_load_locations -.Fa "X509_STORE *store" -.Fa "const char *file" -.Fa "const char *dirs" -.Fc -.Ft int -.Fo X509_STORE_set_default_paths -.Fa "X509_STORE *store" -.Fc -.Ft int -.Fo X509_STORE_load_mem -.Fa "X509_STORE *store" -.Fa "void *buffer" -.Fa "int length" -.Fc -.Ft X509_LOOKUP * -.Fo X509_STORE_add_lookup -.Fa "X509_STORE *store" -.Fa "X509_LOOKUP_METHOD *method" -.Fc -.Sh DESCRIPTION -.Fn X509_STORE_load_locations -instructs the -.Fa store -to use the PEM -.Fa file -and all the PEM files in the directories -contained in the colon-separated list -.Fa dirs -for looking up certificates, in addition to files and directories -that are already configured. -The certificates in the directories must be in hashed form, as documented in -.Xr X509_LOOKUP_hash_dir 3 . -Directories already in use are not added again. -If -.Dv NULL -is passed for -.Fa file -or -.Fa dirs , -no new file or no new directories are added, respectively. -.Pp -.Fn X509_STORE_load_locations -is identical to -.Xr SSL_CTX_load_verify_locations 3 -except that it operates directly on an -.Vt X509_STORE -object, rather than on the store used by an SSL context. -See that manual page for more information. -.Pp -.Fn X509_STORE_set_default_paths -is similar except that it instructs the -.Fa store -to use the default PEM file and directory -(as documented in -.Sx FILES ) -in addition to what is already configured. -It ignores errors that occur while trying to load the file or to -add the directory, but it may still fail for other reasons, for -example when out of memory while trying to allocate the required -.Vt X509_LOOKUP -objects. -.Pp -.Fn X509_STORE_set_default_paths -is identical to -.Xr SSL_CTX_set_default_verify_paths 3 -except that it operates directly on an -.Vt X509_STORE -object, rather than on the store used by an SSL context. -See that manual page for more information. -.Pp -The above functions are wrappers around -.Xr X509_LOOKUP_load_file 3 -and -.Xr X509_LOOKUP_add_dir 3 . -.Pp -.Fn X509_STORE_load_mem -instructs the -.Fa store -to use the certificates contained in the memory -.Fa buffer -of the given -.Fa length -for certificate lookup. -It is a wrapper around -.Xr X509_LOOKUP_add_mem 3 . -.Pp -.Fn X509_STORE_add_lookup -checks whether the -.Fa store -already contains an -.Vt X509_LOOKUP -object using the given -.Fa method ; -if it does, no action occurs. -Otherwise, a new -.Vt X509_LOOKUP -object is allocated, added, and returned. -This function is used internally by all the functions listed above. -.Sh RETURN VALUES -.Fn X509_STORE_load_locations -returns 1 if all files and directories specified were successfully -added. -It returns 0 for failure. -That can happen if adding the file failed, if adding any of the -directories failed, or if both arguments were -.Dv NULL . -.Pp -.Fn X509_STORE_set_default_paths -returns 0 for some error conditions and 1 otherwise, not just for -success, but also for various cases of failure. -.Pp -.Fn X509_STORE_load_mem -returns 1 for success or 0 for failure. -In particular, parse errors or lack of memory can cause failure. -.Pp -.Fn X509_STORE_add_lookup -returns the existing or new lookup object or -.Dv NULL -on failure. -When using the built-in -.Vt X509_LOOKUP_METHOD -objects, the only reason for failure is lack of memory. -.Sh FILES -.Bl -tag -width Ds -.It Pa /etc/ssl/cert.pem -default PEM file for -.Fn X509_STORE_set_default_paths -.It Pa /etc/ssl/certs/ -default directory for -.Fn X509_STORE_set_default_paths -.El -.Sh SEE ALSO -.Xr SSL_CTX_load_verify_locations 3 , -.Xr X509_LOOKUP_hash_dir 3 , -.Xr X509_LOOKUP_new 3 , -.Xr X509_STORE_new 3 , -.Xr X509_STORE_set1_param 3 , -.Xr X509_STORE_set_verify_cb 3 -.Sh HISTORY -.Fn X509_STORE_load_locations , -.Fn X509_STORE_set_default_paths , -and -.Fn X509_STORE_add_lookup -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_STORE_load_mem -first appeared in -.Ox 5.7 . -.Sh BUGS -By the time that adding a directory is found to have failed, -the file and some other directories may already have been successfully loaded, -so these functions may change the state of the store even when they fail. -.Pp -.Fn X509_STORE_set_default_paths -clears the error queue, deleting even error information that was -already present when it was called. diff --git a/src/lib/libcrypto/man/X509_STORE_new.3 b/src/lib/libcrypto/man/X509_STORE_new.3 deleted file mode 100644 index 71b88f999d..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_new.3 +++ /dev/null @@ -1,143 +0,0 @@ -.\" $OpenBSD: X509_STORE_new.3,v 1.5 2019/06/06 01:06:59 schwarze Exp $ -.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by -.\" Alessandro Ghedini . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt X509_STORE_NEW 3 -.Os -.Sh NAME -.Nm X509_STORE_new , -.Nm X509_STORE_up_ref , -.Nm X509_STORE_free -.Nd allocate and free X.509 certificate stores -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft X509_STORE * -.Fn X509_STORE_new void -.Ft int -.Fo X509_STORE_up_ref -.Fa "X509_STORE *store" -.Fc -.Ft void -.Fo X509_STORE_free -.Fa "X509_STORE *store" -.Fc -.Sh DESCRIPTION -.Fn X509_STORE_new -allocates and initializes an empty X.509 certificate store -and sets its reference count to 1. -.Pp -.Fn X509_STORE_up_ref -increments the reference count of -.Fa store -by 1. -.Pp -.Fn X509_STORE_free -decrements the reference count of -.Fa store -by 1. -If the reference count reaches 0, -all resources used by the store, including all certificates -contained in it, are released and -.Fa store -itself is freed. -If -.Fa store -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -.Fn X509_STORE_new -returns a newly created -.Vt X509_STORE -object or -.Dv NULL -if an error occurs. -.Pp -.Fn X509_STORE_up_ref -returns 1 for success and 0 for failure. -.Sh SEE ALSO -.Xr PKCS7_verify 3 , -.Xr SSL_CTX_set_cert_store 3 , -.Xr X509_LOOKUP_hash_dir 3 , -.Xr X509_OBJECT_get0_X509 3 , -.Xr X509_STORE_CTX_new 3 , -.Xr X509_STORE_get_ex_new_index 3 , -.Xr X509_STORE_load_locations 3 , -.Xr X509_STORE_set1_param 3 , -.Xr X509_STORE_set_verify_cb 3 -.Sh HISTORY -.Fn X509_STORE_new -and -.Fn X509_STORE_free -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_STORE_up_ref -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_STORE_set1_param.3 b/src/lib/libcrypto/man/X509_STORE_set1_param.3 deleted file mode 100644 index b44293966b..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_set1_param.3 +++ /dev/null @@ -1,229 +0,0 @@ -.\" $OpenBSD: X509_STORE_set1_param.3,v 1.17 2021/07/31 14:54:34 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL man3/X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 -.\" OpenSSL man3/X509_STORE_get0_param e90fc053 Jul 15 09:39:45 2017 -0400 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 31 2021 $ -.Dt X509_STORE_SET1_PARAM 3 -.Os -.Sh NAME -.Nm X509_STORE_set1_param , -.Nm X509_STORE_set_flags , -.Nm X509_STORE_set_purpose , -.Nm X509_STORE_set_trust , -.Nm X509_STORE_set_depth , -.Nm X509_STORE_add_cert , -.Nm X509_STORE_add_crl , -.Nm X509_STORE_get0_param , -.Nm X509_STORE_get0_objects , -.Nm X509_STORE_get_ex_new_index , -.Nm X509_STORE_set_ex_data , -.Nm X509_STORE_get_ex_data -.Nd get and set X509_STORE data -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft int -.Fo X509_STORE_set1_param -.Fa "X509_STORE *store" -.Fa "X509_VERIFY_PARAM *pm" -.Fc -.Ft int -.Fo X509_STORE_set_flags -.Fa "X509_STORE *store" -.Fa "unsigned long flags" -.Fc -.Ft int -.Fo X509_STORE_set_purpose -.Fa "X509_STORE *store" -.Fa "int purpose" -.Fc -.Ft int -.Fo X509_STORE_set_trust -.Fa "X509_STORE *store" -.Fa "int trust" -.Fc -.Ft int -.Fo X509_STORE_set_depth -.Fa "X509_STORE *store" -.Fa "int depth" -.Fc -.Ft int -.Fo X509_STORE_add_cert -.Fa "X509_STORE *store" -.Fa "X509 *x" -.Fc -.Ft int -.Fo X509_STORE_add_crl -.Fa "X509_STORE *store" -.Fa "X509_CRL *crl" -.Fc -.Ft X509_VERIFY_PARAM * -.Fo X509_STORE_get0_param -.Fa "X509_STORE *store" -.Fc -.Ft STACK_OF(X509_OBJECT) * -.Fo X509_STORE_get0_objects -.Fa "X509_STORE *store" -.Fc -.Ft int -.Fo X509_STORE_get_ex_new_index -.Fa "long argl" -.Fa "void *argp" -.Fa "CRYPTO_EX_new *new_func" -.Fa "CRYPTO_EX_dup *dup_func" -.Fa "CRYPTO_EX_free *free_func" -.Fc -.Ft int -.Fo X509_STORE_set_ex_data -.Fa "X509_STORE *store" -.Fa "int idx" -.Fa "void *arg" -.Fc -.Ft void * -.Fo X509_STORE_get_ex_data -.Fa "X509_STORE *store" -.Fa "int idx" -.Fc -.Sh DESCRIPTION -.Fn X509_STORE_set1_param -copies the verification parameters from -.Fa pm -into the verification parameter object contained in the -.Fa store . -.Pp -.Fn X509_VERIFY_PARAM_set_flags , -.Fn X509_STORE_set_purpose , -.Fn X509_STORE_set_trust , -and -.Fn X509_STORE_set_depth -call -.Fn X509_VERIFY_PARAM_set_flags , -.Fn X509_VERIFY_PARAM_set_purpose , -.Fn X509_VERIFY_PARAM_set_trust , -and -.Fn X509_VERIFY_PARAM_set_depth -on the verification parameter object contained in the -.Fa store . -.Pp -.Fn X509_STORE_add_cert -and -.Fn X509_STORE_add_crl -add the certificate -.Fa x -or the certificate revocation list -.Fa crl -to the -.Fa store , -increasing its reference count by 1 in case of success. -Untrusted objects should not be added in this way. -.Pp -.Fn X509_STORE_get_ex_new_index , -.Fn X509_STORE_set_ex_data , -and -.Fn X509_STORE_get_ex_data -handle application specific data in -.Vt X509_STORE -objects. -Their usage is identical to that of -.Xr RSA_get_ex_new_index 3 , -.Xr RSA_set_ex_data 3 , -and -.Xr RSA_get_ex_data 3 . -.Sh RETURN VALUES -.Fn X509_STORE_set1_param , -.Fn X509_STORE_set_purpose , -.Fn X509_STORE_set_trust , -and -.Fn X509_STORE_set_ex_data -return 1 for success or 0 for failure. -.Pp -.Fn X509_STORE_set_flags -and -.Fn X509_STORE_set_depth -always return 1, indicating success. -.Pp -.Fn X509_STORE_add_cert -and -.Fn X509_STORE_add_crl -return 1 for success or 0 for failure. -For example, they fail if -.Fa x -or -.Fa crl -is a -.Dv NULL -pointer, if a certificate with the same subject name as -.Fa x -or a revocation list with the same issuer name as -.Fa crl -are already contained in the -.Fa store , -or if memory allocation fails. -.Pp -.Fn X509_STORE_get0_param -returns an internal pointer to the verification parameter object -contained in the -.Fa store , -.Fn X509_STORE_get0_objects -to the stack of certificates, revocation lists, and private keys. -The returned pointers must not be freed by the calling application. -.Pp -.Fn X509_STORE_get_ex_new_index -returns a new index or \-1 on failure. -.Pp -.Fn X509_STORE_get_ex_data -returns the application data or -.Dv NULL -on failure. -.Sh SEE ALSO -.Xr RSA_get_ex_new_index 3 , -.Xr SSL_set1_param 3 , -.Xr X509_LOOKUP_new 3 , -.Xr X509_OBJECT_get0_X509 3 , -.Xr X509_STORE_CTX_set0_param 3 , -.Xr X509_STORE_load_locations 3 , -.Xr X509_STORE_new 3 , -.Xr X509_VERIFY_PARAM_set_flags 3 -.Sh HISTORY -.Fn X509_STORE_add_cert -first appeared in SSLeay 0.8.0. -.Fn X509_STORE_add_crl -first appeared in SSLeay 0.9.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_STORE_set_flags , -.Fn X509_STORE_set_purpose , -and -.Fn X509_STORE_set_trust -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn X509_STORE_set1_param -and -.Fn X509_STORE_set_depth -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Pp -.Fn X509_STORE_get0_param , -.Fn X509_STORE_get0_objects , -.Fn X509_STORE_get_ex_new_index , -.Fn X509_STORE_set_ex_data , -and -.Fn X509_STORE_get_ex_data -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 deleted file mode 100644 index 59b1feff77..0000000000 --- a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ /dev/null @@ -1,126 +0,0 @@ -.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.10 2021/07/29 10:13:45 schwarze Exp $ -.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" selective merge up to: OpenSSL 315c47e0 Dec 1 14:22:16 2020 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2009 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 29 2021 $ -.Dt X509_STORE_SET_VERIFY_CB_FUNC 3 -.Os -.Sh NAME -.Nm X509_STORE_set_verify_cb , -.Nm X509_STORE_set_verify_cb_func , -.Nm X509_STORE_set_verify_func -.Nd set verification callback -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft void -.Fo X509_STORE_set_verify_cb -.Fa "X509_STORE *st" -.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" -.Fc -.Ft void -.Fo X509_STORE_set_verify_cb_func -.Fa "X509_STORE *st" -.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" -.Fc -.Ft void -.Fo X509_STORE_set_verify_func -.Fa "X509_STORE *st" -.Fa "int (*verify_func)(X509_STORE_CTX *ctx)" -.Fc -.Sh DESCRIPTION -.Fn X509_STORE_set_verify_cb -sets the verification callback of -.Sy ctx -to -.Sy verify_cb , -overwriting any existing callback. -.Pp -.Fn X509_STORE_set_verify_cb_func -also sets the verification callback but it is implemented as a macro. -.Pp -The verification callback from an -.Vt X509_STORE -is inherited by the corresponding -.Vt X509_STORE_CTX -structure when it is initialized. -This can be used to set the verification callback when the -.Vt X509_STORE_CTX -is otherwise inaccessible (for example during S/MIME verification). -.Pp -.Fn X509_STORE_set_verify_func -sets the final chain verification function for -.Fa st -to -.Fa verify_func . -Its purpose is to go through the chain of certificates and check -that all signatures are valid and that the current time is within -the limits of each certificate's first and last validity time. -The final chain verification function -must return 0 on failure and 1 on success. -If -.Fn X509_STORE_set_verify_func -is not called or called with -.Fa verify_func -set to a -.Dv NULL -pointer, the built-in default function is used. -.Sh SEE ALSO -.Xr X509_STORE_CTX_set_verify_cb 3 , -.Xr X509_STORE_new 3 -.Sh HISTORY -.Fn X509_STORE_set_verify_cb_func -and -.Fn X509_STORE_set_verify_func -first appeared in SSLeay 0.8.0 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_STORE_set_verify_cb -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/X509_TRUST_set.3 b/src/lib/libcrypto/man/X509_TRUST_set.3 deleted file mode 100644 index f363ead18b..0000000000 --- a/src/lib/libcrypto/man/X509_TRUST_set.3 +++ /dev/null @@ -1,286 +0,0 @@ -.\" $OpenBSD: X509_TRUST_set.3,v 1.1 2021/07/24 14:33:14 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 24 2021 $ -.Dt X509_TRUST_SET 3 -.Os -.Sh NAME -.Nm X509_TRUST_set , -.Nm X509_TRUST_get_by_id , -.Nm X509_TRUST_add , -.Nm X509_TRUST_get_count , -.Nm X509_TRUST_cleanup , -.Nm X509_TRUST_get0 , -.Nm X509_TRUST_get_trust , -.Nm X509_TRUST_get0_name , -.Nm X509_TRUST_get_flags -.Nd trust objects, indices, and identifiers -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_TRUST_set -.Fa "int *id_out" -.Fa "int id_in" -.Fc -.Ft int -.Fn X509_TRUST_get_by_id "int identifier" -.Ft int -.Fo X509_TRUST_add -.Fa "int identifier" -.Fa "int flags" -.Fa "int (*check_trust)(X509_TRUST *, X509 *, int)" -.Fa "const char *name" -.Fa "int arg1" -.Fa "void *arg2" -.Fc -.Ft int -.Fn X509_TRUST_get_count void -.Ft void -.Fn X509_TRUST_cleanup void -.Ft X509_TRUST * -.Fn X509_TRUST_get0 "int index" -.Ft int -.Fn X509_TRUST_get_trust "const X509_TRUST *object" -.Ft char * -.Fn X509_TRUST_get0_name "const X509_TRUST *object" -.Ft int -.Fn X509_TRUST_get_flags "const X509_TRUST *object" -.Sh DESCRIPTION -The purposes that an X.509 certificate is trusted for -can be identified in three equivalent ways: -.Bl -enum -.It -By trust identifiers, which are positive integer constants. -Standard trust identifiers lie in the range from -.Dv X509_TRUST_MIN -to -.Dv X509_TRUST_MAX , -inclusive. -User defined trust identifiers are larger than -.Dv X509_TRUST_MAX . -.It -By trust indices, which are non-negative integer constants but -differ from the trust identifiers expressing the same kind of trust. -Standard trust indices are smaller than -.Dv X509_TRUST_MAX . -User defined trust indices are larger than or equal to -.Dv X509_TRUST_MAX . -.It -By trust objects of the type -.Vt X509_TRUST . -Standard trust objects are available in static storage. -User defined trust objects can be created with -.Fn X509_TRUST_add . -.El -.Pp -Application programmers cannot choose the way to identify kinds of trust -that they like best; depending on the circumstances, all three ways -are needed. -Be warned that the naming of most functions is misleading. -.Pp -Most API functions documented outside the present manual page -use trust identifiers rather than trust indices. -.Pp -ASN.1 object identifiers and NIDs provide a fourth and a fifth way -to identify purposes that a certificate is trusted for. -These are almost, but not exactly, equivalent -to the three ways listed above; see the -.Xr X509_check_trust 3 -manual for details. -.Ss Using trust identifiers -.Fn X509_TRUST_set -validates the trust identifier -.Fa id_in . -If it is valid, it is copied to -.Pf * Fa id_out . -Otherwise, -.Pf * Fa id_out -remains unchanged. -.Pp -.Fn X509_TRUST_get_by_id -converts the trust -.Fa identifier -to the corresponding trust -.Fa index . -To find the corresponding trust object, pass the result to -.Fn X509_TRUST_get0 . -.Pp -.Fn X509_TRUST_add -defines a purpose certificates can be trusted for with the given -.Fa identifier -or modifies its properties if it already exists. -The trust -.Fa identifier , -the -.Fa flags , -the -.Fa check_trust -function, the -.Fa name , -the number -.Fa arg1 , -and the pointer -.Fa arg2 -are copied into the -.Vt X509_TRUST -object. -When modifying an existing trust object, previous -values of fields are overwritten and a previous -.Fa name -string is freed if it was dynamically allocated. -When creating a new trust object, -it is added to the global array of user-defined trust objects. -.Pp -.Dv X509_TRUST_DYNAMIC -and -.Dv X509_TRUST_DYNAMIC_NAME -are always ignored in the -.Fa flags -argument. -.Dv X509_TRUST_DYNAMIC -is automatically set if the object was created by the user. -It is never set for standard objects, -not even if they were modified by the user. -.Dv X509_trust_DYNAMIC_NAME -is automatically set if the object was created or modified by the user. -It is only unset for unmodified standard objects. -The library does not appear to define any other flags, -so the flags argument is probably useless -unless users define their own flags and use them in the -.Fa check_trust -function. -.Pp -The third and final argument of the -.Fa check_trust -function is the -.Fa flags -argument of -.Fn X509_check_trust . -.Pp -The built-in trust checking functions documented in the -.Xr X509_check_trust 3 -manual page use -.Fa arg1 -as the corresponding ASN.1 object NID and ignore -.Fa arg2 -and -.Fa flags , -but a user-supplied -.Fa check_trust -function can use these fields in any arbitrary way. -.Pp -.Fn X509_TRUST_get_count -returns the total number of trust objects currently existing, -including both standard and user-defined objects. -If no user-defined objects exist, the returned value is -.Dv X509_TRUST_MAX . -.Pp -.Fn X509_TRUST_cleanup -deletes all user-defined trust objects -and invalidates their trust identifiers and trust indices. -If any of the standard trust objects were modified by the user, -those changes are -.Em not -reverted. -.Ss Using trust indices -.Fn X509_TRUST_get0 -converts the trust -.Fa index -to a pointer to the corresponding trust object. -To find the corresponding trust identifier, pass the result to -.Fn X509_TRUST_get_trust . -.Ss Using trust objects -.Fn X509_TRUST_get_trust -converts a pointer to a trust -.Fa object -to the corresponding trust identifier. -To find the corresponding trust index, pass the result to -.Fn X509_TRUST_get_by_id . -.Pp -.Fn X509_TRUST_get0_name -and -.Fn X509_TRUST_get_flags -retrieve the name and flags from the -.Fa object , -respectively. -.Sh RETURN VALUES -.Fn X509_TRUST_set -returns 1 if -.Fa id_in -is valid or 0 otherwise. -.Pp -.Fn X509_TRUST_get_by_id -returns the corresponding trust index or -1 if the -.Fa identifier -is invalid. -.Pp -.Fn X509_TRUST_add -returns 1 for success or 0 for failure. -.Pp -.Fn X509_TRUST_get_count -returns the total number of trust objects currently existing. -.Pp -.Fn X509_TRUST_get0 -returns a standard or user-defined trust object or -.Dv NULL -if the -.Fa index -is invalid. -.Pp -.Fn X509_TRUST_get_trust -always returns a valid trust identifier. -.Pp -.Fn X509_TRUST_get0_name -returns a pointer to storage owned by the -.Fa object . -.Pp -.Fn X509_TRUST_get_flags -returns the flags associated with the -.Fa object . -.Sh ERRORS -The following diagnostics can be retrieved with -.Xr ERR_get_error 3 , -.Xr ERR_GET_REASON 3 , -and -.Xr ERR_reason_error_string 3 : -.Bl -tag -width Ds -.It Dv X509_R_INVALID_TRUST Qq "invalid trust" -.Fn X509_TRUST_set -was called with an invalid -.Fa id_in -argument. -.It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure" -.Fn X509_TRUST_add -failed to allocate memory. -.El -.Pp -The other functions provide no diagnostics. -.Sh SEE ALSO -.Xr X509_check_trust 3 , -.Xr X509_new 3 , -.Xr X509_PURPOSE_set 3 , -.Xr X509_VERIFY_PARAM_set_trust 3 -.Sh HISTORY -.Fn X509_TRUST_set -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . -.Pp -The other functions first appeared in OpenSSL 0.9.5 -and have been available since -.Ox 2.7 . -.Sh CAVEATS -The difference between trust identifiers and trust indices -provides an ideal breeding ground for off-by-one bugs. diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 deleted file mode 100644 index ea3c867b8b..0000000000 --- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ /dev/null @@ -1,756 +0,0 @@ -.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.17 2021/07/23 16:43:56 schwarze Exp $ -.\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500 -.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2018, 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson -.\" and Viktor Dukhovni . -.\" Copyright (c) 2009, 2013, 2014, 2015, 2016, 2017 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 23 2021 $ -.Dt X509_VERIFY_PARAM_SET_FLAGS 3 -.Os -.Sh NAME -.Nm X509_VERIFY_PARAM_new , -.Nm X509_VERIFY_PARAM_free , -.Nm X509_VERIFY_PARAM_get0_name , -.Nm X509_VERIFY_PARAM_set1_name , -.Nm X509_VERIFY_PARAM_set_flags , -.Nm X509_VERIFY_PARAM_clear_flags , -.Nm X509_VERIFY_PARAM_get_flags , -.Nm X509_VERIFY_PARAM_set_purpose , -.Nm X509_VERIFY_PARAM_set_trust , -.Nm X509_VERIFY_PARAM_set_time , -.Nm X509_VERIFY_PARAM_add0_policy , -.Nm X509_VERIFY_PARAM_set1_policies , -.Nm X509_VERIFY_PARAM_set_depth , -.Nm X509_VERIFY_PARAM_get_depth , -.Nm X509_VERIFY_PARAM_set1_host , -.Nm X509_VERIFY_PARAM_add1_host , -.Nm X509_VERIFY_PARAM_set_hostflags , -.Nm X509_VERIFY_PARAM_get0_peername , -.Nm X509_VERIFY_PARAM_set1_email , -.Nm X509_VERIFY_PARAM_set1_ip , -.Nm X509_VERIFY_PARAM_set1_ip_asc , -.Nm X509_VERIFY_PARAM_add0_table , -.Nm X509_VERIFY_PARAM_lookup , -.Nm X509_VERIFY_PARAM_get_count , -.Nm X509_VERIFY_PARAM_get0 , -.Nm X509_VERIFY_PARAM_table_cleanup -.Nd X509 verification parameters -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft X509_VERIFY_PARAM * -.Fo X509_VERIFY_PARAM_new -.Fa void -.Fc -.Ft void -.Fo X509_VERIFY_PARAM_free -.Fa "X509_VERIFY_PARAM *param" -.Fc -.Ft const char * -.Fo X509_VERIFY_PARAM_get0_name -.Fa "const X509_VERIFY_PARAM *param" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_set1_name -.Fa "X509_VERIFY_PARAM *param" -.Fa "const char *name" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_set_flags -.Fa "X509_VERIFY_PARAM *param" -.Fa "unsigned long flags" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_clear_flags -.Fa "X509_VERIFY_PARAM *param" -.Fa "unsigned long flags" -.Fc -.Ft unsigned long -.Fo X509_VERIFY_PARAM_get_flags -.Fa "X509_VERIFY_PARAM *param" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_set_purpose -.Fa "X509_VERIFY_PARAM *param" -.Fa "int purpose" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_set_trust -.Fa "X509_VERIFY_PARAM *param" -.Fa "int trust" -.Fc -.Ft void -.Fo X509_VERIFY_PARAM_set_time -.Fa "X509_VERIFY_PARAM *param" -.Fa "time_t t" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_add0_policy -.Fa "X509_VERIFY_PARAM *param" -.Fa "ASN1_OBJECT *policy" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_set1_policies -.Fa "X509_VERIFY_PARAM *param" -.Fa "STACK_OF(ASN1_OBJECT) *policies" -.Fc -.Ft void -.Fo X509_VERIFY_PARAM_set_depth -.Fa "X509_VERIFY_PARAM *param" -.Fa "int depth" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_get_depth -.Fa "const X509_VERIFY_PARAM *param" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_set1_host -.Fa "X509_VERIFY_PARAM *param" -.Fa "const char *name" -.Fa "size_t namelen" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_add1_host -.Fa "X509_VERIFY_PARAM *param" -.Fa "const char *name" -.Fa "size_t namelen" -.Fc -.Ft void -.Fo X509_VERIFY_PARAM_set_hostflags -.Fa "X509_VERIFY_PARAM *param" -.Fa "unsigned int flags" -.Fc -.Ft char * -.Fo X509_VERIFY_PARAM_get0_peername -.Fa "X509_VERIFY_PARAM *param" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_set1_email -.Fa "X509_VERIFY_PARAM *param" -.Fa "const char *email" -.Fa "size_t emaillen" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_set1_ip -.Fa "X509_VERIFY_PARAM *param" -.Fa "const unsigned char *ip" -.Fa "size_t iplen" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_set1_ip_asc -.Fa "X509_VERIFY_PARAM *param" -.Fa "const char *ipasc" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_add0_table -.Fa "X509_VERIFY_PARAM *param" -.Fc -.Ft const X509_VERIFY_PARAM * -.Fo X509_VERIFY_PARAM_lookup -.Fa "const char *name" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_get_count -.Fa void -.Fc -.Ft const X509_VERIFY_PARAM * -.Fo X509_VERIFY_PARAM_get0 -.Fa "int id" -.Fc -.Ft void -.Fo X509_VERIFY_PARAM_table_cleanup -.Fa void -.Fc -.Sh DESCRIPTION -These functions manipulate an -.Vt X509_VERIFY_PARAM -object associated with a certificate verification operation. -.Pp -.Fn X509_VERIFY_PARAM_new -allocates and initializes an empty -.Vt X509_VERIFY_PARAM -object. -.Pp -.Fn X509_VERIFY_PARAM_free -clears all data contained in -.Fa param -and releases all memory used by it. -If -.Fa param -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn X509_VERIFY_PARAM_get0_name -returns the name of the given -.Fa param -object, usually describing its purpose, for example -.Qq default , -.Qq pkcs7 , -.Qq smime_sign , -.Qq ssl_client , -or -.Qq ssl_server . -For user-defined objects, the returned pointer may be -.Dv NULL -even if the object is otherwise valid. -.Pp -.Fn X509_VERIFY_PARAM_set1_name -sets the name of -.Fa param -to a copy of -.Fa name , -or to -.Dv NULL -if -.Fa name -is -.Dv NULL . -.Pp -.Fn X509_VERIFY_PARAM_set_flags -sets the flags in -.Fa param -by OR'ing it with -.Fa flags . -See the -.Sx VERIFICATION FLAGS -section for a complete description of values the -.Fa flags -parameter can take. -.Pp -.Fn X509_VERIFY_PARAM_get_flags -returns the flags in -.Fa param . -.Pp -.Fn X509_VERIFY_PARAM_clear_flags -clears the flags -.Fa flags -in -.Fa param . -.Pp -.Fn X509_VERIFY_PARAM_set_purpose -sets the verification -.Fa purpose -identifier in -.Fa param . -This determines the acceptable purpose of the certificate chain, for example -.Dv X509_PURPOSE_SSL_CLIENT -or -.Dv X509_PURPOSE_SSL_SERVER . -Standard purposes are listed in -.Xr X509_check_purpose 3 , -and additional purposes can be defined with -.Xr X509_PURPOSE_add 3 . -.Pp -.Fn X509_VERIFY_PARAM_set_trust -sets the trust setting in -.Fa param -to -.Fa trust . -.Pp -.Fn X509_VERIFY_PARAM_set_time -sets the verification time in -.Fa param -to -.Fa t . -Normally the current time is used. -.Pp -.Fn X509_VERIFY_PARAM_add0_policy -enables policy checking (it is disabled by default) and adds -.Fa policy -to the acceptable policy set. -.Pp -.Fn X509_VERIFY_PARAM_set1_policies -enables policy checking (it is disabled by default) and sets the -acceptable policy set to -.Fa policies . -Any existing policy set is cleared. -The -.Fa policies -parameter can be -.Dv NULL -to clear an existing policy set. -.Pp -.Fn X509_VERIFY_PARAM_set_depth -sets the maximum verification depth to -.Fa depth . -That is the maximum number of untrusted CA certificates that can appear -in a chain. -.Pp -.Fn X509_VERIFY_PARAM_set1_host -sets the expected DNS hostname to -.Fa name -clearing any previously specified hostname or names. -If -.Fa name -is -.Dv NULL -or empty, the list of hostnames is cleared, and name checks are not -performed on the peer certificate. -.Fa namelen -should be set to the length of -.Fa name . -For historical compatibility, if -.Fa name -is NUL-terminated, -.Fa namelen -may be specified as zero. -When a hostname is specified, certificate verification automatically -invokes -.Xr X509_check_host 3 -with flags equal to the -.Fa flags -argument given to -.Fn X509_VERIFY_PARAM_set_hostflags -(default zero). -.Fn X509_VERIFY_PARAM_set1_host -will fail if -.Fa name -contains any embedded 0 bytes. -.Pp -.Fn X509_VERIFY_PARAM_add1_host -adds -.Fa name -as an additional reference identifier that can match the peer's -certificate. -Any previous names set via -.Fn X509_VERIFY_PARAM_set1_host -and -.Fn X509_VERIFY_PARAM_add1_host -are retained. -No change is made if -.Fa name -is -.Dv NULL -or empty. -.Fa namelen -should be set to the length of -.Fa name . -For historical compatibility, if -.Fa name -is NUL-terminated, -.Fa namelen -may be specified as zero. -.Fn X509_VERIFY_PARAM_add1_host -will fail if -.Fa name -contains any embedded 0 bytes. -When multiple names are configured, the peer is considered verified when -any name matches. -.Pp -.Fn X509_VERIFY_PARAM_get0_peername -returns the DNS hostname or subject CommonName from the peer certificate -that matched one of the reference identifiers. -When wildcard matching is not disabled, or when a reference identifier -specifies a parent domain (starts with ".") rather than a hostname, the -peer name may be a wildcard name or a sub-domain of the reference -identifier respectively. -.Pp -.Fn X509_VERIFY_PARAM_set1_email -sets the expected RFC 822 email address to -.Fa email . -.Fa emaillen -should be set to the length of -.Fa email . -For historical compatibility, if -.Fa email -is NUL-terminated, -.Fa emaillen -may be specified as zero, -.Fn X509_VERIFY_PARAM_set1_email -will fail if -.Fa email -is NULL, an empty string, or contains embedded 0 bytes. -When an email address is specified, certificate verification -automatically invokes -.Xr X509_check_email 3 . -.Pp -.Fn X509_VERIFY_PARAM_set1_ip -sets the expected IP address to -.Fa ip . -The -.Fa ip -argument is in binary format, in network byte-order, and -.Fa iplen -must be set to 4 for IPv4 and 16 for IPv6. -.Fn X509_VERIFY_PARAM_set1_ip -will fail if -.Fa ip -is NULL or if -.Fa iplen -is not 4 or 16. -When an IP address is specified, -certificate verification automatically invokes -.Xr X509_check_ip 3 . -.Pp -.Fn X509_VERIFY_PARAM_set1_ip_asc -sets the expected IP address to -.Fa ipasc . -The -.Fa ipasc -argument is a NUL-terminal ASCII string: -dotted decimal quad for IPv4 and colon-separated hexadecimal for IPv6. -The condensed "::" notation is supported for IPv6 addresses. -.Fn X509_VERIFY_PARAM_set1_ip_asc -will fail if -.Fa ipasc -is unparsable. -.Pp -.Fn X509_VERIFY_PARAM_add0_table -adds -.Fa param -to a static list of -.Vt X509_VERIFY_PARAM -objects maintained by the library. -This function is extremely dangerous because contrary to the name -of the function, if the list already contains an object that happens -to have the same name, that old object is not only silently removed -from the list, but also silently freed, which may silently invalidate -various pointers existing elsewhere in the program. -.Pp -.Fn X509_VERIFY_PARAM_lookup -searches this list for an object of the given -.Fa name . -If no match is found, the predefined objects built-in to the library -are also inspected. -.Pp -.Fn X509_VERIFY_PARAM_get_count -returns the sum of the number of objects on this list and the number -of predefined objects built-in to the library. -Note that this is not necessarily the total number of -.Vt X509_VERIFY_PARAM -objects existing in the program because there may be additional such -objects that were never added to the list. -.Pp -.Fn X509_VERIFY_PARAM_get0 -accesses predefined and user-defined objects using -.Fa id -as an index, useful for looping over objects without knowing their names. -An argument less than the number of predefined objects selects -one of the predefined objects; a higher argument selects an object -from the list. -.Pp -.Fn X509_VERIFY_PARAM_table_cleanup -deletes all objects from this list. -It is extremely dangerous because it also invalidates all data that -was contained in all objects that were on the list and because it -frees all these objects, which may invalidate various pointers -existing elsewhere in the program. -.Sh RETURN VALUES -.Fn X509_VERIFY_PARAM_new -returns a pointer to the new object, or -.Dv NULL -on allocation failure. -.Pp -.Fn X509_VERIFY_PARAM_set1_name , -.Fn X509_VERIFY_PARAM_set_flags , -.Fn X509_VERIFY_PARAM_clear_flags , -.Fn X509_VERIFY_PARAM_set_purpose , -.Fn X509_VERIFY_PARAM_set_trust , -.Fn X509_VERIFY_PARAM_add0_policy , -.Fn X509_VERIFY_PARAM_set1_policies , -and -.Fn X509_VERIFY_PARAM_add0_table -return 1 for success or 0 for failure. -.Pp -.Fn X509_VERIFY_PARAM_set1_host , -.Fn X509_VERIFY_PARAM_add1_host , -.Fn X509_VERIFY_PARAM_set1_email , -.Fn X509_VERIFY_PARAM_set1_ip , -and -.Fn X509_VERIFY_PARAM_set1_ip_asc , -return 1 for success or 0 for failure. -A failure from these routines will poison -the -.Vt X509_VERIFY_PARAM -object so that future calls to -.Xr X509_verify_cert 3 -using the poisoned object will fail. -.Pp -.Fn X509_VERIFY_PARAM_get_flags -returns the current verification flags. -.Pp -.Fn X509_VERIFY_PARAM_get_depth -returns the current verification depth. -.Pp -.Fn X509_VERIFY_PARAM_get0_name -and -.Fn X509_VERIFY_PARAM_get0_peername -return pointers to strings that are only valid -during the lifetime of the given -.Fa param -object and that must not be freed by the application program. -.Pp -.Fn X509_VERIFY_PARAM_lookup -and -.Fn X509_VERIFY_PARAM_get0 -return a pointer to an existing built-in or user-defined object, or -.Dv NULL -if no object with the given -.Fa name -is found, or if -.Fa id -is at least -.Fn X509_VERIFY_PARAM_get_count . -.Pp -.Fn X509_VERIFY_PARAM_get_count -returns a number of objects. -.Sh VERIFICATION FLAGS -The verification flags consists of zero or more of the following -flags OR'ed together. -.Pp -.Dv X509_V_FLAG_CRL_CHECK -enables CRL checking for the certificate chain leaf certificate. -An error occurs if a suitable CRL cannot be found. -.Pp -.Dv X509_V_FLAG_CRL_CHECK_ALL -enables CRL checking for the entire certificate chain. -.Pp -.Dv X509_V_FLAG_IGNORE_CRITICAL -disables critical extension checking. -By default any unhandled critical extensions in certificates or (if -checked) CRLs results in a fatal error. -If this flag is set unhandled critical extensions are ignored. -.Sy WARNING : -setting this option for anything other than debugging purposes can be a -security risk. -Finer control over which extensions are supported can be performed in -the verification callback. -.Pp -The -.Dv X509_V_FLAG_X509_STRICT -flag disables workarounds for some broken certificates and makes the -verification strictly apply X509 rules. -.Pp -.Dv X509_V_FLAG_ALLOW_PROXY_CERTS -enables proxy certificate verification. -.Pp -.Dv X509_V_FLAG_POLICY_CHECK -enables certificate policy checking; by default no policy checking is -performed. -Additional information is sent to the verification callback relating to -policy checking. -.Pp -.Dv X509_V_FLAG_EXPLICIT_POLICY , -.Dv X509_V_FLAG_INHIBIT_ANY , -and -.Dv X509_V_FLAG_INHIBIT_MAP -set the -.Dq require explicit policy , -.Dq inhibit any policy , -and -.Dq inhibit policy mapping -flags, respectively, as defined in RFC 3280. -Policy checking is automatically enabled if any of these flags are set. -.Pp -If -.Dv X509_V_FLAG_NOTIFY_POLICY -is set and the policy checking is successful a special status code is -set to the verification callback. -This permits it to examine the valid policy tree and perform additional -checks or simply log it for debugging purposes. -.Pp -By default some additional features such as indirect CRLs and CRLs -signed by different keys are disabled. -If -.Dv X509_V_FLAG_EXTENDED_CRL_SUPPORT -is set they are enabled. -.Pp -If -.Dv X509_V_FLAG_USE_DELTAS -is set, delta CRLs (if present) are used to determine certificate -status. -If not set, deltas are ignored. -.Pp -.Dv X509_V_FLAG_CHECK_SS_SIGNATURE -enables checking of the root CA self signed certificate signature. -By default this check is disabled because it doesn't add any additional -security but in some cases applications might want to check the -signature anyway. -A side effect of not checking the root CA signature is that disabled or -unsupported message digests on the root CA are not treated as fatal -errors. -.Pp -The -.Dv X509_V_FLAG_CB_ISSUER_CHECK -flag enables debugging of certificate issuer checks. -It is -.Sy not -needed unless you are logging certificate verification. -If this flag is set then additional status codes will be sent to the -verification callback and it -.Sy must -be prepared to handle such cases without assuming they are hard errors. -.Pp -When -.Dv X509_V_FLAG_TRUSTED_FIRST -is set, construction of the certificate chain in -.Xr X509_verify_cert 3 -will search the trust store for issuer certificates before searching the -provided untrusted certificates. -Local issuer certificates are often more likely to satisfy local -security requirements and lead to a locally trusted root. -This is especially important when some certificates in the trust store -have explicit trust settings; see the trust settings options of the -.Cm x509 -command in -.Xr openssl 1 . -.Pp -The -.Dv X509_V_FLAG_NO_ALT_CHAINS -flag suppresses checking for alternative chains. -By default, unless -.Dv X509_V_FLAG_TRUSTED_FIRST -is set, when building a certificate chain, if the first certificate -chain found is not trusted, then OpenSSL will attempt to replace -untrusted certificates supplied by the peer with certificates from the -trust store to see if an alternative chain can be found that is trusted. -.Pp -The -.Dv X509_V_FLAG_PARTIAL_CHAIN -flag causes intermediate certificates in the trust store to be treated -as trust-anchors, in the same way as the self-signed root CA -certificates. -This makes it possible to trust certificates issued by an intermediate -CA without having to trust its ancestor root CA. -.Pp -The -.Dv X509_V_FLAG_NO_CHECK_TIME -flag suppresses checking the validity period of certificates and CRLs -against the current time. -If -.Fn X509_VERIFY_PARAM_set_time -is used to specify a verification time, the check is not suppressed. -.Sh EXAMPLES -Enable CRL checking when performing certificate verification during -SSL connections associated with an -.Vt SSL_CTX -structure -.Fa ctx : -.Bd -literal -offset indent -X509_VERIFY_PARAM *param; - -param = X509_VERIFY_PARAM_new(); -X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); -SSL_CTX_set1_param(ctx, param); -X509_VERIFY_PARAM_free(param); -.Ed -.Sh SEE ALSO -.Xr SSL_set1_host 3 , -.Xr SSL_set1_param 3 , -.Xr X509_check_host 3 , -.Xr X509_STORE_CTX_set0_param 3 , -.Xr X509_STORE_set1_param 3 , -.Xr X509_verify_cert 3 -.Sh HISTORY -.Fn X509_VERIFY_PARAM_new , -.Fn X509_VERIFY_PARAM_free , -.Fn X509_VERIFY_PARAM_set1_name , -.Fn X509_VERIFY_PARAM_set_flags , -.Fn X509_VERIFY_PARAM_set_purpose , -.Fn X509_VERIFY_PARAM_set_trust , -.Fn X509_VERIFY_PARAM_set_time , -.Fn X509_VERIFY_PARAM_add0_policy , -.Fn X509_VERIFY_PARAM_set1_policies , -.Fn X509_VERIFY_PARAM_set_depth , -.Fn X509_VERIFY_PARAM_get_depth , -.Fn X509_VERIFY_PARAM_add0_table , -.Fn X509_VERIFY_PARAM_lookup , -and -.Fn X509_VERIFY_PARAM_table_cleanup -first appeared in OpenSSL 0.9.8. -.Fn X509_VERIFY_PARAM_clear_flags -and -.Fn X509_VERIFY_PARAM_get_flags -first appeared in OpenSSL 0.9.8a. -All these functions have been available since -.Ox 4.5 . -.Pp -.Fn X509_VERIFY_PARAM_get0_name -.Fn X509_VERIFY_PARAM_set1_host , -.Fn X509_VERIFY_PARAM_add1_host , -.Fn X509_VERIFY_PARAM_set_hostflags , -.Fn X509_VERIFY_PARAM_get0_peername , -.Fn X509_VERIFY_PARAM_set1_email , -.Fn X509_VERIFY_PARAM_set1_ip , -.Fn X509_VERIFY_PARAM_set1_ip_asc , -.Fn X509_VERIFY_PARAM_get_count , -and -.Fn X509_VERIFY_PARAM_get0 -first appeared in OpenSSL 1.0.2 and have been available since -.Ox 6.3 . -.Sh BUGS -Delta CRL checking is currently primitive. -Only a single delta can be used and (partly due to limitations of -.Vt X509_STORE ) -constructed CRLs are not maintained. -.Pp -If CRLs checking is enabled, CRLs are expected to be available in -the corresponding -.Vt X509_STORE -structure. -No attempt is made to download CRLs from the CRL distribution points -extension. diff --git a/src/lib/libcrypto/man/X509_add1_trust_object.3 b/src/lib/libcrypto/man/X509_add1_trust_object.3 deleted file mode 100644 index e1e3824208..0000000000 --- a/src/lib/libcrypto/man/X509_add1_trust_object.3 +++ /dev/null @@ -1,100 +0,0 @@ -.\" $OpenBSD: X509_add1_trust_object.3,v 1.3 2021/07/24 14:33:14 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 24 2021 $ -.Dt X509_ADD1_TRUST_OBJECT 3 -.Os -.Sh NAME -.Nm X509_add1_trust_object , -.Nm X509_trust_clear , -.Nm X509_add1_reject_object , -.Nm X509_reject_clear -.Nd mark an X.509 certificate as intended for a specific purpose -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_add1_trust_object -.Fa "X509 *x" -.Fa "const ASN1_OBJECT *purpose" -.Fc -.Ft void -.Fo X509_trust_clear -.Fa "X509 *x" -.Fc -.Ft int -.Fo X509_add1_reject_object -.Fa "X509 *x" -.Fa "const ASN1_OBJECT *purpose" -.Fc -.Ft void -.Fo X509_reject_clear -.Fa "X509 *x" -.Fc -.Sh DESCRIPTION -.Fn X509_add1_trust_object -appends a deep copy of the -.Fa purpose -object to the set of intended purposes that -.Fa x -contains as non-standard auxiliary data. -The function -.Xr OBJ_nid2obj 3 -can be used to create appropriate purpose objects from the -.Dv NID_* -constants mentioned in -.Xr X509_check_purpose 3 , -even though the -.Dv X509_PURPOSE_* -constants listed in that manual page are not intended for use with -.Fn X509_add1_trust_object . -.Pp -.Fn X509_trust_clear -frees and removes all purpose objects from the set of intended -purposes in the non-standard auxiliary data of -.Fa x . -.Pp -.Fn X509_add1_reject_object -and -.Fn X509_reject_clear -are similar except that they operate on a set of unintended purposes. -.Pp -As an alternative to using the functions documented in the present -manual page, X.509 certificate extensions can be used. -At the price of higher complexity, those allow storing the purpose -inside the certificate itself in a standard-conforming way rather than -merely in non-standard auxiliary data associated with the certificate. -See -.Xr EXTENDED_KEY_USAGE_new 3 -for details. -.Sh RETURN VALUES -.Fn X509_add1_trust_object -and -.Fn X509_add1_reject_object -return the new number of purposes in the respective set -or 0 if an error occurs, in particular if memory -allocation fails or if -.Fa x -does not contain a sub-object that can hold non-standard auxiliary data. -.Sh SEE ALSO -.Xr ASN1_OBJECT_new 3 , -.Xr EXTENDED_KEY_USAGE_new 3 , -.Xr OBJ_nid2obj 3 , -.Xr X509_CERT_AUX_new 3 , -.Xr X509_check_trust 3 , -.Xr X509_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.4 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/X509_check_ca.3 b/src/lib/libcrypto/man/X509_check_ca.3 deleted file mode 100644 index 70b0d20ff6..0000000000 --- a/src/lib/libcrypto/man/X509_check_ca.3 +++ /dev/null @@ -1,100 +0,0 @@ -.\" $OpenBSD: X509_check_ca.3,v 1.5 2019/06/06 01:06:59 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Victor B. Wagner . -.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt X509_CHECK_CA 3 -.Os -.Sh NAME -.Nm X509_check_ca -.Nd check whether a certificate is a CA certificate -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft int -.Fo X509_check_ca -.Fa "X509 *cert" -.Fc -.Sh DESCRIPTION -This function checks whether the given certificate is a CA certificate, -that is, whether it can be used to sign other certificates. -.Sh RETURN VALUES -This functions returns non-zero if -.Fa cert -is a CA certificate or 0 otherwise. -.Pp -The following return values identify specific kinds of CA certificates: -.Bl -tag -width 2n -.It 1 -an X.509 v3 CA certificate with -.Sy basicConstraints -extension CA:TRUE -.It 3 -a self-signed X.509 v1 certificate -.It 4 -a certificate with -.Sy keyUsage -extension with bit -.Sy keyCertSign -set, but without -.Sy basicConstraints -.It 5 -a certificate with an outdated Netscape Certificate Type extension telling -that it is a CA certificate -.El -.Sh SEE ALSO -.Xr BASIC_CONSTRAINTS_new 3 , -.Xr EXTENDED_KEY_USAGE_new 3 , -.Xr X509_check_issued 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 , -.Xr X509_verify_cert 3 -.Sh HISTORY -.Fn X509_check_ca -first appeared in OpenSSL 0.9.7f and has been available since -.Ox 3.8 . diff --git a/src/lib/libcrypto/man/X509_check_host.3 b/src/lib/libcrypto/man/X509_check_host.3 deleted file mode 100644 index dbc56c0d21..0000000000 --- a/src/lib/libcrypto/man/X509_check_host.3 +++ /dev/null @@ -1,246 +0,0 @@ -.\" $OpenBSD: X509_check_host.3,v 1.6 2020/09/17 08:04:22 schwarze Exp $ -.\" full merge up to: OpenSSL a09e4d24 Jun 12 01:56:31 2014 -0400 -.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 -.\" -.\" This file was written by Florian Weimer and -.\" Viktor Dukhovni . -.\" Copyright (c) 2012, 2014, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 17 2020 $ -.Dt X509_CHECK_HOST 3 -.Os -.Sh NAME -.Nm X509_check_host , -.Nm X509_check_email , -.Nm X509_check_ip , -.Nm X509_check_ip_asc -.Nd X.509 certificate matching -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft int -.Fo X509_check_host -.Fa "X509 *x" -.Fa "const char *name" -.Fa "size_t namelen" -.Fa "unsigned int flags" -.Fa "char **peername" -.Fc -.Ft int -.Fo X509_check_email -.Fa "X509 *x" -.Fa "const char *address" -.Fa "size_t addresslen" -.Fa "unsigned int flags" -.Fc -.Ft int -.Fo X509_check_ip -.Fa "X509 *x" -.Fa "const unsigned char *address" -.Fa "size_t addresslen" -.Fa "unsigned int flags" -.Fc -.Ft int -.Fo X509_check_ip_asc -.Fa "X509 *x" -.Fa "const char *address" -.Fa "unsigned int flags" -.Fc -.Sh DESCRIPTION -The certificate matching functions are used to check whether a -certificate matches a given hostname, email address, or IP address. -The validity of the certificate and its trust level has to be checked by -other means. -.Pp -.Fn X509_check_host -checks if the certificate Subject Alternative Name (SAN) or Subject -CommonName (CN) matches the specified hostname, which must be encoded -in the preferred name syntax described in section 3.5 of RFC 1034. -By default, wildcards are supported and they match only in the -left-most label; they may match part of that label with an -explicit prefix or suffix. -For example, by default, the host -.Fa name -.Qq www.example.com -would match a certificate with a SAN or CN value of -.Qq *.example.com , -.Qq w*.example.com -or -.Qq *w.example.com . -.Pp -Per section 6.4.2 of RFC 6125, -.Fa name -values representing international domain names must be given in A-label -form. -The -.Fa namelen -argument must be the number of characters in the name string or zero, in -which case the length is calculated with -.Fn strlen name . -When -.Fa name -starts with a dot (e.g.\& -.Qq .example.com ) , -it will be matched by a certificate valid for any sub-domain of -.Fa name ; -see also -.Fa X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS -below. -.Pp -When the certificate is matched and -.Fa peername -is not -.Dv NULL , -a pointer to a copy of the matching SAN or CN from the peer -certificate is stored at the address passed in -.Fa peername . -The application is responsible for freeing the peername via -.Xr free 3 -when it is no longer needed. -.Pp -.Fn X509_check_email -checks if the certificate matches the specified email -.Fa address . -Only the mailbox syntax of RFC 822 is supported. -Comments are not allowed, -and no attempt is made to normalize quoted characters. -The -.Fa addresslen -argument must be the number of characters in the address string or zero, -in which case the length is calculated with -.Fn strlen address . -.Pp -.Fn X509_check_ip -checks if the certificate matches a specified IPv4 or IPv6 address. -The -.Fa address -array is in binary format, in network byte order. -The length is either 4 (IPv4) or 16 (IPv6). -Only explicitly marked addresses in the certificates are considered; -IP addresses stored in DNS names and Common Names are ignored. -.Pp -.Fn X509_check_ip_asc -is similar, except that the NUL-terminated string -.Fa address -is first converted to the internal representation. -.Pp -The -.Fa flags -argument is usually 0, but it can be the bitwise OR of the following -flags. -.Pp -The -.Dv X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT -flag causes the function to consider the subject DN even if the -certificate contains at least one subject alternative name of the right -type (DNS name or email address as appropriate); the default is to -ignore the subject DN when at least one corresponding subject -alternative names is present. -.Pp -The remaining flags are only meaningful for -.Fn X509_check_host . -.Pp -The -.Dv X509_CHECK_FLAG_NO_WILDCARDS -flag disables wildcard expansion. -.Pp -The -.Dv X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS -flag suppresses support for -.Qq * -as a wildcard pattern in labels that have a -prefix or suffix, such as -.Qq www* -or -.Qq *www . -.Pp -The -.Dv X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS -flag allows a -.Qq * -that constitutes the complete label of a DNS name (e.g.\& -.Qq *.example.com ) -to match more than one label in -.Fa name . -.Pp -The -.Dv X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS -flag restricts -.Fa name -values which start with -.Qq \&. , -that would otherwise match any sub-domain in the peer certificate, -to only match direct child sub-domains. -Thus, for instance, with this flag set a -.Fa name -of -.Qq .example.com -would match a peer certificate with a DNS name of -.Qq www.example.com , -but would not match a peer certificate with a DNS name of -.Qq www.sub.example.com . -.Sh RETURN VALUES -The functions return 1 for a successful match, 0 for a failed match and --1 for an internal error: typically a memory allocation failure or an -ASN.1 decoding error. -.Pp -All functions can also return -2 if the input is malformed. -For example, -.Fn X509_check_host -returns -2 if the provided -.Fa name -contains embedded NUL bytes. -.Sh SEE ALSO -.Xr SSL_set1_host 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_get1_email 3 , -.Xr X509_new 3 , -.Xr X509_VERIFY_PARAM_set1_host 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.2 -and have been available since -.Ox 6.1 . diff --git a/src/lib/libcrypto/man/X509_check_issued.3 b/src/lib/libcrypto/man/X509_check_issued.3 deleted file mode 100644 index f8c2a5297a..0000000000 --- a/src/lib/libcrypto/man/X509_check_issued.3 +++ /dev/null @@ -1,109 +0,0 @@ -.\" $OpenBSD: X509_check_issued.3,v 1.4 2019/06/06 01:06:59 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Victor B. Wagner . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt X509_CHECK_ISSUED 3 -.Os -.Sh NAME -.Nm X509_check_issued -.Nd check whether a certificate was issued using a given CA certificate -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft int -.Fo X509_check_issued -.Fa "X509 *issuer" -.Fa "X509 *subject" -.Fc -.Sh DESCRIPTION -This function checks whether the certificate -.Fa subject -was issued using the CA certificate -.Fa issuer . -It does the following checks: -.Bl -bullet -.It -match the issuer field of -.Fa subject -against the subject field of -.Fa issuer -.It -if -.Sy authorityKeyIdentifier -is present in the -.Fa subject -certificate, -compare it to the -.Sy subjectKeyIdentifier -of -.Fa issuer -.It -check the -.Sy keyUsage -field of -.Fa issuer . -.El -.Sh RETURN VALUES -This function returns -.Dv X509_V_OK -if the certificate -.Fa subject -is issued by -.Fa issuer , -or some -.Dv X509_V_ERR* -constant to indicate an error. -.Sh SEE ALSO -.Xr X509_check_ca 3 , -.Xr X509_new 3 , -.Xr X509_verify_cert 3 -.Sh HISTORY -.Fn X509_check_issued -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . diff --git a/src/lib/libcrypto/man/X509_check_private_key.3 b/src/lib/libcrypto/man/X509_check_private_key.3 deleted file mode 100644 index 31df2126cc..0000000000 --- a/src/lib/libcrypto/man/X509_check_private_key.3 +++ /dev/null @@ -1,73 +0,0 @@ -.\" $OpenBSD: X509_check_private_key.3,v 1.6 2019/06/06 01:06:59 schwarze Exp $ -.\" OpenSSL X509_check_private_key.pod 09ddb878 Jun 5 03:56:07 2017 +0800 -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt X509_CHECK_PRIVATE_KEY 3 -.Os -.Sh NAME -.Nm X509_check_private_key , -.Nm X509_REQ_check_private_key -.Nd compare public key components -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_check_private_key -.Fa "const X509 *x" -.Fa "const EVP_PKEY *k" -.Fc -.Ft int -.Fo X509_REQ_check_private_key -.Fa "X509_REQ *x" -.Fa "EVP_PKEY *k" -.Fc -.Sh DESCRIPTION -These functions are seriously misnamed. -.Fn X509_check_private_key -compares the -.Em public -key components (e.g. exponent and modulus of an RSA key) -and parameters (e.g. EC params of an EC key) of -.Fa k -with the corresponding properties of -.Fa x . -Despite the name, it neither checks whether -.Fa k -contains private key components at all, nor, if any are present, -whether they are consistent with the public key components. -.Pp -.Fn X509_REQ_check_private_key -is equivalent to -.Fn X509_check_private_key -except that it compares to the public key -contained in a certificate request. -.Sh RETURN VALUES -These functions return 1 if the public key components and parameters -match, or 0 if they do not or if an error occurs. -On error or mismatch, a reason code can be obtained using -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr SSL_check_private_key 3 , -.Xr X509_new 3 , -.Xr X509_REQ_new 3 -.Sh HISTORY -.Fn X509_check_private_key -first appeared in SSLeay 0.6.5 and has been available since -.Ox 2.4 . -.Pp -.Fn X509_REQ_check_private_key -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/X509_check_purpose.3 b/src/lib/libcrypto/man/X509_check_purpose.3 deleted file mode 100644 index fdb58d5b21..0000000000 --- a/src/lib/libcrypto/man/X509_check_purpose.3 +++ /dev/null @@ -1,403 +0,0 @@ -.\" $OpenBSD: X509_check_purpose.3,v 1.6 2021/07/27 13:27:46 schwarze Exp $ -.\" -.\" Copyright (c) 2019, 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 27 2021 $ -.Dt X509_CHECK_PURPOSE 3 -.Os -.Sh NAME -.Nm X509_check_purpose -.Nd check intended usage of a public key -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft int -.Fo X509_check_purpose -.Fa "X509 *certificate" -.Fa "int purpose" -.Fa "int ca" -.Fc -.Sh DESCRIPTION -If the -.Fa ca -flag is 0, -.Fn X509_check_purpose -checks whether the public key contained in the -.Fa certificate -is intended to be used for the given -.Fa purpose , -which can be one of the following integer constants. -The check succeeds if none of the conditions given in the list below -are violated. -.Bl -tag -width 1n -.It Dv X509_PURPOSE_SSL_CLIENT -.Bl -dash -width 1n -compact -.It -If the -.Fa certificate -contains an Extended Key Usage extension, it contains the RFC 5280 -.Dq TLS WWW client authentication -purpose -.Pq Dv NID_client_auth . -.It -If the -.Fa certificate -contains a Key Usage extension, the -.Dv digitalSignature -bit is set. -.It -If the -.Fa certificate -contains a Netscape Cert Type extension, the -.Dq SSL client certificate -bit is set -.Pq Dv NS_SSL_CLIENT . -.El -.It Dv X509_PURPOSE_SSL_SERVER -.Bl -dash -width 1n -compact -.It -If the -.Fa certificate -contains an Extended Key Usage extension, it contains the RFC 5280 -.Dq TLS WWW server authentication -purpose -.Pq Dv NID_server_auth -or the private -.Dq Netscape Server Gated Crypto -.Pq Dv NID_ns_sgc -or -.Dq Microsoft Server Gated Crypto -.Pq Dv NID_ms_sgc -purpose. -.It -If the -.Fa certificate -contains a Key Usage extension, at least one of the -.Dv digitalSignature -and -.Dv keyEncipherment -bits is set. -.It -If the -.Fa certificate -contains a Netscape Cert Type extension, the -.Dq SSL server certificate -bit is set -.Pq Dv NS_SSL_SERVER -.El -.It Dv X509_PURPOSE_NS_SSL_SERVER -.\" check_purpose_ns_ssl_server, "Netscape SSL server" -This does the same checks as -.Dv X509_PURPOSE_SSL_SERVER -and additionally requires that a Key Usage extension, if present, -has the -.Dv keyEncipherment -bit set. -.It Dv X509_PURPOSE_SMIME_SIGN -.\" check_purpose_smime_sign, "S/MIME signing" -.Bl -dash -width 1n -compact -.It -If the -.Fa certificate -contains an Extended Key Usage extension, it contains the RFC 5280 -.Dq Email protection -purpose -.Pq Dv NID_email_protect . -.It -If the -.Fa certificate -contains a Key Usage extension, at least one of the -.Dv digitalSignature -and -.Dv nonRepudiation -bits is set. -.It -If the -.Fa certificate -contains a Netscape Cert Type extension, it has the -.Dq S/MIME certificate -bit set. -If the -.Dq SSL client certificate -bit is set but the -.Dq S/MIME certificate -bit is not, no decision is made. -.El -.It Dv X509_PURPOSE_SMIME_ENCRYPT -.\" check_purpose_smime_encrypt, "S/MIME encryption" -.Bl -dash -width 1n -compact -.It -If the -.Fa certificate -contains an Extended Key Usage extension, it contains the RFC 5280 -.Dq Email protection -purpose -.Pq Dv NID_email_protect . -.It -If the -.Fa certificate -contains a Key Usage extension, the -.Dv keyEncipherment -bit is set. -.It -If the -.Fa certificate -contains a Netscape Cert Type extension, it has the -.Dq S/MIME certificate -bit set. -If the -.Dq SSL client certificate -bit is set but the -.Dq S/MIME certificate -bit is not, no decision is made. -.El -.It Dv X509_PURPOSE_CRL_SIGN -.\" check_purpose_crl_sign, "CRL signing" -.Bl -dash -width 1n -compact -.It -If the -.Fa certificate -contains a Key Usage extension, the -.Dv cRLSign -bit is set. -.El -.It Dv X509_PURPOSE_ANY -The check always succeeds. -.It Dv X509_PURPOSE_OCSP_HELPER -.\" ocsp_helper, "OCSP helper" -The check always succeeds. -The application program is expected -to do the actual checking by other means. -.It Dv X509_PURPOSE_TIMESTAMP_SIGN -.\" check_purpose_timestamp_sign, "Time Stamp signing" -.Bl -dash -width 1n -compact -.It -The -.Fa certificate -contains an Extended Key Usage extension containing the RFC 5280 -.Dq Time Stamping -purpose and no other purpose. -This extension is marked as critical. -.It -If the -.Fa certificate -contains a Key Usage extension, at least one of the -.Dv digitalSignature -and -.Dv nonRepudiation -bits is set, and no other bits are set. -.El -.El -.Pp -If the -.Fa ca -flag is non-zero, -.Fn X509_check_purpose -instead checks whether the -.Fa certificate -can be used as a certificate authority certificate -in the context of the given -.Fa purpose . -To succeed, the check always requires that none of the following -conditions are violated: -.Pp -.Bl -dash -width 1n -compact -.It -If the -.Fa certificate -contains a Key Usage extension, the -.Dv keyCertSign -bit is set. -.It -If the -.Fa certificate -contains a Basic Constraints extension, the -.Fa cA -field is set. -.It -If the -.Fa certificate -is a version 1 certificate, the subject name matches the issuer name -and the certificate is self signed. -.El -.Pp -The check succeeds if none of the additional conditions given in -the list below are violated. -.Bl -tag -width 1n -.It Dv X509_PURPOSE_SSL_CLIENT -.Bl -dash -width 1n -compact -.It -If the -.Fa certificate -contains an Extended Key Usage extension, it contains the RFC 5280 -.Dq TLS WWW client authentication -purpose -.Pq Dv NID_client_auth . -.It -If the -.Fa certificate -is not a version 1 certificate and does not contain a Basic Constraints -extension, it contains a Key Usage extension with the -.Dv keyCertSign -bit set or a Netscape Cert Type extension with the -.Dq SSL CA certificate -bit set. -.El -.It Dv X509_PURPOSE_SSL_SERVER No or Dv X509_PURPOSE_NS_SSL_SERVER -.Bl -dash -width 1n -compact -.It -If the -.Fa certificate -contains an Extended Key Usage extension, it contains the RFC 5280 -.Dq TLS WWW server authentication -purpose -.Pq Dv NID_server_auth -or the private -.Dq Netscape Server Gated Crypto -.Pq Dv NID_ns_sgc -or -.Dq Microsoft Server Gated Crypto -.Pq Dv NID_ms_sgc -purpose. -.It -If the -.Fa certificate -is not a version 1 certificate and does not contain a Basic Constraints -extension, it contains a Key Usage extension with the -.Dv keyCertSign -bit set or a Netscape Cert Type extension with the -.Dq SSL CA certificate -bit set. -.El -.It Dv X509_PURPOSE_SMIME_SIGN No or Dv X509_PURPOSE_SMIME_ENCRYPT -.Bl -dash -width 1n -compact -.It -If the -.Fa certificate -contains an Extended Key Usage extension, it contains the RFC 5280 -.Dq Email protection -purpose -.Pq Dv NID_email_protect . -.It -If the -.Fa certificate -is not a version 1 certificate and does not contain a Basic Constraints -extension, it contains a Key Usage extension with the -.Dv keyCertSign -bit set or a Netscape Cert Type extension with the -.Dq S/MIME CA certificate -bit set. -.El -.It Xo -.Dv X509_PURPOSE_CRL_SIGN , -.Dv X509_PURPOSE_OCSP_HELPER , -or -.Dv X509_PURPOSE_TIMESTAMP_SIGN -.Xc -.Bl -dash -width 1n -compact -.It -If the -.Fa certificate -is not a version 1 certificate and does not contain a Basic Constraints -extension, it contains a Key Usage extension with the -.Dv keyCertSign -bit set or a Netscape Cert Type extension with at least one of the -.Dq SSL CA certificate , -.Dq S/MIME CA certificate , -or -.Dq Object-signing CA certificate -bits set. -.El -.It Dv X509_PURPOSE_ANY -The check always succeeds, even if the three common conditions -cited above this list are violated. -.El -.Pp -If the -.Fa purpose -is -1, -.Fn X509_check_purpose -always succeeds, no matter whether or not the -.Fa ca -flag is set. -.Pp -If the function -.Xr X509_PURPOSE_add 3 -was called before -.Fn X509_check_purpose , -it may have installed different, user-supplied checking functions -for some of the standard purposes listed above, or it may have -installed additional, user-supplied checking functions for user-defined -.Fa purpose -identifiers not listed above. -.Sh RETURN VALUES -.Fn X509_check_purpose -returns the following values: -.Bl -column -1 Failure -compact -.It -1 Ta Error Ta The -.Fa purpose -is invalid. -.It 0 Ta Failure Ta The -.Fa certificate -cannot be used for the -.Fa purpose . -.El -.Pp -If -.Fa ca -is 0, the following values can also be returned: -.Bl -column -1 Failure -compact -.It 1 Ta Success Ta The -.Fa certificate -can be used for the -.Fa purpose . -.It 2 Ta Unknown Ta \&No decision can be made. -.El -.Pp -If -.Fa ca -is non-zero, the following values can also be returned: -.Bl -column -1 Failure -compact -.It 1 Ta Success Ta The -.Fa certificate -can be used as a CA for the -.Fa purpose . -.It 3 Ta Success Ta The Fa certificate No is a version 1 CA . -.It 4 Ta Success Ta The Key Usage allows Dv keyCertSign . -.It 5 Ta Success Ta A Netscape Cert Type allows usage as a CA. -.El -.Sh SEE ALSO -.Xr BASIC_CONSTRAINTS_new 3 , -.Xr EXTENDED_KEY_USAGE_new 3 , -.Xr X509_check_trust 3 , -.Xr X509_new 3 , -.Xr X509_policy_check 3 , -.Xr X509_PURPOSE_set 3 , -.Xr X509V3_get_d2i 3 , -.Xr x509v3.cnf 5 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Bl -dash -offset indent -compact -.It -section 4.2.1.3: Key Usage -.It -section 4.2.1.9: Basic Constraints -.It -section 4.2.1.12: Extended Key Usage -.El -.Sh HISTORY -.Fn X509_check_purpose -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/X509_check_trust.3 b/src/lib/libcrypto/man/X509_check_trust.3 deleted file mode 100644 index c34f7f7370..0000000000 --- a/src/lib/libcrypto/man/X509_check_trust.3 +++ /dev/null @@ -1,209 +0,0 @@ -.\" $OpenBSD: X509_check_trust.3,v 1.3 2021/07/28 07:37:04 jmc Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 28 2021 $ -.Dt X509_CHECK_TRUST 3 -.Os -.Sh NAME -.Nm X509_check_trust -.Nd check whether a certificate is trusted -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_check_trust -.Fa "X509 *certificate" -.Fa "int trust" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn X509_check_trust -checks whether the -.Fa certificate -is marked as trusted for the purpose corresponding to the requested -.Fa trust -identifier. -.Pp -The standard algorithm used by all built-in trust checking functions -performs the following tests in the following order. -The first matching test terminates the algorithm -and decides the return value. -.Bl -enum -.It -If -.Xr X509_add1_reject_object 3 -was previously called on the -.Fa certificate -with the ASN.1 object identifier corresponding to the requested -.Fa trust -identifier, -.Dv X509_TRUST_REJECTED -is returned. -.It -If -.Xr X509_add1_trust_object 3 -was previously called on the -.Fa certificate -with the ASN.1 object identifier corresponding to the requested -.Fa trust -identifier, -.Dv X509_TRUST_TRUSTED -is returned. -.It -If -.Xr X509_add1_reject_object 3 -or -.Xr X509_add1_trust_object 3 -were previously called on the -.Fa certificate , -but neither of them -with the ASN.1 object identifier corresponding to the requested -.Fa trust -identifier, -.Dv X509_TRUST_UNTRUSTED -is returned. -.It -This so-called -.Dq compatibility -step is skipped by some of the trust checking functions. -If neither -.Xr X509_add1_reject_object 3 -nor -.Xr X509_add1_trust_object 3 -was previously called on the -.Fa certificate -and if the -.Fa certificate -is a self-signed, -.Dv X509_TRUST_TRUSTED -is returned. -.It -Otherwise, -.Dv X509_TRUST_UNTRUSTED -is returned. -.El -.Pp -By default, the following -.Fa trust -identifiers are supported. -The -.Dq ASN.1 NID -column indicates the correspondig ASN.1 object identifier; -for the relationship between ASN.1 NIDs and OIDs, see the -.Xr OBJ_nid2obj 3 -manual page. -The -.Qq compat -column indicates whether the compatibility step in the standard algorithm -detailed above is used or skipped. -.Pp -.Bl -column X509_TRUST_OCSP_REQUEST NID_anyExtendedKeyUsage compat -compact -.It Fa trust No identifier Ta Em ASN.1 NID Ta Em compat -.It Dv X509_TRUST_SSL_CLIENT Ta Dv NID_client_auth Ta use -.It Dv X509_TRUST_SSL_SERVER Ta Dv NID_server_auth Ta use -.It Dv X509_TRUST_EMAIL Ta Dv NID_email_protect Ta use -.It Dv X509_TRUST_OBJECT_SIGN Ta Dv NID_code_sign Ta use -.It Dv X509_TRUST_OCSP_SIGN Ta Dv NID_OCSP_sign Ta skip -.It Dv X509_TRUST_OCSP_REQUEST Ta Dv NID_ad_OCSP Ta skip -.It Dv X509_TRUST_TSA Ta Dv NID_time_stamp Ta use -.It Dv X509_TRUST_COMPAT Ta none Ta only -.It 0 Ta Dv NID_anyExtendedKeyUsage Ta special -.It \-1 Ta none Ta trusted -.It invalid Ta Fa trust No argument Ta skip -.El -.Pp -For the following -.Fa trust -identifiers, the standard algorithm is modified: -.Bl -tag -width Ds -.It Dv X509_TRUST_COMPAT -.Xr X509_add1_reject_object 3 -and -.Xr X509_add1_trust_object 3 -settings are completely ignored -and all steps before the compatibility step are skippped. -The -.Fa certificate -is trusted if and only if it is self-signed. -.It 0 -The third step in the standard algorithm is skipped, and the -compatibility step is used even if -.Xr X509_add1_reject_object 3 -or -.Xr X509_add1_trust_object 3 -were called with ASN.1 object identifiers not corresponding to -.Dv NID_anyExtendedKeyUsage . -.It \-1 -The -.Fa certificate -is not inspected and -.Dv X509_TRUST_TRUSTED -is always returned. -.It invalid -If the -.Fa trust -argument is neither 0 nor \-1 nor valid as a trust identifier, -it is re-interpreted as an ASN.1 NID -and used itself for the standard algorithm. -The compatibility step is skipped in this case. -.El -.Pp -The -.Fa flags -argument is ignored by all built-in trust checking functions, -but user-specified trust checking functions might use it. -.Pp -If the function -.Xr X509_TRUST_add 3 -was called before -.Fn X509_check_trust , -it may have installed different, user-supplied checking functions -for some of the standard -.Fa trust -identifiers listed above, or it may have installed additional, -user-supplied checking functions for user-defined -.Fa trust -identifiers not listed above. -.Sh RETURN VALUES -.Fn X509_check_trust -returns the following values: -.Bl -tag -width Ds -.It Dv X509_TRUST_TRUSTED -The -.Fa certificate -is explicitly or implicitly trusted for the requested purpose. -.It Dv X509_TRUST_REJECTED -The -.Fa certificate -is explicitly rejected for the requested purpose. -.It Dv X509_TRUST_UNTRUSTED -The -.Fa certificate -is neither trusted nor explicitly rejected, -which implies that it is not trusted. -.El -.Sh SEE ALSO -.Xr PEM_read_X509_AUX 3 , -.Xr X509_add1_trust_object 3 , -.Xr X509_CERT_AUX_new 3 , -.Xr X509_check_purpose 3 , -.Xr X509_new 3 , -.Xr X509_policy_check 3 , -.Xr X509_TRUST_set 3 , -.Xr X509_VERIFY_PARAM_set_trust 3 -.Sh HISTORY -.Fn X509_check_trust -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/X509_cmp.3 b/src/lib/libcrypto/man/X509_cmp.3 deleted file mode 100644 index f90bc0e6d4..0000000000 --- a/src/lib/libcrypto/man/X509_cmp.3 +++ /dev/null @@ -1,231 +0,0 @@ -.\" $OpenBSD: X509_cmp.3,v 1.3 2021/07/02 10:50:39 schwarze Exp $ -.\" full merge up to: OpenSSL ea5d4b89 Jun 6 11:42:02 2019 +0800 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Paul Yang . -.\" Copyright (c) 2019 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 2 2021 $ -.Dt X509_CMP 3 -.Os -.Sh NAME -.Nm X509_cmp , -.Nm X509_NAME_cmp , -.\" The alias X509_name_cmp(3) is intentionally undocumented -.\" because it is almost unused in real-world code. -.Nm X509_issuer_and_serial_cmp , -.Nm X509_issuer_name_cmp , -.Nm X509_subject_name_cmp , -.Nm X509_CRL_cmp , -.Nm X509_CRL_match -.Nd compare X.509 certificates and related values -.\" The function name_cmp() is intentionally undocumented. -.\" It was a mistake to make it public in the first place, -.\" and it is no longer part of the public API in OpenSSL 1.1. -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_cmp -.Fa "const X509 *a" -.Fa "const X509 *b" -.Fc -.Ft int -.Fo X509_NAME_cmp -.Fa "const X509_NAME *a" -.Fa "const X509_NAME *b" -.Fc -.Ft int -.Fo X509_issuer_and_serial_cmp -.Fa "const X509 *a" -.Fa "const X509 *b" -.Fc -.Ft int -.Fo X509_issuer_name_cmp -.Fa "const X509 *a" -.Fa "const X509 *b" -.Fc -.Ft int -.Fo X509_subject_name_cmp -.Fa "const X509 *a" -.Fa "const X509 *b" -.Fc -.Ft int -.Fo X509_CRL_cmp -.Fa "const X509_CRL *a" -.Fa "const X509_CRL *b" -.Fc -.Ft int -.Fo X509_CRL_match -.Fa "const X509_CRL *a" -.Fa "const X509_CRL *b" -.Fc -.Sh DESCRIPTION -.Fn X509_cmp -compares two X.509 certificates using -.Xr memcmp 3 -on the SHA1 hashes of their canonical (DER) representations as generated with -.Xr X509_digest 3 . -.Pp -.Fn X509_NAME_cmp -compares two X.501 -.Vt Name -objects using their canonical (DER) representations generated with -.Xr i2d_X509_NAME 3 . -.Pp -.Fn X509_issuer_and_serial_cmp -compares the -.Fa issuer -and -.Fa serialNumber -fields of two -.Vt TBSCertificate -structures, using -.Fn X509_NAME_cmp -for the -.Fa issuer -fields. -.Pp -.Fn X509_issuer_name_cmp -compares the -.Fa issuer -fields of two -.Vt TBSCertificate -structures using -.Fn X509_NAME_cmp . -.Pp -.Fn X509_subject_name_cmp -compares the -.Fa subject -fields of two -.Vt TBSCertificate -structures using -.Fn X509_NAME_cmp . -.Pp -.Fn X509_CRL_cmp -is misnamed; it only compares the -.Fa issuer -fields of two -.Vt TBSCertList -structures using -.Fn X509_NAME_cmp . -.Pp -.Fn X509_CRL_match -compares two certificate revocation lists using -.Xr memcmp 3 -on the SHA1 hashes of their canonical (DER) representations as generated with -.Xr X509_CRL_digest 3 . -.Sh RETURN VALUES -All these functions return 0 to indicate a match or a non-zero value -to indicate a mismatch. -.Pp -.Fn X509_NAME_cmp , -.Fn X509_issuer_and_serial_cmp , -.Fn X509_issuer_name_cmp , -.Fn X509_subject_name_cmp -and -.Fn X509_CRL_cmp -may return -2 to indicate an error. -.Sh SEE ALSO -.Xr i2d_X509_NAME 3 , -.Xr X509_CRL_new 3 , -.Xr X509_digest 3 , -.Xr X509_NAME_new 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate -and Certificate Revocation List (CRL) Profile -.Bl -dash -compact -offset indent -.It -section 4.1: Basic Certificate Fields -.It -section 5.1: CRL Fields -.El -.Sh HISTORY -.Fn X509_issuer_and_serial_cmp , -.Fn X509_issuer_name_cmp , -and -.Fn X509_subject_name_cmp -first appeared in SSLeay 0.5.1 and -.Fn X509_NAME_cmp -and -.Fn X509_CRL_cmp -in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_cmp -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn X509_CRL_match -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . -.Sh BUGS -For -.Fn X509_NAME_cmp , -.Fn X509_issuer_and_serial_cmp , -.Fn X509_issuer_name_cmp , -.Fn X509_subject_name_cmp -and -.Fn X509_CRL_cmp , -the return value -2 sometimes indicates a mismatch and sometimes an error. diff --git a/src/lib/libcrypto/man/X509_cmp_time.3 b/src/lib/libcrypto/man/X509_cmp_time.3 deleted file mode 100644 index 96b671f3c9..0000000000 --- a/src/lib/libcrypto/man/X509_cmp_time.3 +++ /dev/null @@ -1,155 +0,0 @@ -.\" $OpenBSD: X509_cmp_time.3,v 1.9 2019/06/06 01:06:59 schwarze Exp $ -.\" OpenSSL X509_cmp_time.pod 24053693 Mar 28 14:27:37 2017 +0200 -.\" -.\" This file was written by Emilia Kasper -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt X509_CMP_TIME 3 -.Os -.Sh NAME -.Nm X509_cmp_time , -.Nm X509_cmp_current_time , -.Nm X509_time_adj_ex , -.Nm X509_time_adj -.Nd ASN.1 Time utilities -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_cmp_time -.Fa "const ASN1_TIME *asn1_time" -.Fa "time_t *cmp_time" -.Fc -.Ft int -.Fo X509_cmp_current_time -.Fa "const ASN1_TIME *asn1_time" -.Fc -.Ft ASN1_TIME * -.Fo X509_time_adj_ex -.Fa "ASN1_TIME *asn1_time" -.Fa "int offset_day" -.Fa "long offset_sec" -.Fa "time_t *in_tm" -.Fc -.Ft ASN1_TIME * -.Fo X509_time_adj -.Fa "ASN1_TIME *asn1_time" -.Fa "long offset_sec" -.Fa "time_t *in_tm" -.Fc -.Sh DESCRIPTION -.Fn X509_cmp_time -parses -.Fa asn1_time -with -.Xr ASN1_time_parse 3 -and compares it to -.Fa cmp_time . -.Fn X509_cmp_current_time -compares it to the current time. -.Pp -.Fn X509_time_adj_ex -sets -.Fa asn1_time -to a time -.Fa offset_day -and -.Fa offset_sec -later than -.Fa in_tm . -.Fn X509_time_adj -does the same with a 0 day offset. -If -.Fa asn1_time -is -.Dv NULL , -a new -.Vt ASN1_TIME -structure is allocated and returned. -.Pp -In all functions, if -.Fa in_tm -is -.Dv NULL , -the current time is used. -.Sh RETURN VALUES -.Fn X509_cmp_time -and -.Fn X509_cmp_current_time -return -1 if -.Fa asn1_time -is earlier than or equal to -.Fa cmp_time , -1 if it is later, or 0 on error. -.Pp -.Fn X509_time_adj_ex -and -.Fn X509_time_adj -return a pointer to the updated -.Vt ASN1_TIME -structure or -.Dv NULL -on error. -.Sh SEE ALSO -.Xr ASN1_TIME_new 3 , -.Xr ASN1_time_parse 3 , -.Xr ASN1_TIME_set 3 , -.Xr time 3 -.Sh HISTORY -.Fn X509_cmp_current_time -first appeared in SSLeay 0.6.0 and has been available since -.Ox 2.4 . -.Pp -.Fn X509_cmp_time -and -.Fn X509_time_adj -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . -.Pp -.Fn X509_time_adj_ex -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/X509_digest.3 b/src/lib/libcrypto/man/X509_digest.3 deleted file mode 100644 index 7627e07731..0000000000 --- a/src/lib/libcrypto/man/X509_digest.3 +++ /dev/null @@ -1,155 +0,0 @@ -.\" $OpenBSD: X509_digest.3,v 1.8 2019/08/20 13:27:19 schwarze Exp $ -.\" full merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 -.\" -.\" This file was written by Rich Salz -.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 20 2019 $ -.Dt X509_DIGEST 3 -.Os -.Sh NAME -.Nm X509_digest , -.Nm X509_CRL_digest , -.Nm X509_pubkey_digest , -.Nm X509_NAME_digest , -.Nm X509_REQ_digest , -.Nm PKCS7_ISSUER_AND_SERIAL_digest -.Nd get digests of various objects -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_digest -.Fa "const X509 *data" -.Fa "const EVP_MD *type" -.Fa "unsigned char *md" -.Fa "unsigned int *len" -.Fc -.Ft int -.Fo X509_CRL_digest -.Fa "const X509_CRL *data" -.Fa "const EVP_MD *type" -.Fa "unsigned char *md" -.Fa "unsigned int *len" -.Fc -.Ft int -.Fo X509_pubkey_digest -.Fa "const X509 *data" -.Fa "const EVP_MD *type" -.Fa "unsigned char *md" -.Fa "unsigned int *len" -.Fc -.Ft int -.Fo X509_REQ_digest -.Fa "const X509_REQ *data" -.Fa "const EVP_MD *type" -.Fa "unsigned char *md" -.Fa "unsigned int *len" -.Fc -.Ft int -.Fo X509_NAME_digest -.Fa "const X509_NAME *data" -.Fa "const EVP_MD *type" -.Fa "unsigned char *md" -.Fa "unsigned int *len" -.Fc -.In openssl/pkcs7.h -.Ft int -.Fo PKCS7_ISSUER_AND_SERIAL_digest -.Fa "PKCS7_ISSUER_AND_SERIAL *data" -.Fa "const EVP_MD *type" -.Fa "unsigned char *md" -.Fa "unsigned int *len" -.Fc -.Sh DESCRIPTION -.Fn X509_pubkey_digest -returns a digest of the DER representation of the public key contained in -.Fa data . -All other functions described here return a digest of the DER -representation of their entire -.Fa data -object. -.Pp -The -.Fa type -parameter specifies the digest to be used, such as -.Xr EVP_sha1 3 . -.Fa md -is a pointer to the buffer where the digest will be copied and is -assumed to be large enough; a size of at least -.Dv EVP_MAX_MD_SIZE -bytes is suggested. -The -.Fa len -parameter, if not -.Dv NULL , -points to a place where the digest size will be stored. -.Sh RETURN VALUES -These functions return 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr EVP_get_digestbyname 3 , -.Xr X509_cmp 3 , -.Xr X509_CRL_new 3 , -.Xr X509_NAME_new 3 , -.Xr X509_new 3 , -.Xr X509_REQ_new 3 -.Sh HISTORY -.Fn X509_digest , -.Fn X509_NAME_digest , -and -.Fn PKCS7_ISSUER_AND_SERIAL_digest -first appeared in SSLeay 0.6.5 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_CRL_digest -and -.Fn X509_REQ_digest -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . -.Pp -.Fn X509_pubkey_digest -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/X509_find_by_subject.3 b/src/lib/libcrypto/man/X509_find_by_subject.3 deleted file mode 100644 index 98a76a1fca..0000000000 --- a/src/lib/libcrypto/man/X509_find_by_subject.3 +++ /dev/null @@ -1,69 +0,0 @@ -.\" $OpenBSD: X509_find_by_subject.3,v 1.1 2021/07/04 12:56:27 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 4 2021 $ -.Dt X509_FIND_BY_SUBJECT 3 -.Os -.Sh NAME -.Nm X509_find_by_subject , -.Nm X509_find_by_issuer_and_serial -.Nd search an array of X.509 certificates -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509 * -.Fo X509_find_by_subject -.Fa "STACK_OF(X509) *sk" -.Fa "X509_NAME *subject" -.Fc -.Ft X509 * -.Fo X509_find_by_issuer_and_serial -.Fa "STACK_OF(X509) *sk" -.Fa "X509_NAME *issuer" -.Fa "ASN1_INTEGER *serial" -.Fc -.Sh DESCRIPTION -.Fn X509_find_by_subject -searches the variable-sized array -.Fa sk -for a certificate with a matching -.Fa subject -name. -.Pp -.Fn X509_find_by_issuer_and_serial -searches the array for a certificate where both the -.Fa issuer -name and the -.Fa serial -number match the arguments. -.Sh RETURN VALUES -These functions return a pointer to the first matching certificate or -.Dv NULL -if -.Fa sk -is -.Dv NULL -or does not contain a matching certificate. -.Sh SEE ALSO -.Xr ASN1_INTEGER_new 3 , -.Xr STACK_OF 3 , -.Xr X509_cmp 3 , -.Xr X509_get_serialNumber 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_NAME_new 3 , -.Xr X509_new 3 -.Sh HISTORY -These functions first appeared in SSLeay 0.8.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_get0_notBefore.3 b/src/lib/libcrypto/man/X509_get0_notBefore.3 deleted file mode 100644 index e9f0d62992..0000000000 --- a/src/lib/libcrypto/man/X509_get0_notBefore.3 +++ /dev/null @@ -1,259 +0,0 @@ -.\" $OpenBSD: X509_get0_notBefore.3,v 1.5 2020/06/24 14:59:41 schwarze Exp $ -.\" content checked up to: OpenSSL 27b138e9 May 19 00:16:38 2017 +0000 -.\" -.\" Copyright (c) 2018, 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt X509_GET0_NOTBEFORE 3 -.Os -.Sh NAME -.Nm X509_get0_notBefore , -.Nm X509_get0_notAfter , -.Nm X509_getm_notBefore , -.Nm X509_getm_notAfter , -.Nm X509_get_notBefore , -.Nm X509_get_notAfter , -.Nm X509_CRL_get0_lastUpdate , -.Nm X509_CRL_get0_nextUpdate , -.Nm X509_CRL_get_lastUpdate , -.Nm X509_CRL_get_nextUpdate , -.Nm X509_set1_notBefore , -.Nm X509_set1_notAfter , -.Nm X509_set_notBefore , -.Nm X509_set_notAfter , -.Nm X509_CRL_set1_lastUpdate , -.Nm X509_CRL_set1_nextUpdate , -.Nm X509_CRL_set_lastUpdate , -.Nm X509_CRL_set_nextUpdate -.Nd get and set certificate and CRL validity dates -.Sh SYNOPSIS -.In openssl/x509.h -.Ft const ASN1_TIME * -.Fo X509_get0_notBefore -.Fa "const X509 *x" -.Fc -.Ft const ASN1_TIME * -.Fo X509_get0_notAfter -.Fa "const X509 *x" -.Fc -.Ft ASN1_TIME * -.Fo X509_getm_notBefore -.Fa "const X509 *x" -.Fc -.Ft ASN1_TIME * -.Fo X509_getm_notAfter -.Fa "const X509 *x" -.Fc -.Ft ASN1_TIME * -.Fo X509_get_notBefore -.Fa "const X509 *x" -.Fc -.Ft ASN1_TIME * -.Fo X509_get_notAfter -.Fa "const X509 *x" -.Fc -.Ft const ASN1_TIME * -.Fo X509_CRL_get0_lastUpdate -.Fa "const X509_CRL *crl" -.Fc -.Ft const ASN1_TIME * -.Fo X509_CRL_get0_nextUpdate -.Fa "const X509_CRL *crl" -.Fc -.Ft ASN1_TIME * -.Fo X509_CRL_get_lastUpdate -.Fa "X509_CRL *crl" -.Fc -.Ft ASN1_TIME * -.Fo X509_CRL_get_nextUpdate -.Fa "X509_CRL *crl" -.Fc -.Ft int -.Fo X509_set1_notBefore -.Fa "X509 *x" -.Fa "const ASN1_TIME *tm" -.Fc -.Ft int -.Fo X509_set1_notAfter -.Fa "X509 *x" -.Fa "const ASN1_TIME *tm" -.Fc -.Ft int -.Fo X509_set_notBefore -.Fa "X509 *x" -.Fa "const ASN1_TIME *tm" -.Fc -.Ft int -.Fo X509_set_notAfter -.Fa "X509 *x" -.Fa "const ASN1_TIME *tm" -.Fc -.Ft int -.Fo X509_CRL_set1_lastUpdate -.Fa "X509_CRL *crl" -.Fa "const ASN1_TIME *tm" -.Fc -.Ft int -.Fo X509_CRL_set1_nextUpdate -.Fa "X509_CRL *crl" -.Fa "const ASN1_TIME *tm" -.Fc -.Ft int -.Fo X509_CRL_set_lastUpdate -.Fa "X509_CRL *crl" -.Fa "const ASN1_TIME *tm" -.Fc -.Ft int -.Fo X509_CRL_set_nextUpdate -.Fa "X509_CRL *crl" -.Fa "const ASN1_TIME *tm" -.Fc -.Sh DESCRIPTION -.Fn X509_getm_notBefore -and -.Fn X509_getm_notAfter -return pointers to the -.Fa notBefore -and -.Fa notAfter -fields of the validity period of the certificate -.Fa x , -respectively. -.Fn X509_get_notBefore -and -.Fn X509_get_notAfter -are deprecated aliases implemented as macros. -.Pp -.Fn X509_get0_notBefore -and -.Fn X509_get0_notAfter -are identical except for the const qualifier on the return type. -.Pp -.Fn X509_CRL_get0_lastUpdate -and -.Fn X509_CRL_get0_nextUpdate -return pointers to the -.Fa lastUpdate -and -.Fa nextUpdate -fields of -.Fa crl . -.Pp -.Fn X509_CRL_get_lastUpdate -and -.Fn X509_CRL_get_nextUpdate -are deprecated and identical except for the const qualifier -on the argument and on the return type. -.Pp -.Fn X509_set1_notBefore , -.Fn X509_set1_notAfter , -.Fn X509_CRL_set1_lastUpdate , -and -.Fn X509_CRL_set1_nextUpdate -set the -.Fa notBefore , -.Fa notAfter , -.Fa lastUpdate , -or -.Fa nextUpdate -field of -.Fa x -or -.Fa crl , -respectively, to a deep copy of -.Fa tm -and free the -.Vt ASN1_TIME -value that they replace. -.Pp -.Fn X509_set_notBefore , -.Fn X509_set_notAfter , -.Fn X509_CRL_set_lastUpdate , -and -.Fn X509_CRL_set_nextUpdate -are deprecated aliases. -.Sh RETURN VALUES -The -.Sy get -functions return internal pointers -which must not be freed by the application, or -.Dv NULL -if the requested field is not available. -They may crash with a -.Dv NULL -pointer access if -.Fa x -or -.Fa crl -is -.Dv NULL . -.Pp -The -.Sy set -functions return 1 on success or 0 on failure. -They fail if -.Fa x -is -.Dv NULL -or does not contain a -.Fa validity -substructure, if -.Fa crl -is -.Dv NULL , -or if -.Xr ASN1_STRING_dup 3 -fails. -.Pp -Except for some cases of -.Xr ASN1_STRING_dup 3 -failure, these functions do not support -determining reasons for failure with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr ASN1_TIME_set 3 , -.Xr ASN1_TIME_set_tm 3 , -.Xr X509_cmp_time 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_new 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_new 3 , -.Xr X509_sign 3 , -.Xr X509_VAL_new 3 , -.Xr X509_verify_cert 3 -.Sh HISTORY -.Fn X509_get_notBefore , -.Fn X509_get_notAfter , -.Fn X509_set_notBefore , -and -.Fn X509_set_notAfter -first appeared in SSLeay 0.6.5 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_CRL_get_lastUpdate -and -.Fn X509_CRL_get_nextUpdate -first appeared in OpenSSL 0.9.2 and have been available since -.Ox 2.6 . -.Pp -.Fn X509_CRL_set_lastUpdate -and -.Fn X509_CRL_set_nextUpdate -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -The remaining functions first appeared in OpenSSL 1.1.0 -and have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_get0_signature.3 b/src/lib/libcrypto/man/X509_get0_signature.3 deleted file mode 100644 index 7082db160c..0000000000 --- a/src/lib/libcrypto/man/X509_get0_signature.3 +++ /dev/null @@ -1,199 +0,0 @@ -.\" $OpenBSD: X509_get0_signature.3,v 1.7 2021/07/06 16:05:44 schwarze Exp $ -.\" selective merge up to: -.\" OpenSSL man3/X509_get0_signature 2f7a2520 Apr 25 17:28:08 2017 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2020 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 6 2021 $ -.Dt X509_GET0_SIGNATURE 3 -.Os -.Sh NAME -.Nm X509_get0_signature , -.Nm X509_REQ_get0_signature , -.Nm X509_CRL_get0_signature , -.Nm X509_get0_tbs_sigalg , -.Nm X509_get_signature_type , -.Nm X509_get_signature_nid , -.Nm X509_REQ_get_signature_nid , -.Nm X509_CRL_get_signature_nid -.Nd signature information -.Sh SYNOPSIS -.In openssl/x509.h -.Ft void -.Fo X509_get0_signature -.Fa "const ASN1_BIT_STRING **psig" -.Fa "const X509_ALGOR **palg" -.Fa "const X509 *x" -.Fc -.Ft void -.Fo X509_REQ_get0_signature -.Fa "const X509_REQ *req" -.Fa "const ASN1_BIT_STRING **psig" -.Fa "const X509_ALGOR **palg" -.Fc -.Ft void -.Fo X509_CRL_get0_signature -.Fa "const X509_CRL *crl" -.Fa "const ASN1_BIT_STRING **psig" -.Fa "const X509_ALGOR **palg" -.Fc -.Ft const X509_ALGOR * -.Fo X509_get0_tbs_sigalg -.Fa "const X509 *x" -.Fc -.Ft int -.Fo X509_get_signature_type -.Fa "const X509 *x" -.Fc -.Ft int -.Fo X509_get_signature_nid -.Fa "const X509 *x" -.Fc -.Ft int -.Fo X509_REQ_get_signature_nid -.Fa "const X509_REQ *req" -.Fc -.Ft int -.Fo X509_CRL_get_signature_nid -.Fa "const X509_CRL *crl" -.Fc -.Sh DESCRIPTION -.Fn X509_get0_signature , -.Fn X509_REQ_get0_signature , -and -.Fn X509_CRL_get0_signature -set -.Pf * Fa psig -to the signature and -.Pf * Fa palg -to the signature algorithm of -.Fa x , -.Fa req , -or -.Fa crl , -respectively. -.Fn X509_get0_tbs_sigalg -returns the signature algorithm in the signed portion of -.Fa x . -The values returned are internal pointers -that must not be freed by the caller. -.Pp -.Fn X509_get_signature_type -returns the base NID corresponding to the signature algorithm of -.Fa x -just like -.Xr EVP_PKEY_base_id 3 -does. -.Pp -.Fn X509_get_signature_nid , -.Fn X509_REQ_get_signature_nid , -and -.Fn X509_CRL_get_signature_nid -return the NID corresponding to the signature algorithm of -.Fa x , -.Fa req , -or -.Fa crl , -respectively, just like -.Xr EVP_PKEY_id 3 -does. -.Pp -These functions provide lower level access to the signature -for cases where an application wishes to analyse or generate a -signature in a form where -.Xr X509_sign 3 -is not appropriate, for example in a non-standard or unsupported format. -.Sh SEE ALSO -.Xr EVP_PKEY_base_id 3 , -.Xr OBJ_obj2nid 3 , -.Xr X509_ALGOR_new 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_new 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_get_version 3 , -.Xr X509_new 3 , -.Xr X509_REQ_new 3 , -.Xr X509_sign 3 , -.Xr X509_signature_dump 3 , -.Xr X509_verify_cert 3 -.Sh HISTORY -.Fn X509_get_signature_type -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . -.Pp -.Fn X509_get0_signature -and -.Fn X509_get_signature_nid -first appeared in OpenSSL 1.0.2. -.Fn X509_REQ_get0_signature , -.Fn X509_CRL_get0_signature , -.Fn X509_get0_tbs_sigalg , -.Fn X509_REQ_get_signature_nid , -and -.Fn X509_CRL_get_signature_nid -first appeared in OpenSSL 1.1.0. -All these functions have been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_get1_email.3 b/src/lib/libcrypto/man/X509_get1_email.3 deleted file mode 100644 index c38a604899..0000000000 --- a/src/lib/libcrypto/man/X509_get1_email.3 +++ /dev/null @@ -1,123 +0,0 @@ -.\" $OpenBSD: X509_get1_email.3,v 1.1 2019/08/23 12:23:39 schwarze Exp $ -.\" -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 23 2019 $ -.Dt X509_GET1_EMAIL 3 -.Os -.Sh NAME -.Nm X509_get1_email , -.Nm X509_get1_ocsp , -.Nm X509_email_free -.Nd utilities for stacks of strings -.Sh SYNOPSIS -.In openssl/x509v3.h -.Vt typedef char *OPENSSL_STRING ; -.Ft STACK_OF(OPENSSL_STRING) * -.Fo X509_get1_email -.Fa "X509 *certificate" -.Fc -.Ft STACK_OF(OPENSSL_STRING) * -.Fo X509_get1_ocsp -.Fa "X509 *certificate" -.Fc -.Ft void -.Fo X509_email_free -.Fa "STACK_OF(OPENSSL_STRING) *stack" -.Fc -.Sh DESCRIPTION -.Fn X509_get1_email -retrieves all email addresses from the -.Fa subject -field and from any -Subject Alternative Name extension of the -.Fa certificate . -.Pp -.Fn X509_get1_ocsp -retrieves all uniform resource identifiers -from all -.Vt AccessDescription -objects having an -.Fa accessMethod -of OCSP which are contained in the Authority Information Access extension -of the -.Fa certificate . -.Pp -.Fn X509_email_free -frees all strings stored in the -.Fa stack -as well as the stack itself. -If -.Fa stack -is a -.Dv NULL -pointer, no action occurs. -.Sh RETURN VALUES -.Fn X509_REQ_get1_email -and -.Fn X509_get1_ocsp -return newly allocated stacks of -.Vt char * -containing copies of the addresses in question, or -.Dv NULL -if there are no addresses or if an error occurs. -.Sh SEE ALSO -.Xr OCSP_sendreq_new 3 , -.Xr OCSP_SERVICELOC_new 3 , -.Xr OPENSSL_sk_new 3 , -.Xr STACK_OF 3 , -.Xr X509_check_email 3 , -.Xr X509_get_ext_d2i 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_new 3 , -.Xr x509v3.cnf 5 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Bl -dash -offset indent -compact -.It -section 4.1: Basic Certificate Fields -.It -section 4.1.2.6: Subject -.It -section 4.2.1.6: Subject Alternative Name -.It -section 4.2.2.1: Authority Information Access -.El -.Pp -RFC 2985: PKCS #9: Selected Object Classes and Attribute Types -.Bl -dash -offset indent -compact -.It -section 5.2.1: Electronic-mail address -.It -appendix B.3.5: emailAddress -.El -.Sh HISTORY -.Fn X509_get1_email -and -.Fn X509_email_free -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . -.Pp -.Fn X509_get1_ocsp -first appeared in OpenSSL 0.9.8h and has been available since -.Ox 4.5 . -.Sh BUGS -.Fn X509_email_free -is utterly misnamed. -It does not operate on any -.Vt X509 -object, nor is it in any way restricted to email addresses; -instead, it simply frees a stack of strings. diff --git a/src/lib/libcrypto/man/X509_get_pubkey.3 b/src/lib/libcrypto/man/X509_get_pubkey.3 deleted file mode 100644 index dc1f6a99b4..0000000000 --- a/src/lib/libcrypto/man/X509_get_pubkey.3 +++ /dev/null @@ -1,288 +0,0 @@ -.\" $OpenBSD: X509_get_pubkey.3,v 1.9 2021/06/30 10:06:43 schwarze Exp $ -.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" X509_REQ_get0_pubkey and X509_REQ_get_X509_PUBKEY not yet in LibreSSL -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2020, 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 30 2021 $ -.Dt X509_GET_PUBKEY 3 -.Os -.Sh NAME -.Nm X509_get_pubkey , -.Nm X509_get0_pubkey , -.Nm X509_set_pubkey , -.Nm X509_get_X509_PUBKEY , -.Nm X509_get0_pubkey_bitstr , -.Nm X509_REQ_get_pubkey , -.Nm X509_REQ_set_pubkey , -.Nm X509_extract_key , -.Nm X509_REQ_extract_key -.Nd get or set certificate or certificate request public key -.Sh SYNOPSIS -.In openssl/x509.h -.Ft EVP_PKEY * -.Fo X509_get_pubkey -.Fa "X509 *x" -.Fc -.Ft EVP_PKEY * -.Fo X509_get0_pubkey -.Fa "const X509 *x" -.Fc -.Ft int -.Fo X509_set_pubkey -.Fa "X509 *x" -.Fa "EVP_PKEY *pkey" -.Fc -.Ft X509_PUBKEY * -.Fo X509_get_X509_PUBKEY -.Fa "X509 *x" -.Fc -.Ft ASN1_BIT_STRING * -.Fo X509_get0_pubkey_bitstr -.Fa "const X509 *x" -.Fc -.Ft EVP_PKEY * -.Fo X509_REQ_get_pubkey -.Fa "X509_REQ *req" -.Fc -.Ft int -.Fo X509_REQ_set_pubkey -.Fa "X509_REQ *x" -.Fa "EVP_PKEY *pkey" -.Fc -.Ft EVP_PKEY * -.Fo X509_extract_key -.Fa "X509 *x" -.Fc -.Ft EVP_PKEY * -.Fo X509_REQ_extract_key -.Fa "X509_REQ *req" -.Fc -.Sh DESCRIPTION -.Fn X509_get_pubkey -attempts to decode the public key for certificate -.Fa x . -If successful it returns the public key as an -.Vt EVP_PKEY -pointer with its reference count incremented: this means the returned -key must be freed up after use. -.Fn X509_get0_pubkey -is similar except that it does not increment the reference count -of the returned -.Vt EVP_PKEY , -so it must not be freed up after use. -.Pp -.Fn X509_get_X509_PUBKEY -returns an internal pointer to the -.Vt SubjectPublicKeyInfo -structure contained in -.Fa x . -The returned value must not be freed up after use. -.Fn X509_get_X509_PUBKEY -is implemented as a macro. -.Pp -.Fn X509_get0_pubkey_bitstr -returns an internal pointer to just the public key contained in this -.Vt SubjectPublicKeyInfo -structure, without the information about the algorithm used. -.Pp -.Fn X509_set_pubkey -attempts to set the public key for certificate -.Fa x -to -.Fa pkey . -The key -.Fa pkey -should be freed up after use. -.Pp -.Fn X509_REQ_get_pubkey -and -.Fn X509_REQ_set_pubkey -are similar but operate on certificate request -.Fa req . -.Pp -The first time a public key is decoded, the -.Vt EVP_PKEY -structure is cached in the certificate or certificate request itself. -Subsequent calls return the cached structure with its reference count -incremented to improve performance. -.Pp -.Fn X509_extract_key -and -.Fn X509_REQ_extract_key -are deprecated aliases for -.Fn X509_get_pubkey -and -.Fn X509_REQ_get_pubkey , -respectively, implemented as macros. -.Sh RETURN VALUES -.Fn X509_get_pubkey , -.Fn X509_get0_pubkey , -.Fn X509_get_X509_PUBKEY , -.Fn X509_get0_pubkey_bitstr , -.Fn X509_REQ_get_pubkey , -.Fn X509_extract_key , -and -.Fn X509_REQ_extract_key -return a public key or -.Dv NULL -if an error occurred. -.Pp -.Fn X509_set_pubkey -and -.Fn X509_REQ_set_pubkey -return 1 for success or 0 for failure. -.Pp -In some cases of failure of -.Fn X509_get0_pubkey , -.Fn X509_set_pubkey , -.Fn X509_REQ_get_pubkey , -and -.Fn X509_REQ_set_pubkey , -the reason can be determined with -.Xr ERR_get_error 3 . -.Sh ERRORS -.Fn X509_get_pubkey , -.Fn X509_get0_pubkey , -.Fn X509_REQ_get_pubkey , -.Fn X509_extract_key , -and -.Fn X509_REQ_extract_key -provide diagnostics as documented for -.Xr X509_PUBKEY_get 3 . -If -.Fa x -or -.Fa req -is -.Dv NULL -or contains no certificate information, -they fail without pushing an error onto the stack. -.Pp -.Fn X509_get_X509_PUBKEY -provides no diagnostics and crashes by accessing a -.Dv NULL -pointer if -.Fa x -is -.Dv NULL -or contains no certificate information, -.Pp -.Fn X509_get0_pubkey_bitstr -provides no diagnostics -and fails without pushing an error onto the stack if -.Fa x -is -.Dv NULL , -but it crashes by accessing a -.Dv NULL -pointer if -.Fa x -contains no certificate information. -.Sh SEE ALSO -.Xr d2i_X509 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_NAME_add_entry_by_txt 3 , -.Xr X509_NAME_ENTRY_get_object 3 , -.Xr X509_NAME_get_index_by_NID 3 , -.Xr X509_NAME_print_ex 3 , -.Xr X509_new 3 , -.Xr X509_PUBKEY_new 3 , -.Xr X509_REQ_new 3 , -.Xr X509_sign 3 , -.Xr X509_verify_cert 3 , -.Xr X509V3_get_d2i 3 -.Sh STANDARDS -RFC 5280, Internet X.509 Public Key Infrastructure Certificate -and Certificate Revocation List (CRL) Profile, -section 4.1 Basic Certificate Fields -.Pp -RFC 2986: PKCS #10: Certification Request Syntax Specification, -section 4.1 CertificationRequestInfo -.Sh HISTORY -.Fn X509_extract_key -and -.Fn X509_REQ_extract_key -first appeared in SSLeay 0.5.1 but returned a pointer to an -.Vt RSA -object before SSLeay 0.6.0. -.Fn X509_get_pubkey , -.Fn X509_set_pubkey , -.Fn X509_REQ_get_pubkey , -and -.Fn X509_REQ_set_pubkey -first appeared in SSLeay 0.6.5. -.Fn X509_get_X509_PUBKEY -first appeared in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_get0_pubkey_bitstr -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.4 . -.Pp -.Fn X509_get0_pubkey -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_get_serialNumber.3 b/src/lib/libcrypto/man/X509_get_serialNumber.3 deleted file mode 100644 index 7d757c7a71..0000000000 --- a/src/lib/libcrypto/man/X509_get_serialNumber.3 +++ /dev/null @@ -1,129 +0,0 @@ -.\" $OpenBSD: X509_get_serialNumber.3,v 1.5 2020/06/19 12:01:20 schwarze Exp $ -.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 19 2020 $ -.Dt X509_GET_SERIALNUMBER 3 -.Os -.Sh NAME -.Nm X509_get_serialNumber , -.Nm X509_get0_serialNumber , -.Nm X509_set_serialNumber -.Nd get or set certificate serial number -.Sh SYNOPSIS -.In openssl/x509.h -.Ft ASN1_INTEGER * -.Fo X509_get_serialNumber -.Fa "X509 *x" -.Fc -.Ft const ASN1_INTEGER * -.Fo X509_get0_serialNumber -.Fa "const X509 *x" -.Fc -.Ft int -.Fo X509_set_serialNumber -.Fa "X509 *x" -.Fa "ASN1_INTEGER *serial" -.Fc -.Sh DESCRIPTION -.Fn X509_get_serialNumber -returns the serial number of certificate -.Fa x -as an -.Vt ASN1_INTEGER -structure which can be examined or initialised. -The value returned is an internal pointer which must not be freed -up after the call. -.Pp -.Fn X509_get0_serialNumber -does the same except that it accepts a constant argument -and returns a constant result. -.Pp -.Fn X509_set_serialNumber -sets the serial number of certificate -.Fa x -to -.Fa serial . -A copy of the serial number is used internally so -.Fa serial -should be freed up after use. -.Sh RETURN VALUES -.Fn X509_get_serialNumber -and -.Fn X509_get0_serialNumber -return a pointer to an -.Vt ASN1_INTEGER -structure. -.Pp -.Fn X509_set_serialNumber -returns 1 for success or 0 for failure. -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr d2i_X509 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_NAME_add_entry_by_txt 3 , -.Xr X509_NAME_ENTRY_get_object 3 , -.Xr X509_NAME_get_index_by_NID 3 , -.Xr X509_NAME_print_ex 3 , -.Xr X509_new 3 , -.Xr X509_sign 3 , -.Xr X509_verify_cert 3 , -.Xr X509V3_get_d2i 3 -.Sh HISTORY -.Fn X509_get_serialNumber -and -.Fn X509_set_serialNumber -first appeared in SSLeay 0.6.5 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_get0_serialNumber -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.4 . diff --git a/src/lib/libcrypto/man/X509_get_subject_name.3 b/src/lib/libcrypto/man/X509_get_subject_name.3 deleted file mode 100644 index fb9611f645..0000000000 --- a/src/lib/libcrypto/man/X509_get_subject_name.3 +++ /dev/null @@ -1,189 +0,0 @@ -.\" $OpenBSD: X509_get_subject_name.3,v 1.10 2020/10/21 17:17:44 tb Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: October 21 2020 $ -.Dt X509_GET_SUBJECT_NAME 3 -.Os -.Sh NAME -.Nm X509_get_subject_name , -.Nm X509_set_subject_name , -.Nm X509_get_issuer_name , -.Nm X509_set_issuer_name , -.Nm X509_REQ_get_subject_name , -.Nm X509_REQ_set_subject_name , -.Nm X509_CRL_get_issuer , -.Nm X509_CRL_set_issuer_name -.Nd get and set issuer or subject names -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_NAME * -.Fo X509_get_subject_name -.Fa "const X509 *x" -.Fc -.Ft int -.Fo X509_set_subject_name -.Fa "X509 *x" -.Fa "X509_NAME *name" -.Fc -.Ft X509_NAME * -.Fo X509_get_issuer_name -.Fa "const X509 *x" -.Fc -.Ft int -.Fo X509_set_issuer_name -.Fa "X509 *x" -.Fa "X509_NAME *name" -.Fc -.Ft X509_NAME * -.Fo X509_REQ_get_subject_name -.Fa "const X509_REQ *req" -.Fc -.Ft int -.Fo X509_REQ_set_subject_name -.Fa "X509_REQ *req" -.Fa "X509_NAME *name" -.Fc -.Ft X509_NAME * -.Fo X509_CRL_get_issuer -.Fa "const X509_CRL *crl" -.Fc -.Ft int -.Fo X509_CRL_set_issuer_name -.Fa "X509_CRL *x" -.Fa "X509_NAME *name" -.Fc -.Sh DESCRIPTION -.Fn X509_get_subject_name -returns the subject name of certificate -.Fa x . -The returned value is an internal pointer which must not be freed. -.Pp -.Fn X509_set_subject_name -sets the issuer name of certificate -.Fa x -to -.Fa name . -The -.Fa name -parameter is copied internally and should be freed up when it is no -longer needed. -.Pp -.Fn X509_get_issuer_name -and -.Fn X509_set_issuer_name -are identical to -.Fn X509_get_subject_name -and -.Fn X509_set_subject_name -except that they get and set the issuer name of -.Fa x . -.Pp -Similarly -.Fn X509_REQ_get_subject_name , -.Fn X509_REQ_set_subject_name , -.Fn X509_CRL_get_issuer , -and -.Fn X509_CRL_set_issuer_name -get or set the subject or issuer names of certificate requests -of CRLs, respectively. -.Sh RETURN VALUES -.Fn X509_get_subject_name , -.Fn X509_get_issuer_name , -.Fn X509_REQ_get_subject_name , -and -.Fn X509_CRL_get_issuer -return a pointer to an -.Vt X509_NAME -object. -.Pp -.Fn X509_set_subject_name , -.Fn X509_set_issuer_name , -.Fn X509_REQ_set_subject_name , -and -.Fn X509_CRL_set_issuer_name -return 1 for success or 0 for failure. -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr d2i_X509_NAME 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_new 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_NAME_add_entry_by_txt 3 , -.Xr X509_NAME_ENTRY_get_object 3 , -.Xr X509_NAME_get_index_by_NID 3 , -.Xr X509_NAME_new 3 , -.Xr X509_NAME_print_ex 3 , -.Xr X509_new 3 , -.Xr X509_REQ_new 3 , -.Xr X509_sign 3 , -.Xr X509_verify_cert 3 , -.Xr X509V3_get_d2i 3 -.Sh HISTORY -.Fn X509_get_subject_name -and -.Fn X509_get_issuer_name -appeared in SSLeay 0.4 or earlier. -.Fn X509_set_subject_name , -.Fn X509_set_issuer_name , -.Fn X509_REQ_get_subject_name , -and -.Fn X509_REQ_set_subject_name -first appeared in SSLeay 0.6.5. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_CRL_get_issuer -first appeared in OpenSSL 0.9.2b and has been available since -.Ox 2.6 . -.Pp -.Fn X509_CRL_set_issuer_name -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/X509_get_version.3 b/src/lib/libcrypto/man/X509_get_version.3 deleted file mode 100644 index ee46ff7c8c..0000000000 --- a/src/lib/libcrypto/man/X509_get_version.3 +++ /dev/null @@ -1,162 +0,0 @@ -.\" $OpenBSD: X509_get_version.3,v 1.8 2020/10/21 17:17:44 tb Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: October 21 2020 $ -.Dt X509_GET_VERSION 3 -.Os -.Sh NAME -.Nm X509_get_version , -.Nm X509_set_version , -.Nm X509_REQ_get_version , -.Nm X509_REQ_set_version , -.Nm X509_CRL_get_version , -.Nm X509_CRL_set_version -.Nd get or set certificate, certificate request, or CRL version -.Sh SYNOPSIS -.In openssl/x509.h -.Ft long -.Fo X509_get_version -.Fa "const X509 *x" -.Fc -.Ft int -.Fo X509_set_version -.Fa "X509 *x" -.Fa "long version" -.Fc -.Ft long -.Fo X509_REQ_get_version -.Fa "const X509_REQ *req" -.Fc -.Ft int -.Fo X509_REQ_set_version -.Fa "X509_REQ *x" -.Fa "long version" -.Fc -.Ft long -.Fo X509_CRL_get_version -.Fa "const X509_CRL *crl" -.Fc -.Ft int -.Fo X509_CRL_set_version -.Fa "X509_CRL *x" -.Fa "long version" -.Fc -.Sh DESCRIPTION -.Fn X509_get_version -returns the numerical value of the version field of certificate -.Fa x . -Note: this is defined by standards (X.509 et al.) to be one less -than the certificate version. -So a version 3 certificate will return 2 and a version 1 certificate -will return 0. -.Pp -.Fn X509_set_version -sets the numerical value of the version field of certificate -.Fa x -to -.Fa version . -.Pp -Similarly -.Fn X509_REQ_get_version , -.Fn X509_REQ_set_version , -.Fn X509_CRL_get_version , -and -.Fn X509_CRL_set_version -get and set the version number of certificate requests and CRLs. -.Pp -The version field of certificates, certificate requests, and CRLs -has a DEFAULT value of v1(0) meaning the field should be omitted -for version 1. -This is handled transparently by these functions. -.Sh RETURN VALUES -.Fn X509_get_version , -.Fn X509_REQ_get_version , -and -.Fn X509_CRL_get_version -return the numerical value of the version field. -.Pp -.Fn X509_set_version , -.Fn X509_REQ_set_version , -and -.Fn X509_CRL_set_version -return 1 for success or 0 for failure. -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr d2i_X509 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_new 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_NAME_add_entry_by_txt 3 , -.Xr X509_NAME_ENTRY_get_object 3 , -.Xr X509_NAME_get_index_by_NID 3 , -.Xr X509_NAME_print_ex 3 , -.Xr X509_new 3 , -.Xr X509_REQ_new 3 , -.Xr X509_sign 3 , -.Xr X509_verify_cert 3 , -.Xr X509V3_get_d2i 3 -.Sh HISTORY -.Fn X509_get_version , -.Fn X509_set_version , -.Fn X509_REQ_get_version , -and -.Fn X509_REQ_set_version -first appeared in SSLeay 0.6.5 and have been available since -.Ox 2.4 . -.Pp -.Fn X509_CRL_get_version -first appeared in OpenSSL 0.9.2b and has been available since -.Ox 2.6 . -.Pp -.Fn X509_CRL_set_version -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/X509_keyid_set1.3 b/src/lib/libcrypto/man/X509_keyid_set1.3 deleted file mode 100644 index c529fc742b..0000000000 --- a/src/lib/libcrypto/man/X509_keyid_set1.3 +++ /dev/null @@ -1,171 +0,0 @@ -.\" $OpenBSD: X509_keyid_set1.3,v 1.2 2021/07/09 14:41:14 tb Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 9 2021 $ -.Dt X509_KEYID_SET1 3 -.Os -.Sh NAME -.Nm X509_keyid_set1 , -.Nm X509_keyid_get0 , -.Nm X509_alias_set1 , -.Nm X509_alias_get0 -.Nd auxiliary certificate data for PKCS#12 -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_keyid_set1 -.Fa "X509 *x" -.Fa "const unsigned char *data" -.Fa "int len" -.Fc -.Ft unsigned char * -.Fo X509_keyid_get0 -.Fa "X509 *x" -.Fa "int *plen" -.Fc -.Ft int -.Fo X509_alias_set1 -.Fa "X509 *x" -.Fa "const unsigned char *data" -.Fa "int len" -.Fc -.Ft unsigned char * -.Fo X509_alias_get0 -.Fa "X509 *x" -.Fa "int *plen" -.Fc -.Sh DESCRIPTION -These functions store non-standard auxiliary data in -.Fa x -and retrieve it. -.Pp -The -.Fa len -bytes of -.Fa data -stored using -.Fn X509_keyid_set1 -will be written to the -.Sy localKeyID -attribute of the PKCS#12 structure if -.Xr PKCS12_create 3 -is later called on -.Fa x , -and the -.Fa data -stored using -.Fn X509_alias_set1 -will be written to the -.Sy friendlyName -attribute. -If -.Fa data -points to a NUL-terminated string, \-1 can be passed as the -.Fa len -argument to let -.Fa len -be calculated internally using -.Xr strlen 3 . -If a -.Dv NULL -pointer is passed as the -.Fa data -argument, the respective auxiliary data stored in -.Fa x , -if any, is removed from -.Fa x -and freed. -.Pp -Conversely, -.Xr PKCS12_parse 3 -retrieves these attributes from a PKCS#12 structure such that they can -subsequently be accessed with -.Fn X509_keyid_get0 -and -.Fn X509_alias_get0 . -Unless -.Dv NULL -is passed for the -.Fa plen -argument, these functions store the size of the returned buffer in bytes in -.Pf * Fa plen . -After the call, the returned buffer is not necessarily NUL-terminated, -but it may contain internal NUL bytes. -.Pp -API design is very incomplete; given the complexity of PKCS#12, -that's probably an asset rather than a defect. -The PKCS#12 standard defines many attributes that cannot be stored in -.Vt X509 -objects. -.Pp -To associate certificates with alternative names and key identifiers, -X.509 certificate extensions are more commonly used than PKCS#12 -attributes, for example using -.Xr X509_EXTENSION_create_by_NID 3 -with -.Dv NID_subject_alt_name -or -.Dv NID_subject_key_identifier . -.Sh RETURN VALUES -.Fn X509_keyid_set1 -and -.Fn X509_alias_set1 -return 1 if -.Fa data -is -.Dv NULL -or if the input -.Fa data -was successfully copied into -.Fa x , -or 0 if -.Fa data -is not -.Dv NULL -but could not be copied because -.Fa x -is -.Dv NULL -or memory allocation failed. -.Pp -.Fn X509_keyid_get0 -and -.Fn X509_alias_get0 -return an internal pointer to an array of bytes or -.Dv NULL -if -.Fa x -does not contain auxiliary data of the requested kind. -.Sh SEE ALSO -.Xr ASN1_STRING_set 3 , -.Xr X509_CERT_AUX_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 , -.Xr X509V3_get_d2i 3 -.Sh HISTORY -.Fn X509_alias_set1 -and -.Fn X509_alias_get0 -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn X509_keyid_set1 -first appeared in OpenSSL 0.9.6 and has been available since -.Ox 2.9 . -.Pp -.Fn X509_keyid_get0 -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3 deleted file mode 100644 index 0afbae374a..0000000000 --- a/src/lib/libcrypto/man/X509_new.3 +++ /dev/null @@ -1,238 +0,0 @@ -.\" $OpenBSD: X509_new.3,v 1.30 2021/08/02 16:21:11 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016, 2018, 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2006, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 2 2021 $ -.Dt X509_NEW 3 -.Os -.Sh NAME -.Nm X509_new , -.Nm X509_dup , -.Nm X509_free , -.Nm X509_up_ref , -.Nm X509_chain_up_ref -.Nd X.509 certificate object -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509 * -.Fn X509_new void -.Ft X509 * -.Fo X509_dup -.Fa "X509 *a" -.Fc -.Ft void -.Fo X509_free -.Fa "X509 *a" -.Fc -.Ft int -.Fo X509_up_ref -.Fa "X509 *a" -.Fc -.Ft STACK_OF(X509) * -.Fo X509_chain_up_ref -.Fa "STACK_OF(X509) *chain" -.Fc -.Sh DESCRIPTION -.Fn X509_new -allocates and initializes an empty -.Vt X509 -object with reference count 1. -It represents an ASN.1 -.Vt Certificate -structure defined in RFC 5280 section 4.1. -It can hold a public key together with information about the person, -organization, device, or function the associated private key belongs to. -.Pp -.Fn X509_dup -creates a deep copy of -.Fa a -using -.Xr ASN1_item_dup 3 , -setting the reference count of the copy to 1. -.Pp -.Fn X509_free -decrements the reference count of the -.Vt X509 -structure -.Fa a -and frees it up if the reference count reaches 0. -If -.Fa a -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn X509_up_ref -increments the reference count of -.Fa a -by 1. -This function is useful if a certificate structure is being used -by several different operations each of which will free it up after -use: this avoids the need to duplicate the entire certificate -structure. -.Pp -.Fn X509_chain_up_ref -performs a shallow copy of the given -.Fa chain -using -.Fn sk_X509_dup -and increments the reference count of each contained certificate -by 1. -Its purpose is similar to -.Fn X509_up_ref : -The returned chain persists after the original is freed. -.Sh RETURN VALUES -.Fn X509_new -and -.Fn X509_dup -return a pointer to the newly allocated object or -.Dv NULL -if an error occurs; an error code can be obtained by -.Xr ERR_get_error 3 . -.Pp -.Fn X509_up_ref -returns 1 for success or 0 for failure. -.Pp -.Fn X509_chain_up_ref -returns the copy of the -.Fa chain -or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr AUTHORITY_KEYID_new 3 , -.Xr BASIC_CONSTRAINTS_new 3 , -.Xr crypto 3 , -.Xr d2i_X509 3 , -.Xr PKCS8_PRIV_KEY_INFO_new 3 , -.Xr X509_ALGOR_new 3 , -.Xr X509_ATTRIBUTE_new 3 , -.Xr X509_check_ca 3 , -.Xr X509_check_host 3 , -.Xr X509_check_issued 3 , -.Xr X509_check_private_key 3 , -.Xr X509_check_purpose 3 , -.Xr X509_check_trust 3 , -.Xr X509_CINF_new 3 , -.Xr X509_cmp 3 , -.Xr X509_CRL_new 3 , -.Xr X509_digest 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_find_by_subject 3 , -.Xr X509_get0_notBefore 3 , -.Xr X509_get0_signature 3 , -.Xr X509_get1_email 3 , -.Xr X509_get_ex_new_index 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_get_serialNumber 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_get_version 3 , -.Xr X509_INFO_new 3 , -.Xr X509_LOOKUP_hash_dir 3 , -.Xr X509_LOOKUP_new 3 , -.Xr X509_NAME_new 3 , -.Xr X509_policy_check 3 , -.Xr X509_policy_tree_level_count 3 , -.Xr X509_print_ex 3 , -.Xr X509_PUBKEY_new 3 , -.Xr X509_PURPOSE_set 3 , -.Xr X509_REQ_new 3 , -.Xr X509_SIG_new 3 , -.Xr X509_sign 3 , -.Xr X509_STORE_CTX_new 3 , -.Xr X509_STORE_get_by_subject 3 , -.Xr X509_STORE_new 3 , -.Xr X509_TRUST_set 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn X509_new -and -.Fn X509_free -appeared in SSLeay 0.4 or earlier. -.Fn X509_dup -first appeared in SSLeay 0.4.4. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_up_ref -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.1 . -.Pp -.Fn X509_chain_up_ref -first appeared in OpenSSL 1.0.2 and has been available since -.Ox 6.3 . -.Sh BUGS -The X.509 public key infrastructure and its data types contain too -many design bugs to list them. -For lots of examples, see the classic -.Lk https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt\ - "X.509 Style Guide" -that -.An Peter Gutmann -published in 2000. diff --git a/src/lib/libcrypto/man/X509_ocspid_print.3 b/src/lib/libcrypto/man/X509_ocspid_print.3 deleted file mode 100644 index b9b6c92fbb..0000000000 --- a/src/lib/libcrypto/man/X509_ocspid_print.3 +++ /dev/null @@ -1,58 +0,0 @@ -.\" $OpenBSD: X509_ocspid_print.3,v 1.1 2021/08/06 21:45:55 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 6 2021 $ -.Dt X509_OCSPID_PRINT 3 -.Os -.Sh NAME -.Nm X509_ocspid_print -.Nd pretty-print hashes of subject name and public key -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_ocspid_print -.Fa "BIO *bio" -.Fa "X509 *issuer" -.Fc -.Sh DESCRIPTION -.Fn X509_ocspid_print -produces human-readable output to -.Fa bio -containing hexadecimal representations of SHA-1 hashes of the -DER-encoded forms of the subject name and the public key of the -.Fa issuer -certificate, as these hashes appear in OCSP requests. -.Sh RETURN VALUES -.Fn X509_ocspid_print -returns 1 for success or 0 for failure. -.Sh EXAMPLES -This function is used by the -.Fl ocspid -flag of the -.Xr openssl 1 -.Cm x509 -command. -.Sh SEE ALSO -.Xr EVP_sha1 3 , -.Xr i2d_X509_NAME 3 , -.Xr OCSP_cert_to_id 3 , -.Xr OCSP_REQUEST_new 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_get_subject_name 3 -.Sh HISTORY -.Fn X509_ocspid_print -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/X509_policy_check.3 b/src/lib/libcrypto/man/X509_policy_check.3 deleted file mode 100644 index e4b3be0d43..0000000000 --- a/src/lib/libcrypto/man/X509_policy_check.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" $OpenBSD: X509_policy_check.3,v 1.5 2021/07/30 15:01:40 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 30 2021 $ -.Dt X509_POLICY_CHECK 3 -.Os -.Sh NAME -.Nm X509_policy_check , -.Nm X509_policy_tree_free -.Nd construct X.509 valid policy tree -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft int -.Fo X509_policy_check -.Fa "X509_POLICY_TREE **ptree" -.Fa "int *pexplicit_policy" -.Fa "STACK_OF(X509) *certs" -.Fa "STACK_OF(ASN1_OBJECT) *policy_oids" -.Fa "unsigned int flags" -.Fc -.Ft void -.Fn X509_policy_tree_free "X509_POLICY_TREE *tree" -.Sh DESCRIPTION -.Fn X509_policy_check -performs those parts of Basic Certification Path Validation -described in RFC 5280 section 6.1 that are related to the -construction of the valid policy tree. -.Pp -The -.Fa certs -input argument contains the prospective certification path -according to RFC 5280 paragraph 6.1.1(a), starting with the -target certificate and ending with the trust anchor. -.Pp -The -.Fa policy_oids -input argument contains the -.Va user-initial-policy-set -according to RFC 5280 section 6.1.1(c). -It specifies a set of certificate policies acceptable to the certificate user. -.Pp -The -.Fa flags -argument can contain zero or more of the following constants, OR'ed together: -.Bl -tag -width Ds -.It Dv X509_V_FLAG_EXPLICIT_POLICY -Set -.Va initial-explicit-policy -as defined by RFC 5280 paragraph 6.1.1(f). -It requires the path to be valid for at least one of the -.Fa policy_oids . -.It Dv X509_V_FLAG_INHIBIT_ANY -Set -.Va initial-any-policy-inhibit -as defined by RFC 5280 paragraph 6.1.1(g). -It causes the -.Sy anyPolicy -OID to be skipped if it is encountered in a certificate. -.It Dv X509_V_FLAG_INHIBIT_MAP -Set -.Va initial-policy-mapping-inhibit -as defined by RFC 5280 paragraph 6.1.1(e). -It disables policy mapping in the certification path. -.El -.Pp -Upon success and in some cases of failure, the storage location pointed to by -.Fa pexplicit_policy -is set to 1 if -.Dv X509_V_FLAG_EXPLICIT_POLICY -was requested. -Otherwise, it is set to 0. -.Pp -In many cases of success and in a few cases of failure, a pointer to the -.Vt valid_policy_tree -output value mentioned in RFC 5280 section 6.1.6 is returned in -.Pf * Fa ptree . -It contains one level for each of the -.Fa certs , -in reverse order: level 0 corresponds to the trust anchor, -the last level corresponds to the target certificate. -Level 0 is initialized to contain a single node with a -.Fa valid_policy -of -.Sy anyPolicy -and an empty -.Fa qualifier_set . -.Pp -If a policy tree is returned, the reference count of each of the -.Fa certs -is incremented by 1. -In that case, the caller is responsible for calling -.Fn X509_policy_tree_free -to release all memory used by the -.Fa tree -and to decrement the reference counts -of the certificates referenced from it by 1. -If -.Fa tree -is a -.Dv NULL -pointer, -.Fn X509_policy_tree_free -has no effect. -.Sh RETURN VALUES -.Fn X509_policy_check -returns these values: -.Bl -tag -width 2n -.It \-2 -Validation failed because -.Dv X509_V_FLAG_EXPLICIT_POLICY -was requested but the resulting policy tree -or the resulting user policy set would have been empty. -In this case, -.Pf * Fa pexplicit_policy -is set to 1. -If the resulting tree is empty, -.Pf * Fa ptree -is set to -.Dv NULL ; -otherwise, it is set to the resulting tree. -.It \-1 -At least one of the -.Fa certs -contains invalid or inconsistent extensions. -.Pf * Fa ptree -is set to -.Dv NULL -and -.Pf * Fa pexplicit_policy -to 0. -.It 0 -Internal error. -For example, setting up the policy caches failed, or memory allocation -failed while constructing the tree. -.Pf * Fa ptree -is set to -.Dv NULL -and -.Pf * Fa pexplicit_policy -may or may not be set. -.It 1 -Validation succeeded and -.Pf * Fa ptree -and -.Pf * Fa pexplicit_policy -have been set. -In the special cases that the -.Fa certs -argument contains exactly one certificate or that -.Dv X509_V_FLAG_EXPLICIT_POLICY -was not requested and at least one of the certificates contains no -certificate policies or the resulting policy tree would have been empty, -.Pf * Fa ptree -is set to -.Dv NULL -and -.Pf * Fa pexplicit_policy -to 0. -.El -.Sh SEE ALSO -.Xr ASN1_OBJECT_new 3 , -.Xr OBJ_nid2obj 3 , -.Xr STACK_OF 3 , -.Xr X509_check_purpose 3 , -.Xr X509_check_trust 3 , -.Xr X509_new 3 , -.Xr X509_policy_tree_level_count 3 , -.Xr X509_verify_cert 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate -and Certificate Revocation List (CRL) Profile, -section 6.1: Basic Path Validation -.Sh HISTORY -.Fn X509_policy_check -and -.Fn X509_policy_tree_free -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/X509_policy_tree_level_count.3 b/src/lib/libcrypto/man/X509_policy_tree_level_count.3 deleted file mode 100644 index f74754c362..0000000000 --- a/src/lib/libcrypto/man/X509_policy_tree_level_count.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.3 2021/07/28 13:47:21 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 28 2021 $ -.Dt X509_POLICY_TREE_LEVEL_COUNT 3 -.Os -.Sh NAME -.Nm X509_policy_tree_level_count , -.Nm X509_policy_tree_get0_level , -.Nm X509_policy_level_node_count , -.Nm X509_policy_level_get0_node , -.Nm X509_policy_node_get0_policy , -.Nm X509_policy_node_get0_qualifiers , -.Nm X509_policy_node_get0_parent -.Nd inspect X.509 policy tree objects -.Sh SYNOPSIS -.In openssl/x509_vfy.h -.Ft int -.Fn X509_policy_tree_level_count "const X509_POLICY_TREE *tree" -.Ft X509_POLICY_LEVEL * -.Fn X509_policy_tree_get0_level "const X509_POLICY_TREE *tree" "int index" -.Ft int -.Fn X509_policy_level_node_count "X509_POLICY_LEVEL *level" -.Ft X509_POLICY_NODE * -.Fn X509_policy_level_get0_node "X509_POLICY_LEVEL *level" "int index" -.Ft const ASN1_OBJECT * -.Fn X509_policy_node_get0_policy "const X509_POLICY_NODE *node" -.Ft STACK_OF(POLICYQUALINFO) * -.Fn X509_policy_node_get0_qualifiers "const X509_POLICY_NODE *node" -.Ft const X509_POLICY_NODE * -.Fn X509_policy_node_get0_parent "const X509_POLICY_NODE *node" -.Sh DESCRIPTION -The -.Vt X509_POLICY_TREE -object represents a -.Vt valid_policy_tree -as described in RFC 5280 section 6.1. -.Pp -The -.Vt X509_POLICY_LEVEL -object represents one level of such a tree, -corresponding to one certificate. -.Pp -The -.Vt X509_POLICY_NODE -object represents one node in the tree. -.Sh RETURN VALUES -.Fn X509_policy_tree_level_count -returns the number of levels in the -.Fa tree -or 0 if the -.Fa tree -argument is -.Dv NULL . -If it is not 0, it equals the number of certificates in the -certification path the tree was created from, including both -the target certificate and the trust anchor. -.Pp -.Fn X509_policy_tree_get0_level -returns an internal pointer to the level of the -.Fa tree -with the given -.Fa index -or -.Dv NULL -if the -.Fa tree -argument is -.Dv NULL -or the -.Fa index -is less than 0 or greater than or equal to the number of levels in the -.Fa tree . -An -.Fa index -of 0 corresponds to the trust anchor -and the last level corresponds to the target certificate. -.Pp -.Fn X509_policy_level_node_count -returns the number of nodes on the -.Fa level , -including an -.Sy anyPolicy -node if it is present, or 0 if the -.Fa level -argument is -.Dv NULL . -.Pp -.Fn X509_policy_level_get0_node -returns an internal pointer to the node on the -.Fa level -with the given -.Fa index -or -.Dv NULL -if the -.Fa level -argument is -.Dv NULL -or the -.Fa index -is less than 0 or greater than or equal to the number of nodes on the level. -If an -.Sy anyPolicy -node is present on the level, it can be retrieved by passing an -.Fa index -of 0. -.Pp -.Fn X509_policy_node_get0_policy -returns an internal pointer to the -.Fa valid_policy -child object of the node or -.Dv NULL -if the -.Fa node -argument is -.Dv NULL . -It represents a single policy that is valid for the path -from the trust anchor to the certificate corresponding -to the level containing the -.Fa node . -.Pp -.Fn X509_policy_node_get0_qualifiers -returns an internal pointer to the -.Fa qualifier_set -child object of the node or -.Dv NULL -if the -.Fa node -argument is -.Dv NULL . -It contains the policy qualifiers associated with the -.Fa valid_policy -of the -.Fa node -in the certificate corresponding to the level containing the -.Fa node . -.Pp -.Fn X509_policy_node_get0_parent -returns -.Dv NULL -if the -.Fa node -argument is -.Dv NULL -or located on level 0. -Otherwise, it returns an an internal pointer to the parent node of the -.Fa node -argument. -The parent node is always located on the previous level. -.Sh SEE ALSO -.Xr ASN1_OBJECT_new 3 , -.Xr OBJ_obj2txt 3 , -.Xr POLICYQUALINFO_new 3 , -.Xr STACK_OF 3 , -.Xr X509_new 3 , -.Xr X509_policy_check 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate -and Certificate Revocation List (CRL) Profile, -section 6.1: Basic Path Validation -.Sh HISTORY -These function first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/X509_print_ex.3 b/src/lib/libcrypto/man/X509_print_ex.3 deleted file mode 100644 index 85e82709bb..0000000000 --- a/src/lib/libcrypto/man/X509_print_ex.3 +++ /dev/null @@ -1,280 +0,0 @@ -.\" $OpenBSD: X509_print_ex.3,v 1.3 2021/07/23 06:02:39 jmc Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 23 2021 $ -.Dt X509_PRINT_EX 3 -.Os -.Sh NAME -.Nm X509_print_ex , -.Nm X509_CERT_AUX_print , -.Nm X509_print_ex_fp , -.Nm X509_print , -.Nm X509_print_fp -.Nd pretty-print an X.509 certificate -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_print_ex -.Fa "BIO *bio" -.Fa "X509 *x" -.Fa "unsigned long nameflags" -.Fa "unsigned long skipflags" -.Fc -.Ft int -.Fo X509_CERT_AUX_print -.Fa "BIO *bio" -.Fa "X509_CERT_AUX *aux" -.Fa "int indent" -.Fc -.Ft int -.Fo X509_print_ex_fp -.Fa "FILE *fp" -.Fa "X509 *x" -.Fa "unsigned long nameflags" -.Fa "unsigned long skipflags" -.Fc -.Ft int -.Fo X509_print -.Fa "BIO *bio" -.Fa "X509 *x" -.Fc -.Ft int -.Fo X509_print_fp -.Fa "FILE *fp" -.Fa "X509 *x" -.Fc -.Sh DESCRIPTION -.Fn X509_print_ex -prints information contained in -.Fa x -to -.Fa bio -in human-readable form. -Printing is aborted as soon as any operation fails, with the exception -that failures while attempting to decode or print the public key, -the X.509 version 3 extensions, or non-standard auxiliary data are -not considered as errors. -.Pp -By default, the following blocks of information are printed -in the following order. -Each block can be skipped by setting the corresponding bit in -.Fa skipflags , -provided in parentheses after each block description. -.Bl -bullet -.It -A pair of lines reading -.Qq Certificate:\& -and -.Qq Data:\& -containing no information. -.Pq Dv X509_FLAG_NO_HEADER -.It -The certificate version number as defined by the standard, -followed in parentheses by the value contained in the version field -in hexadecimal notation. -See -.Xr X509_get_version 3 -for details. -.Pq Dv X509_FLAG_NO_VERSION -.It -The serial number of the certificate as returned by -.Xr X509_get_serialNumber 3 . -If it is not \-1 and converting it to -.Vt long -succeeds, it is printed in both decimal and hexadecimal format. -If it is \-1, too wide to fit in -.Vt long , -or conversion fails, it is printed byte-by-byte in hexadecimal notation. -.Pq Dv X509_FLAG_NO_SERIAL -.It -The name of the signature algorithm is printed with -.Xr X509_signature_print 3 . -.Pq Dv X509_FLAG_NO_SIGNAME -.It -The issuer name returned by -.Xr X509_get_issuer_name 3 -is printed with -.Xr X509_NAME_print_ex 3 . -.Pq Dv X509_FLAG_NO_ISSUER -.It -The validity period from -.Xr X509_get_notBefore 3 -to -.Xr X509_get_notAfter 3 -is printed using -.Xr ASN1_TIME_print 3 . -.Pq Dv X509_FLAG_NO_VALIDITY -.It -The subject name returned from -.Xr X509_get_subject_name 3 -is printed with -.Xr X509_NAME_print_ex 3 . -.Pq Dv X509_FLAG_NO_SUBJECT -.It -The public key algorithm is printed with -.Xr i2a_ASN1_OBJECT 3 , -and the public key returned from -.Xr X509_get_pubkey 3 -with -.Xr EVP_PKEY_print_public 3 . -.Pq Dv X509_FLAG_NO_PUBKEY -.It -All X.509 extensions contained in the certificate are printed with -.Xr X509V3_extensions_print 3 . -.Pq Dv X509_FLAG_NO_EXTENSIONS -.It -The signature is printed with -.Xr X509_signature_print 3 . -.Pq Dv X509_FLAG_NO_SIGDUMP -.It -Non-standard auxiliary data associated with the certificate is printed -using the function -.Fn X509_CERT_AUX_print -documented below. -.Pq Dv X509_FLAG_NO_AUX -.El -.Pp -The -.Fa nameflags -argument modifies the format for printing X.501 -.Vt Name -objects contained in -.Fa x . -It is passed through to -.Xr X509_NAME_print_ex 3 . -If -.Fa nameflags -is -.Dv X509_FLAG_COMPAT , -the -.Fa indent -argument of -.Xr X509_NAME_print_ex 3 -is set to 16 spaces and the traditional SSLeay format generated by -.Xr X509_NAME_print 3 -is used. -Otherwise, if the only bit set in -.Dv XN_FLAG_SEP_MASK -is -.Dv XN_FLAG_SEP_MULTILINE , -.Fa indent -is set to 12 spaces. -Otherwise, -.Fa indent -is set to zero. -.Pp -.Fn X509_CERT_AUX_print -prints information contained in -.Fa aux -to -.Fa bio -in human-readable form with a left margin of -.Fa indent -spaces. -If -.Fa aux -is -.Dv NULL , -it prints nothing. -.Pp -Information is printed in the following order: -.Bl -bullet -.It -Purposes the certificate is intended to be used for as set with -.Xr X509_add1_trust_object 3 , -each printed with -.Xr OBJ_obj2txt 3 . -.It -Purposes the certificate is explicitly -.Em not -intended to be used for as set with -.Xr X509_add1_reject_object 3 , -again each printed with -.Xr OBJ_obj2txt 3 . -.It -If -.Fa aux -contains data set with -.Xr X509_alias_set1 3 , -the raw bytes are printed in unencoded form. -.It -If -.Fa aux -contains data set with -.Xr X509_keyid_set1 3 , -the bytes are printed in hexadecimal notation with colons in between. -.El -.Pp -.Fn X509_print_ex_fp -is similar to -.Fn X509_print_ex -except that it prints to -.Fa fp . -.Pp -.Fn X509_print -and -.Fn X509_print_fp -are wrapper functions setting the -.Fa nameflags -to -.Dv XN_FLAG_COMPAT -and the -.Fa skipflags -to -.Dv X509_FLAG_COMPAT . -.Sh RETURN VALUES -.Fn X509_print_ex , -.Fn X509_print_ex_fp , -.Fn X509_print , -and -.Fn X509_print_fp -return 1 if all requested information was successfully printed, -even if failures occurred while attempting to decode or print the -public key or X.509 version 3 extensions, or 0 if any other operation -failed. -.Pp -.Fn X509_CERT_AUX_print -always returns 1 and silently ignores write errors. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr X509_CERT_AUX_new 3 , -.Xr X509_CRL_print 3 , -.Xr X509_new 3 -.Sh HISTORY -.Fn X509_print -first appeared in SSLeay 0.5.1 and was changed to print to a -.Vt BIO -in SSLeay 0.6.0. -.Fn X509_print_fp -first appeared in SSLeay 0.6.0. -Both functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_CERT_AUX_print -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp -.Fn X509_print_ex -and -.Fn X509_print_ex_fp -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Sh BUGS -If arbitrary data was stored into -.Fa x -using -.Xr X509_alias_set1 3 , -these functions may print binary data and even NUL bytes. diff --git a/src/lib/libcrypto/man/X509_sign.3 b/src/lib/libcrypto/man/X509_sign.3 deleted file mode 100644 index ca4c5192b2..0000000000 --- a/src/lib/libcrypto/man/X509_sign.3 +++ /dev/null @@ -1,217 +0,0 @@ -.\" $OpenBSD: X509_sign.3,v 1.8 2019/06/14 13:59:32 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 14 2019 $ -.Dt X509_SIGN 3 -.Os -.Sh NAME -.Nm X509_sign , -.Nm X509_sign_ctx , -.Nm X509_verify , -.Nm X509_REQ_sign , -.Nm X509_REQ_sign_ctx , -.Nm X509_REQ_verify , -.Nm X509_CRL_sign , -.Nm X509_CRL_sign_ctx , -.Nm X509_CRL_verify -.Nd sign or verify certificate, certificate request, or CRL signature -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_sign -.Fa "X509 *x" -.Fa "EVP_PKEY *pkey" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo X509_sign_ctx -.Fa "X509 *x" -.Fa "EVP_MD_CTX *ctx" -.Fc -.Ft int -.Fo X509_verify -.Fa "X509 *a" -.Fa "EVP_PKEY *r" -.Fc -.Ft int -.Fo X509_REQ_sign -.Fa "X509_REQ *x" -.Fa "EVP_PKEY *pkey" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo X509_REQ_sign_ctx -.Fa "X509_REQ *x" -.Fa "EVP_MD_CTX *ctx" -.Fc -.Ft int -.Fo X509_REQ_verify -.Fa "X509_REQ *a" -.Fa "EVP_PKEY *r" -.Fc -.Ft int -.Fo X509_CRL_sign -.Fa "X509_CRL *x" -.Fa "EVP_PKEY *pkey" -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo X509_CRL_sign_ctx -.Fa "X509_CRL *x" -.Fa "EVP_MD_CTX *ctx" -.Fc -.Ft int -.Fo X509_CRL_verify -.Fa "X509_CRL *a" -.Fa "EVP_PKEY *r" -.Fc -.Sh DESCRIPTION -.Fn X509_sign -signs the certificate -.Fa x -using the private key -.Fa pkey -and the message digest -.Fa md -and sets the signature in -.Fa x . -.Fn X509_sign_ctx -also signs the certificate -.Fa x -but uses the parameters contained in digest context -.Fa ctx . -.Pp -.Fn X509_verify -verifies the signature of certificate -.Fa x -using the public key -.Fa pkey . -Only the signature is checked: no other checks (such as certificate -chain validity) are performed. -.Pp -.Fn X509_REQ_sign , -.Fn X509_REQ_sign_ctx , -.Fn X509_REQ_verify , -.Fn X509_CRL_sign , -.Fn X509_CRL_sign_ctx , -and -.Fn X509_CRL_verify -sign and verify certificate requests and CRLs, respectively. -.Pp -.Fn X509_sign_ctx -is used where the default parameters for the corresponding public key -and digest are not suitable. -It can be used to sign keys using RSA-PSS for example. -.Pp -For efficiency reasons and to work around ASN.1 encoding issues, the -encoding of the signed portion of a certificate, certificate request, -and CRL is cached internally. -If the signed portion of the structure is modified, the encoding is not -always updated, meaning a stale version is sometimes used. -This is not normally a problem because modifying the signed portion will -invalidate the signature and signing will always update the encoding. -.Sh RETURN VALUES -.Fn X509_sign , -.Fn X509_sign_ctx , -.Fn X509_REQ_sign , -.Fn X509_REQ_sign_ctx , -.Fn X509_CRL_sign , -and -.Fn X509_CRL_sign_ctx -return the size of the signature in bytes for success or 0 for failure. -.Pp -.Fn X509_verify , -.Fn X509_REQ_verify , -and -.Fn X509_CRL_verify -return 1 if the signature is valid or 0 if the signature check fails. -If the signature could not be checked at all because it was invalid or -some other error occurred, then -1 is returned. -.Pp -In some cases of failure, the reason can be determined with -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr d2i_X509 3 , -.Xr EVP_DigestInit 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_new 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_get_version 3 , -.Xr X509_NAME_add_entry_by_txt 3 , -.Xr X509_NAME_ENTRY_get_object 3 , -.Xr X509_NAME_get_index_by_NID 3 , -.Xr X509_NAME_print_ex 3 , -.Xr X509_new 3 , -.Xr X509_REQ_new 3 , -.Xr X509_verify_cert 3 , -.Xr X509V3_get_d2i 3 -.Sh HISTORY -.Fn X509_verify -appeared in SSLeay 0.4 or earlier. -.Fn X509_sign -and -.Fn X509_REQ_sign -first appeared in SSLeay 0.4.4. -.Fn X509_REQ_verify -and -.Fn X509_CRL_verify -first appeared in SSLeay 0.4.5b. -.Fn X509_CRL_sign -first appeared in SSLeay 0.5.1. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_sign_ctx , -.Fn X509_REQ_sign_ctx , -and -.Fn X509_CRL_sign_ctx -first appeared in OpenSSL 1.0.1 and have been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/X509_signature_dump.3 b/src/lib/libcrypto/man/X509_signature_dump.3 deleted file mode 100644 index 8fff79ce89..0000000000 --- a/src/lib/libcrypto/man/X509_signature_dump.3 +++ /dev/null @@ -1,84 +0,0 @@ -.\" $OpenBSD: X509_signature_dump.3,v 1.1 2021/07/06 16:05:44 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 6 2021 $ -.Dt X509_SIGNATURE_DUMP 3 -.Os -.Sh NAME -.Nm X509_signature_dump , -.Nm X509_signature_print -.Nd pretty-print ASN.1 strings -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_signature_dump -.Fa "BIO *bio" -.Fa "const ASN1_STRING *signature" -.Fa "int indent" -.Fc -.Ft int -.Fo X509_signature_print -.Fa "BIO *bio" -.Fa "const X509_ALGOR *algorithm" -.Fa "const ASN1_STRING *signature" -.Fc -.Sh DESCRIPTION -.Fn X509_signature_dump -writes the data bytes contained in the -.Fa signature -to -.Fa bio -in hexadecimal format with colons between bytes, -18 bytes per output line, each line indented with -.Fa indent -space characters. -.Pp -.Fn X509_signature_print -writes the name of the signature -.Fa algorithm , -or, if no name for it is known, its object identifier (OID) to -.Fa bio -using -.Xr i2a_ASN1_OBJECT 3 . -After that, if a method object for the algorithm can be retrieved with -.Xr EVP_PKEY_asn1_find 3 -and if that object defines a printing method, that printing method is -used to print the -.Fa signature . -Otherwise, unless the -.Fa signature -is -.Dv NULL , -it is printed using -.Fn X509_signature_dump . -.Sh RETURN VALUES -These functions return 1 on success or 0 on failure. -They fail and return as soon as any write operation fails. -.Sh SEE ALSO -.Xr ASN1_STRING_new 3 , -.Xr ASN1_STRING_print_ex 3 , -.Xr BIO_new 3 , -.Xr EVP_PKEY_asn1_new 3 , -.Xr X509_ALGOR_new 3 , -.Xr X509_get0_signature 3 -.Sh HISTORY -.Fn X509_signature_print -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . -.Pp -.Fn X509_signature_dump -first appeared in OpenSSL 1.0.1 and has been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/X509_verify_cert.3 b/src/lib/libcrypto/man/X509_verify_cert.3 deleted file mode 100644 index 9c085d7780..0000000000 --- a/src/lib/libcrypto/man/X509_verify_cert.3 +++ /dev/null @@ -1,93 +0,0 @@ -.\" $OpenBSD: X509_verify_cert.3,v 1.8 2019/06/06 01:06:59 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2009, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt X509_VERIFY_CERT 3 -.Os -.Sh NAME -.Nm X509_verify_cert -.Nd discover and verify X509 certificate chain -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509_verify_cert -.Fa "X509_STORE_CTX *ctx" -.Fc -.Sh DESCRIPTION -The -.Fn X509_verify_cert -function attempts to discover and validate a certificate chain based on -parameters in -.Fa ctx . -.Pp -Applications rarely call this function directly, but it is used by -OpenSSL internally for certificate validation, in both the S/MIME and -SSL/TLS code. -.Sh RETURN VALUES -If a complete chain can be built and validated this function returns 1, -otherwise it returns a value <= 0 indicating failure. -.Pp -Additional error information can be obtained by examining -.Fa ctx , -using -.Xr X509_STORE_CTX_get_error 3 . -.Sh SEE ALSO -.Xr openssl 1 , -.Xr X509_STORE_CTX_get_error 3 , -.Xr X509_STORE_CTX_new 3 -.Sh HISTORY -.Fn X509_verify_cert -first appeared in SSLeay 0.8.0 and has been available since -.Ox 2.4 . -.Sh BUGS -This function uses the header -.In openssl/x509.h -as opposed to most chain verification functions which use -.In openssl/x509_vfy.h . diff --git a/src/lib/libcrypto/man/X509v3_get_ext_by_NID.3 b/src/lib/libcrypto/man/X509v3_get_ext_by_NID.3 deleted file mode 100644 index 54e4b583f7..0000000000 --- a/src/lib/libcrypto/man/X509v3_get_ext_by_NID.3 +++ /dev/null @@ -1,401 +0,0 @@ -.\" $OpenBSD: X509v3_get_ext_by_NID.3,v 1.13 2021/07/12 14:54:00 schwarze Exp $ -.\" full merge up to: OpenSSL fd38836b Jun 20 15:25:43 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: July 12 2021 $ -.Dt X509V3_GET_EXT_BY_NID 3 -.Os -.Sh NAME -.Nm X509v3_get_ext_count , -.Nm X509v3_get_ext , -.Nm X509v3_get_ext_by_NID , -.Nm X509v3_get_ext_by_OBJ , -.Nm X509v3_get_ext_by_critical , -.Nm X509v3_delete_ext , -.Nm X509v3_add_ext , -.Nm X509_get_ext_count , -.Nm X509_get_ext , -.Nm X509_get_ext_by_NID , -.Nm X509_get_ext_by_OBJ , -.Nm X509_get_ext_by_critical , -.Nm X509_delete_ext , -.Nm X509_add_ext , -.Nm X509_CRL_get_ext_count , -.Nm X509_CRL_get_ext , -.Nm X509_CRL_get_ext_by_NID , -.Nm X509_CRL_get_ext_by_OBJ , -.Nm X509_CRL_get_ext_by_critical , -.Nm X509_CRL_delete_ext , -.Nm X509_CRL_add_ext , -.Nm X509_REVOKED_get_ext_count , -.Nm X509_REVOKED_get_ext , -.Nm X509_REVOKED_get_ext_by_NID , -.Nm X509_REVOKED_get_ext_by_OBJ , -.Nm X509_REVOKED_get_ext_by_critical , -.Nm X509_REVOKED_delete_ext , -.Nm X509_REVOKED_add_ext -.Nd extension stack utility functions -.Sh SYNOPSIS -.In openssl/x509.h -.Ft int -.Fo X509v3_get_ext_count -.Fa "const STACK_OF(X509_EXTENSION) *x" -.Fc -.Ft X509_EXTENSION * -.Fo X509v3_get_ext -.Fa "const STACK_OF(X509_EXTENSION) *x" -.Fa "int loc" -.Fc -.Ft int -.Fo X509v3_get_ext_by_NID -.Fa "const STACK_OF(X509_EXTENSION) *x" -.Fa "int nid" -.Fa "int lastpos" -.Fc -.Ft int -.Fo X509v3_get_ext_by_OBJ -.Fa "const STACK_OF(X509_EXTENSION) *x" -.Fa "const ASN1_OBJECT *obj" -.Fa "int lastpos" -.Fc -.Ft int -.Fo X509v3_get_ext_by_critical -.Fa "const STACK_OF(X509_EXTENSION) *x" -.Fa "int crit" -.Fa "int lastpos" -.Fc -.Ft X509_EXTENSION * -.Fo X509v3_delete_ext -.Fa "STACK_OF(X509_EXTENSION) *x" -.Fa "int loc" -.Fc -.Ft STACK_OF(X509_EXTENSION) * -.Fo X509v3_add_ext -.Fa "STACK_OF(X509_EXTENSION) **x" -.Fa "X509_EXTENSION *ex" -.Fa "int loc" -.Fc -.Ft int -.Fo X509_get_ext_count -.Fa "const X509 *x" -.Fc -.Ft X509_EXTENSION * -.Fo X509_get_ext -.Fa "const X509 *x" -.Fa "int loc" -.Fc -.Ft int -.Fo X509_get_ext_by_NID -.Fa "const X509 *x" -.Fa "int nid" -.Fa "int lastpos" -.Fc -.Ft int -.Fo X509_get_ext_by_OBJ -.Fa "const X509 *x" -.Fa "const ASN1_OBJECT *obj" -.Fa "int lastpos" -.Fc -.Ft int -.Fo X509_get_ext_by_critical -.Fa "const X509 *x" -.Fa "int crit" -.Fa "int lastpos" -.Fc -.Ft X509_EXTENSION * -.Fo X509_delete_ext -.Fa "X509 *x" -.Fa "int loc" -.Fc -.Ft int -.Fo X509_add_ext -.Fa "X509 *x" -.Fa "X509_EXTENSION *ex" -.Fa "int loc" -.Fc -.Ft int -.Fo X509_CRL_get_ext_count -.Fa "const X509_CRL *x" -.Fc -.Ft X509_EXTENSION * -.Fo X509_CRL_get_ext -.Fa "const X509_CRL *x" -.Fa "int loc" -.Fc -.Ft int -.Fo X509_CRL_get_ext_by_NID -.Fa "const X509_CRL *x" -.Fa "int nid" -.Fa "int lastpos" -.Fc -.Ft int -.Fo X509_CRL_get_ext_by_OBJ -.Fa "const X509_CRL *x" -.Fa "const ASN1_OBJECT *obj" -.Fa "int lastpos" -.Fc -.Ft int -.Fo X509_CRL_get_ext_by_critical -.Fa "const X509_CRL *x" -.Fa "int crit" -.Fa "int lastpos" -.Fc -.Ft X509_EXTENSION * -.Fo X509_CRL_delete_ext -.Fa "X509_CRL *x" -.Fa "int loc" -.Fc -.Ft int -.Fo X509_CRL_add_ext -.Fa "X509_CRL *x" -.Fa "X509_EXTENSION *ex" -.Fa "int loc" -.Fc -.Ft int -.Fo X509_REVOKED_get_ext_count -.Fa "const X509_REVOKED *x" -.Fc -.Ft X509_EXTENSION * -.Fo X509_REVOKED_get_ext -.Fa "const X509_REVOKED *x" -.Fa "int loc" -.Fc -.Ft int -.Fo X509_REVOKED_get_ext_by_NID -.Fa "const X509_REVOKED *x" -.Fa "int nid" -.Fa "int lastpos" -.Fc -.Ft int -.Fo X509_REVOKED_get_ext_by_OBJ -.Fa "const X509_REVOKED *x" -.Fa "const ASN1_OBJECT *obj" -.Fa "int lastpos" -.Fc -.Ft int -.Fo X509_REVOKED_get_ext_by_critical -.Fa "const X509_REVOKED *x" -.Fa "int crit" -.Fa "int lastpos" -.Fc -.Ft X509_EXTENSION * -.Fo X509_REVOKED_delete_ext -.Fa "X509_REVOKED *x" -.Fa "int loc" -.Fc -.Ft int -.Fo X509_REVOKED_add_ext -.Fa "X509_REVOKED *x" -.Fa "X509_EXTENSION *ex" -.Fa "int loc" -.Fc -.Sh DESCRIPTION -.Fn X509v3_get_ext_count -retrieves the number of extensions in -.Fa x . -.Pp -.Fn X509v3_get_ext -retrieves extension -.Fa loc -from -.Fa x . -The index -.Fa loc -can take any value from 0 to -.Fn X509_get_ext_count x No - 1 . -The returned extension is an internal pointer which must not be -freed up by the application. -.Pp -.Fn X509v3_get_ext_by_NID -and -.Fn X509v3_get_ext_by_OBJ -look for an extension with -.Fa nid -or -.Fa obj -from extension stack -.Fa x . -The search starts from the extension after -.Fa lastpos -or from the beginning if -.Fa lastpos -is -1. -If the extension is found, its index is returned; otherwise, -1 is -returned. -.Pp -.Fn X509v3_get_ext_by_critical -is similar to -.Fn X509v3_get_ext_by_NID -except that it looks for an extension of criticality -.Fa crit . -A zero value for -.Fa crit -looks for a non-critical extension; a non-zero value looks for a -critical extension. -.Pp -.Fn X509v3_delete_ext -deletes the extension with index -.Fa loc -from -.Fa x . -The deleted extension is returned and must be freed by the caller. -If -.Fa loc -is an invalid index value, -.Dv NULL -is returned. -.Pp -.Fn X509v3_add_ext -adds the extension -.Fa ex -to the stack -.Pf * Fa x -at position -.Fa loc . -If -.Fa loc -is -1, the new extension is added to the end. -If -.Pf * Fa x -is -.Dv NULL , -a new stack will be allocated. -The passed extension -.Fa ex -is duplicated internally so it must be freed after use. -.Pp -.Fn X509_get_ext_count , -.Fn X509_get_ext , -.Fn X509_get_ext_by_NID , -.Fn X509_get_ext_by_OBJ , -.Fn X509_get_ext_by_critical , -.Fn X509_delete_ext , -and -.Fn X509_add_ext -operate on the extensions of certificate -.Fa x . -They are otherwise identical to the X509v3 functions. -.Pp -.Fn X509_CRL_get_ext_count , -.Fn X509_CRL_get_ext , -.Fn X509_CRL_get_ext_by_NID , -.Fn X509_CRL_get_ext_by_OBJ , -.Fn X509_CRL_get_ext_by_critical , -.Fn X509_CRL_delete_ext , -and -.Fn X509_CRL_add_ext -operate on the extensions of the CRL -.Fa x . -They are otherwise identical to the X509v3 functions. -.Pp -.Fn X509_REVOKED_get_ext_count , -.Fn X509_REVOKED_get_ext , -.Fn X509_REVOKED_get_ext_by_NID , -.Fn X509_REVOKED_get_ext_by_OBJ , -.Fn X509_REVOKED_get_ext_by_critical , -.Fn X509_REVOKED_delete_ext , -and -.Fn X509_REVOKED_add_ext -operate on the extensions of the CRL entry -.Fa x . -They are otherwise identical to the X509v3 functions. -.Pp -These functions are used to examine stacks of extensions directly. -Many applications will want to parse or encode and add an extension: -they should use the extension encode and decode functions instead -such as -.Xr X509_get_ext_d2i 3 . -.Pp -Extension indices start from zero, so a zero index return value is -not an error. -These search functions start from the extension -.Em after -the -.Fa lastpos -parameter, so it should initially be set to -1. -If it is set to 0, the initial extension will not be checked. -.Sh RETURN VALUES -.Fn X509v3_get_ext_count -returns the extension count. -.Pp -.Fn X509v3_get_ext , -.Fn X509v3_delete_ext , -and -.Fn X509_delete_ext -return an -.Vt X509_EXTENSION -pointer or -.Dv NULL -if an error occurs. -.Pp -.Fn X509v3_get_ext_by_NID , -.Fn X509v3_get_ext_by_OBJ , -and -.Fn X509v3_get_ext_by_critical -return the extension index or -1 if an error occurs. -.Pp -.Fn X509v3_add_ext -returns a stack of extensions or -.Dv NULL -on error. -.Pp -.Fn X509_add_ext -returns 1 on success or 0 on error. -.Sh SEE ALSO -.Xr X509_CRL_new 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 , -.Xr X509_REVOKED_new 3 , -.Xr X509V3_EXT_print 3 , -.Xr X509V3_extensions_print 3 , -.Xr X509V3_get_d2i 3 -.Sh HISTORY -These functions first appeared in SSLeay 0.8.0 -and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/bn_dump.3 b/src/lib/libcrypto/man/bn_dump.3 deleted file mode 100644 index 6deac4db25..0000000000 --- a/src/lib/libcrypto/man/bn_dump.3 +++ /dev/null @@ -1,766 +0,0 @@ -.\" $OpenBSD: bn_dump.3,v 1.6 2016/12/10 21:32:14 schwarze Exp $ -.\" OpenSSL crypto/bn/README.pod aebb9aac Jul 19 09:27:53 2016 -0400 -.\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2003, 2006, 2009 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: December 10 2016 $ -.Dt BN_DUMP 3 -.Os -.Sh NAME -.Nm bn_mul_words , -.Nm bn_mul_add_words , -.Nm bn_sqr_words , -.Nm bn_div_words , -.Nm bn_add_words , -.Nm bn_sub_words , -.Nm bn_mul_comba4 , -.Nm bn_mul_comba8 , -.Nm bn_sqr_comba4 , -.Nm bn_sqr_comba8 , -.Nm bn_cmp_words , -.Nm bn_mul_normal , -.Nm bn_mul_low_normal , -.Nm bn_mul_recursive , -.Nm bn_mul_part_recursive , -.Nm bn_mul_low_recursive , -.Nm bn_mul_high , -.Nm bn_sqr_normal , -.Nm bn_sqr_recursive , -.Nm bn_expand , -.Nm bn_wexpand , -.Nm bn_expand2 , -.Nm bn_fix_top , -.Nm bn_check_top , -.Nm bn_print , -.Nm bn_dump , -.Nm bn_set_max , -.Nm bn_set_high , -.Nm bn_set_low , -.Nm mul , -.Nm mul_add , -.Nm sqr -.Nd BIGNUM library internal functions -.Sh SYNOPSIS -.In openssl/bn.h -.Ft BN_ULONG -.Fo bn_mul_words -.Fa "BN_ULONG *rp" -.Fa "BN_ULONG *ap" -.Fa "int num" -.Fa "BN_ULONG w" -.Fc -.Ft BN_ULONG -.Fo bn_mul_add_words -.Fa "BN_ULONG *rp" -.Fa "BN_ULONG *ap" -.Fa "int num" -.Fa "BN_ULONG w" -.Fc -.Ft void -.Fo bn_sqr_words -.Fa "BN_ULONG *rp" -.Fa "BN_ULONG *ap" -.Fa "int num" -.Fc -.Ft BN_ULONG -.Fo bn_div_words -.Fa "BN_ULONG h" -.Fa "BN_ULONG l" -.Fa "BN_ULONG d" -.Fc -.Ft BN_ULONG -.Fo bn_add_words -.Fa "BN_ULONG *rp" -.Fa "BN_ULONG *ap" -.Fa "BN_ULONG *bp" -.Fa "int num" -.Fc -.Ft BN_ULONG -.Fo bn_sub_words -.Fa "BN_ULONG *rp" -.Fa "BN_ULONG *ap" -.Fa "BN_ULONG *bp" -.Fa "int num" -.Fc -.Ft void -.Fo bn_mul_comba4 -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fc -.Ft void -.Fo bn_mul_comba8 -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fc -.Ft void -.Fo bn_sqr_comba4 -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fc -.Ft void -.Fo bn_sqr_comba8 -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fc -.Ft int -.Fo bn_cmp_words -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n" -.Fc -.Ft void -.Fo bn_mul_normal -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "int na" -.Fa "BN_ULONG *b" -.Fa "int nb" -.Fc -.Ft void -.Fo bn_mul_low_normal -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n" -.Fc -.Ft void -.Fo bn_mul_recursive -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n2" -.Fa "int dna" -.Fa "int dnb" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_mul_part_recursive -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n" -.Fa "int tna" -.Fa "int tnb" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_mul_low_recursive -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n2" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_mul_high -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "BN_ULONG *l" -.Fa "int n2" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_sqr_normal -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "int n" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_sqr_recursive -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "int n2" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo mul -.Fa "BN_ULONG r" -.Fa "BN_ULONG a" -.Fa "BN_ULONG w" -.Fa "BN_ULONG c" -.Fc -.Ft void -.Fo mul_add -.Fa "BN_ULONG r" -.Fa "BN_ULONG a" -.Fa "BN_ULONG w" -.Fa "BN_ULONG c" -.Fc -.Ft void -.Fo sqr -.Fa "BN_ULONG r0" -.Fa "BN_ULONG r1" -.Fa "BN_ULONG a" -.Fc -.Ft BIGNUM * -.Fo bn_expand -.Fa "BIGNUM *a" -.Fa "int bits" -.Fc -.Ft BIGNUM * -.Fo bn_wexpand -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft BIGNUM * -.Fo bn_expand2 -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft void -.Fo bn_fix_top -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_check_top -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_print -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_dump -.Fa "BN_ULONG *d" -.Fa "int n" -.Fc -.Ft void -.Fo bn_set_max -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_set_high -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft void -.Fo bn_set_low -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Sh DESCRIPTION -This page documents the internal functions used by the OpenSSL -.Vt BIGNUM -implementation. -They are described here to facilitate debugging and extending the -library. -They are -.Em not -to be used by applications. -.Ss The BIGNUM structure -.Bd -literal -typedef struct bignum_st BIGNUM; - -struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; -}; -.Ed -.Pp -The integer value is stored in -.Fa d , -a -.Xr malloc 3 Ap ed -array of words -.Pq Vt BN_ULONG , -least significant word first. -A -.Vt BN_ULONG -can be either 16, 32 or 64 bits in size, depending on the 'number of -bits' -.Pq Dv BITS2 -specified in -.In openssl/bn.h . -.Pp -.Fa dmax -is the size of the -.Fa d -array that has been allocated. -.Fa top -is the number of words being used, so for a value of 4, bn.d[0]=4 and -bn.top=1. -.Fa neg -is 1 if the number is negative. -When a -.Vt BIGNUM -is 0, the -.Fa d -field can be -.Dv NULL -and -.Fa top -== 0. -.Pp -.Fa flags -is a bit field of flags which are defined in -.In openssl/bn.h . -The flags begin with -.Dv BN_FLG_ . -The macros -.Fn BN_set_flags b n -and -.Fn BN_get_flags b n -exist to enable or fetch flag(s) -.Fa n -from a -.Vt BIGNUM -structure -.Fa b . -.Pp -Various routines in this library require the use of temporary -.Vt BIGNUM -variables during their execution. -Since dynamic memory allocation to create -.Vt BIGNUM Ns s -is rather expensive when used in conjunction with repeated subroutine -calls, the -.Vt BN_CTX -structure is used. -This structure contains BN_CTX_NUM -.Vt BIGNUM Ns s ; -see -.Xr BN_CTX_start 3 . -.Ss Low level arithmetic operations -These functions are implemented in C and for several platforms in -assembly language: -.Pp -.Fn bn_mul_words rp ap num w -operates on the -.Fa num -word arrays -.Fa rp -and -.Fa ap . -It computes -.Fa ap -* -.Fa w , -places the result in -.Fa rp , -and returns the high word (carry). -.Pp -.Fn bn_mul_add_words rp ap num w -operates on the -.Fa num -word arrays -.Fa rp -and -.Fa ap . -It computes -.Fa ap -* -.Fa w -+ -.Fa rp , -places the result in -.Fa rp , -and returns the high word (carry). -.Pp -.Fn bn_sqr_words rp ap num -operates on the -.Fa num -word array -.Fa ap -and the -.Pf 2* Fa num -word array -.Fa ap . -It computes -.Fa ap -* -.Fa ap -word-wise, and places the low and high bytes of the result in -.Fa rp . -.Pp -.Fn bn_div_words h l d -divides the two word number -.Pq Fa h , Fa l -by -.Fa d -and returns the result. -.Pp -.Fn bn_add_words rp ap bp num -operates on the -.Fa num -word arrays -.Fa ap , -.Fa bp -and -.Fa rp . -It computes -.Fa ap -+ -.Fa bp , -places the result in -.Fa rp , -and returns the high word (carry). -.Pp -.Fn bn_sub_words rp ap bp num -operates on the -.Fa num -word arrays -.Fa ap , -.Fa bp -and -.Fa rp . -It computes -.Fa ap -- -.Fa bp , -places the result in -.Fa rp , -and returns the carry (1 if -.Fa bp -\(ra -.Fa ap , -0 otherwise). -.Pp -.Fn bn_mul_comba4 r a b -operates on the 4 word arrays -.Fa a -and -.Fa b -and the 8-word array -.Fa r . -It computes -.Fa a Ns * Ns Fa b -and places the result in -.Fa r . -.Pp -.Fn bn_mul_comba8 r a b -operates on the 8-word arrays -.Fa a -and -.Fa b -and the 16-word array -.Fa r . -It computes -.Fa a Ns * Ns Fa b -and places the result in -.Fa r . -.Pp -.Fn bn_sqr_comba4 r a b -operates on the 4-word arrays -.Fa a -and -.Fa b -and the 8-word array -.Fa r . -.Pp -.Fn bn_sqr_comba8 r a b -operates on the 8-word arrays -.Fa a -and -.Fa b -and the 16 word array -.Fa r . -.Pp -The following functions are implemented in C: -.Pp -.Fn bn_cmp_words a b n -operates on the -.Fa n -word arrays -.Fa a -and -.Fa b . -It returns 1, 0 and -1 if -.Fa a -is greater than, equal and less than -.Fa b . -.Pp -.Fn bn_mul_normal r a na b nb -operates on the -.Fa na -word array -.Fa a , -the -.Fa nb -word array -.Fa b -and the -.Fa na Ns + Ns Fa nb -word array -.Fa r . -It computes -.Fa a Ns * Ns Fa b -and places the result in -.Fa r . -.Pp -.Fn bn_mul_low_normal r a b n -operates on the -.Fa n -word arrays -.Fa r , -.Fa a -and -.Fa b . -It computes the -.Fa n -low words of -.Fa a Ns * Ns Fa b -and places the result in -.Fa r . -.Pp -.Fn bn_mul_recursive r a b n2 dna dnb t -operates on the word arrays -.Fa a -and -.Fa b -of length -.Fa n2 Ns + Ns Fa dna -and -.Fa n2 Ns + Ns Fa dnb -.Pf ( Fa dna -and -.Fa dnb -are currently allowed to be 0 or negative) and the -.Pf 2* Fa n2 -word arrays -.Fa r -and -.Sy t . -.Fa n2 -must be a power of 2. -It computes -.Fa a Ns * Ns Fa b -and places the result in -.Fa r . -.Pp -.Fn bn_mul_part_recursive r a b n tna tnb tmp -operates on the word arrays -.Fa a -and -.Fa b -of length -.Fa n Ns + Ns Fa tna -and -.Fa n Ns + Ns Fa tnb -and the -.Pf 4* Fa n -word arrays -.Fa r -and -.Fa tmp . -.Pp -.Fn bn_mul_low_recursive r a b n2 tmp -operates on the -.Fa n2 -word arrays -.Fa r -and -.Fa tmp -and the -.Fa n2 Ns /2 -word arrays -.Fa a -and -.Fa b . -.Pp -.Fn bn_mul_high r a b l n2 tmp -operates on the -.Fa n2 -word arrays -.Fa r , -.Fa a , -.Fa b -and -.Fa l -(?) and the -.Pf 3* Fa n2 -word array -.Fa tmp . -.Pp -.Xr BN_mul 3 -calls -.Fn bn_mul_normal , -or an optimized implementation if the factors have the same size: -.Fn bn_mul_comba8 -is used if they are 8 words long, -.Fn bn_mul_recursive -if they are larger than -.Dv BN_MULL_SIZE_NORMAL -and the size is an exact multiple of the word size, and -.Fn bn_mul_part_recursive -for others that are larger than -.Dv BN_MULL_SIZE_NORMAL . -.Pp -.Fn bn_sqr_normal r a n tmp -operates on the -.Fa n -word array -.Fa a -and the -.Pf 2* Fa n -word arrays -.Fa tmp -and -.Fa r . -.Pp -The implementations use the following macros which, depending on the -architecture, may use -.Vt long long -C operations or inline assembler. -They are defined in -.Pa bn_lcl.h . -.Pp -.Fn mul r a w c -computes -.Fa w Ns * Ns Fa a Ns + Ns Fa c -and places the low word of the result in -.Fa r -and the high word in -.Fa c . -.Pp -.Fn mul_add r a w c -computes -.Fa w Ns * Ns Fa a Ns + Ns Fa r Ns + Ns Fa c -and places the low word of the result in -.Fa r -and the high word in -.Fa c . -.Pp -.Fn sqr r0 r1 a -computes -.Fa a Ns * Ns Fa a -and places the low word of the result in -.Fa r0 -and the high word in -.Fa r1 . -.Ss Size changes -.Fn bn_expand -ensures that -.Fa b -has enough space for a -.Fa bits -bit number. -.Fn bn_wexpand -ensures that -.Fa b -has enough space for an -.Fa n -word number. -If the number has to be expanded, both macros call -.Fn bn_expand2 , -which allocates a new -.Fa d -array and copies the data. -They return -.Dv NULL -on error, -.Fa b -otherwise. -.Pp -The -.Fn bn_fix_top -macro reduces -.Fa a Ns -> Ns Fa top -to point to the most significant non-zero word plus one when -.Fa a -has shrunk. -.Ss Debugging -.Fn bn_check_top -verifies that -.Ql ((a)-\(ratop \(ra= 0 && (a)-\(ratop \(la= (a)-\(radmax) . -A violation will cause the program to abort. -.Pp -.Fn bn_print -prints -.Fa a -to -.Dv stderr . -.Fn bn_dump -prints -.Fa n -words at -.Fa d -(in reverse order, i.e.\& -most significant word first) to -.Dv stderr . -.Pp -.Fn bn_set_max -makes -.Fa a -a static number with a -.Fa dmax -of its current size. -This is used by -.Fn bn_set_low -and -.Fn bn_set_high -to make -.Fa r -a read-only -.Vt BIGNUM -that contains the -.Fa n -low or high words of -.Fa a . -.Pp -If -.Dv BN_DEBUG -is not defined, -.Fn bn_check_top , -.Fn bn_print , -.Fn bn_dump -and -.Fn bn_set_max -are defined as empty macros. -.Sh SEE ALSO -.Xr BN_new 3 diff --git a/src/lib/libcrypto/man/crypto.3 b/src/lib/libcrypto/man/crypto.3 deleted file mode 100644 index 6e98f643de..0000000000 --- a/src/lib/libcrypto/man/crypto.3 +++ /dev/null @@ -1,181 +0,0 @@ -.\" $OpenBSD: crypto.3,v 1.25 2020/06/24 17:00:38 schwarze Exp $ -.\" OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100 -.\" -.\" This file was written by Ulf Moeller and -.\" Dr. Stephen Henson . -.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 24 2020 $ -.Dt CRYPTO 3 -.Os -.Sh NAME -.Nm crypto -.Nd OpenSSL cryptographic library -.Sh DESCRIPTION -The OpenSSL crypto library implements a wide range of cryptographic -algorithms used in various Internet standards. -The services provided by this library are used by the OpenSSL -implementations of TLS and S/MIME, and they have also been used to -implement SSH, OpenPGP, and other cryptographic standards. -.Pp -.Sy Symmetric ciphers -including AES, Blowfish, CAST, Chacha20, IDEA, DES, RC2, and RC4 -are provided by the generic interface -.Xr EVP_EncryptInit 3 . -Low-level stand-alone interfaces include -.Xr AES_encrypt 3 , -.Xr BF_set_key 3 , -.Xr ChaCha 3 , -.Xr DES_set_key 3 , -and -.Xr RC4 3 . -.Pp -.Sy Public key cryptography and key agreement -are provided by -.Xr DH_new 3 , -.Xr ECDH_compute_key 3 , -.Xr X25519 3 , -.Xr DSA_new 3 , -.Xr ECDSA_SIG_new 3 , -.Xr RSA_new 3 , -and -.Xr EVP_PKEY_new 3 . -.Pp -.Sy Certificates -are handled by -.Xr X509_new 3 -and -.Xr X509v3_add_ext 3 . -.Pp -.Sy Authentication codes and hash functions -offered include -.Xr EVP_DigestInit 3 , -.Xr CMAC_Init 3 , -.Xr HMAC 3 , -.Xr MD4 3 , -.Xr MD5 3 , -.Xr RIPEMD160 3 , -.Xr SHA1 3 , -and -.Xr SHA256 3 . -.Pp -.Sy Input, output, and data encoding -facilities include -.Xr ASN1_TYPE_get 3 , -.Xr BIO_new 3 , -.Xr CMS_ContentInfo_new 3 , -.Xr evp 3 , -.Xr EVP_EncodeInit 3 , -.Xr PEM_read 3 , -.Xr PKCS7_encrypt 3 , -.Xr PKCS7_sign 3 , -.Xr PKCS12_create 3 , -and -.Xr SMIME_write_PKCS7 3 . -.Pp -.Sy Auxiliary features include: -.Bl -dash -compact -.It -configuration file handling: see -.Xr OPENSSL_config 3 -.It -error reporting: see -.Xr ERR 3 -.It -.Xr OCSP_REQUEST_new 3 -.It -.Xr UI_new 3 -.El -.Pp -.Sy Internal utilities -include -.Xr BIO_f_buffer 3 , -.Xr BN_new 3 , -.Xr EC_GROUP_new 3 , -.Xr lh_new 3 , -and -.Xr STACK_OF 3 . -.Pp -Some of the newer functions follow a naming convention using the numbers -.Sq 0 -and -.Sq 1 . -For example consider the names of these functions: -.Pp -.Ft int -.Fo X509_CRL_add0_revoked -.Fa "X509_CRL *crl" -.Fa "X509_REVOKED *rev" -.Fc -.br -.Ft int -.Fo X509_add1_trust_object -.Fa "X509 *x" -.Fa "ASN1_OBJECT *obj" -.Fc -.Pp -The -.Sq 0 -version uses the supplied structure pointer directly in the parent and -it will be freed up when the parent is freed. -In the above example -.Fa crl -would be freed but -.Fa rev -would not. -.Pp -The -.Sq 1 -function uses a copy of the supplied structure pointer (or in some cases -increases its link count) in the parent and so both -.Pf ( Fa x -and -.Fa obj -above) should be freed up. -.Sh SEE ALSO -.Xr openssl 1 , -.Xr ssl 3 diff --git a/src/lib/libcrypto/man/d2i_ASN1_NULL.3 b/src/lib/libcrypto/man/d2i_ASN1_NULL.3 deleted file mode 100644 index 7d10f1ba10..0000000000 --- a/src/lib/libcrypto/man/d2i_ASN1_NULL.3 +++ /dev/null @@ -1,91 +0,0 @@ -.\" $OpenBSD: d2i_ASN1_NULL.3,v 1.3 2019/06/06 01:06:59 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt D2I_ASN1_NULL 3 -.Os -.Sh NAME -.Nm d2i_ASN1_NULL , -.Nm i2d_ASN1_NULL -.Nd decode and encode an ASN.1 NULL type -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_NULL * -.Fo d2i_ASN1_NULL -.Fa "ASN1_NULL **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_NULL -.Fa "ASN1_NULL *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode the ASN.1 value NULL of type NULL. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_ASN1_NULL -verifies that the BER-encoded value at -.Pf * Fa der_in -is NULL and of type NULL. -It fails if -.Fa length -is less than 2 or if the first two bytes of -.Pf * Fa der_in -differ from 0x05 and 0x00. -In case of success, -.Pf * Fa der_in -is advanced by two bytes and -.Pf * Fa val_out -is set to a specific invalid pointer representing the unique -.Vt ASN1_NULL -object. -.Pp -.Fn i2d_ASN1_NULL -ignores -.Fa val_in -and encodes the ASN.1 value NULL of type NULL using DER. -Specifically, it writes the identifier octet for the type NULL, -0x05, followed by the length octet 0x00, and no content or -end-of-content octets. -.Sh RETURN VALUES -.Fn d2i_ASN1_NULL -returns a specific invalid pointer representing the unique -.Vt ASN1_NULL -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_ASN1_NULL -returns 2 if successful or 0 if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr ASN1_item_new 3 , -.Xr ASN1_TYPE_get 3 -.Sh STANDARDS -ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: -Information technology - ASN.1 encoding rules: -Specification of Basic Encoding Rules (BER), Canonical Encoding -Rules (CER) and Distinguished Encoding Rules (DER), -section 8.8: Encoding of null value -.Sh HISTORY -.Fn d2i_ASN1_NULL -and -.Fn i2d_ASN1_NULL -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/src/lib/libcrypto/man/d2i_ASN1_OBJECT.3 deleted file mode 100644 index 09a17ced7c..0000000000 --- a/src/lib/libcrypto/man/d2i_ASN1_OBJECT.3 +++ /dev/null @@ -1,98 +0,0 @@ -.\" $OpenBSD: d2i_ASN1_OBJECT.3,v 1.9 2018/04/25 15:17:52 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 25 2018 $ -.Dt D2I_ASN1_OBJECT 3 -.Os -.Sh NAME -.Nm d2i_ASN1_OBJECT , -.Nm i2d_ASN1_OBJECT -.Nd decode and encode ASN.1 object identifiers -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_OBJECT * -.Fo d2i_ASN1_OBJECT -.Fa "ASN1_OBJECT **val_out" -.Fa "unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_OBJECT -.Fa "const ASN1_OBJECT *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode ASN.1 object identifiers. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -The objects returned from -.Fn d2i_ASN1_OBJECT -and the data contained in them are always marked as dynamically -allocated, so when they are no longer needed, -.Xr ASN1_OBJECT_free 3 -can be called on them. -.Pp -If reusing an existing object is attempted but the -.Pf * Fa val_out -passed in points to an object that is not marked as dynamically -allocated, then the existing object is left untouched and -.Fn d2i_ASN1_OBJECT -behaves as if -.Pf * Fa val_out -would have been -.Dv NULL : -A new object is allocated and a pointer to it is both stored in -.Pf * Fa val_out -and returned. -.Sh RETURN VALUES -.Fn d2i_ASN1_OBJECT -returns an -.Vt ASN1_OBJECT -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_ASN1_OBJECT -returns the number of bytes successfully encoded -or a value <= 0 if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr ASN1_OBJECT_new 3 , -.Xr OBJ_nid2obj 3 -.Sh HISTORY -.Fn d2i_ASN1_OBJECT -and -.Fn i2d_ASN1_OBJECT -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Sh CAVEATS -.Fn d2i_ASN1_OBJECT -never sets the long and short names of the object, not even if the -object identifier matches one that is built into the library. -To find the names of an object identifier parsed from DER or BER -input, call -.Xr OBJ_obj2nid 3 -on the returned object, and then -.Xr OBJ_nid2sn 3 -and -.Xr OBJ_nid2ln 3 -on the result. -.Sh BUGS -When reusing a dynamically allocated object that contains dynamically -allocated names, the old names are not freed and the memory containing -them is leaked. diff --git a/src/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3 b/src/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3 deleted file mode 100644 index c985bc8b68..0000000000 --- a/src/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3 +++ /dev/null @@ -1,440 +0,0 @@ -.\" $OpenBSD: d2i_ASN1_OCTET_STRING.3,v 1.12 2018/03/27 17:35:50 schwarze Exp $ -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_ASN1_OCTET_STRING 3 -.Os -.Sh NAME -.Nm d2i_ASN1_OCTET_STRING , -.Nm i2d_ASN1_OCTET_STRING , -.Nm d2i_ASN1_BIT_STRING , -.Nm i2d_ASN1_BIT_STRING , -.Nm d2i_ASN1_INTEGER , -.Nm i2d_ASN1_INTEGER , -.Nm d2i_ASN1_UINTEGER , -.Nm d2i_ASN1_ENUMERATED , -.Nm i2d_ASN1_ENUMERATED , -.Nm d2i_ASN1_UTF8STRING , -.Nm i2d_ASN1_UTF8STRING , -.Nm d2i_ASN1_IA5STRING , -.Nm i2d_ASN1_IA5STRING , -.Nm d2i_ASN1_UNIVERSALSTRING , -.Nm i2d_ASN1_UNIVERSALSTRING , -.Nm d2i_ASN1_BMPSTRING , -.Nm i2d_ASN1_BMPSTRING , -.Nm d2i_ASN1_GENERALSTRING , -.Nm i2d_ASN1_GENERALSTRING , -.Nm d2i_ASN1_T61STRING , -.Nm i2d_ASN1_T61STRING , -.Nm d2i_ASN1_VISIBLESTRING , -.Nm i2d_ASN1_VISIBLESTRING , -.Nm d2i_ASN1_PRINTABLESTRING , -.Nm i2d_ASN1_PRINTABLESTRING , -.Nm d2i_ASN1_PRINTABLE , -.Nm i2d_ASN1_PRINTABLE , -.Nm d2i_DIRECTORYSTRING , -.Nm i2d_DIRECTORYSTRING , -.Nm d2i_DISPLAYTEXT , -.Nm i2d_DISPLAYTEXT , -.Nm d2i_ASN1_GENERALIZEDTIME , -.Nm i2d_ASN1_GENERALIZEDTIME , -.Nm d2i_ASN1_UTCTIME , -.Nm i2d_ASN1_UTCTIME , -.Nm d2i_ASN1_TIME , -.Nm i2d_ASN1_TIME -.Nd decode and encode ASN1_STRING objects -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_OCTET_STRING * -.Fo d2i_ASN1_OCTET_STRING -.Fa "ASN1_OCTET_STRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_OCTET_STRING -.Fa "ASN1_OCTET_STRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_BIT_STRING * -.Fo d2i_ASN1_BIT_STRING -.Fa "ASN1_BIT_STRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_BIT_STRING -.Fa "ASN1_BIT_STRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_INTEGER * -.Fo d2i_ASN1_INTEGER -.Fa "ASN1_INTEGER **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_INTEGER -.Fa "ASN1_INTEGER *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_INTEGER * -.Fo d2i_ASN1_UINTEGER -.Fa "ASN1_INTEGER **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft ASN1_ENUMERATED * -.Fo d2i_ASN1_ENUMERATED -.Fa "ASN1_ENUMERATED **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_ENUMERATED -.Fa "ASN1_ENUMERATED *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_UTF8STRING * -.Fo d2i_ASN1_UTF8STRING -.Fa "ASN1_UTF8STRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_UTF8STRING -.Fa "ASN1_UTF8STRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_IA5STRING * -.Fo d2i_ASN1_IA5STRING -.Fa "ASN1_IA5STRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_IA5STRING -.Fa "ASN1_IA5STRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_UNIVERSALSTRING * -.Fo d2i_ASN1_UNIVERSALSTRING -.Fa "ASN1_UNIVERSALSTRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_UNIVERSALSTRING -.Fa "ASN1_UNIVERSALSTRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_BMPSTRING * -.Fo d2i_ASN1_BMPSTRING -.Fa "ASN1_BMPSTRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_BMPSTRING -.Fa "ASN1_BMPSTRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_GENERALSTRING * -.Fo d2i_ASN1_GENERALSTRING -.Fa "ASN1_GENERALSTRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_GENERALSTRING -.Fa "ASN1_GENERALSTRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_T61STRING * -.Fo d2i_ASN1_T61STRING -.Fa "ASN1_T61STRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_T61STRING -.Fa "ASN1_T61STRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_VISIBLESTRING * -.Fo d2i_ASN1_VISIBLESTRING -.Fa "ASN1_VISIBLESTRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_VISIBLESTRING -.Fa "ASN1_VISIBLESTRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_PRINTABLESTRING * -.Fo d2i_ASN1_PRINTABLESTRING -.Fa "ASN1_PRINTABLESTRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_PRINTABLESTRING -.Fa "ASN1_PRINTABLESTRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_STRING * -.Fo d2i_ASN1_PRINTABLE -.Fa "ASN1_STRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_PRINTABLE -.Fa "ASN1_STRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_STRING * -.Fo d2i_DIRECTORYSTRING -.Fa "ASN1_STRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_DIRECTORYSTRING -.Fa "ASN1_STRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_STRING * -.Fo d2i_DISPLAYTEXT -.Fa "ASN1_STRING **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_DISPLAYTEXT -.Fa "ASN1_STRING *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_GENERALIZEDTIME * -.Fo d2i_ASN1_GENERALIZEDTIME -.Fa "ASN1_GENERALIZEDTIME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_GENERALIZEDTIME -.Fa "ASN1_GENERALIZEDTIME *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_UTCTIME * -.Fo d2i_ASN1_UTCTIME -.Fa "ASN1_UTCTIME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_UTCTIME -.Fa "ASN1_UTCTIME *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_TIME * -.Fo d2i_ASN1_TIME -.Fa "ASN1_TIME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_TIME -.Fa "ASN1_TIME *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode various ASN.1 built-in types -that can be represented by -.Vt ASN1_STRING -objects. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -The format consists of one identifier octet, -one or more length octets, -and one or more content octets. -The identifier octets and corresponding ASN.1 types are as follows: -.Bl -column ASN1_GENERALIZEDTIME identifier -.It Em OpenSSL type Ta Em identifier Ta Em ASN.1 type -.It Ta -.It Vt ASN1_OCTET_STRING Ta 0x04 Ta OCTET STRING -.It Vt ASN1_BIT_STRING Ta 0x03 Ta BIT STRING -.It Vt ASN1_INTEGER Ta 0x02 Ta INTEGER -.It Vt ASN1_ENUMERATED Ta 0x0a Ta ENUMERATED -.It Vt ASN1_UTF8STRING Ta 0x0c Ta UTF8String -.It Vt ASN1_IA5STRING Ta 0x16 Ta IA5String -.It Vt ASN1_UNIVERSALSTRING Ta 0x1c Ta UniversalString -.It Vt ASN1_BMPSTRING Ta 0x1e Ta BMPString -.It Vt ASN1_GENERALSTRING Ta 0x1b Ta GeneralString -.It Vt ASN1_T61STRING Ta 0x14 Ta T61String -.It Vt ASN1_VISIBLESTRING Ta 0x1a Ta VisibleString -.It Vt ASN1_PRINTABLESTRING Ta 0x13 Ta PrintableString -.It Vt ASN1_GENERALIZEDTIME Ta 0x18 Ta GeneralizedTime -.It Vt ASN1_UTCTIME Ta 0x17 Ta UTCTime -.El -.Pp -.Fn d2i_DIRECTORYSTRING -and -.Fn i2d_DIRECTORYSTRING -decode and encode an ASN.1 -.Vt DirectoryString -structure defined in RFC 5280 section 4.1.2.4 -and used for ASN.1 -.Vt EDIPartyName -structures; see -.Xr EDIPARTYNAME_new 3 . -When decoding, it accepts any of the types UTF8String, UniversalString, -BMPString, T61String, or PrintableString. -When encoding, -it writes out the character string type that is actually passed in. -.Pp -.Fn d2i_ASN1_PRINTABLE -and -.Fn i2d_ASN1_PRINTABLE -are non-standard variants of -.Fn d2i_DIRECTORYSTRING -and -.Fn i2d_DIRECTORYSTRING -that also accept IA5String, NumericString, BIT STRING, and SEQUENCE -ASN.1 values as well as ASN.1 values with unknown identifier -octets (0x07, 0x08, 0x09, 0x0b, 0x0d, 0x0e, 0x0f, 0x1d, and 0x1f). -Even though the standard requires the use of -.Vt DirectoryString -in the relative distinguished names described in -.Xr X509_NAME_ENTRY_new 3 , -the library accepts this wider range of choices. -.Pp -.Fn d2i_DISPLAYTEXT -and -.Fn i2d_DISPLAYTEXT -decode and encode an ASN.1 -.Vt DisplayText -structure defined in RFC 5280 section 4.2.1.4 -and used for ASN.1 -.Vt UserNotice -structures in certificate policies; see -.Xr USERNOTICE_new 3 . -When decoding, it accepts any of the types UTF8String, IA5String, -BMPString, or VisibleString. -When encoding, -it writes out the character string type that is actually passed in. -.Pp -.Fn d2i_ASN1_TIME -and -.Fn i2d_ASN1_TIME -decode and encode an ASN.1 -.Vt Time -structure defined in RFC 5280 section 4.1 -and used for ASN.1 -.Vt Validity -structures in certificates; see -.Xr X509_VAL_new 3 . -They are also used for certificate revocation lists; see -.Xr X509_CRL_INFO_new 3 . -When decoding, it accepts either GeneralizedTime or UTCTime. -When encoding, it writes out the time type that is actually passed in. -.Pp -.Fn d2i_ASN1_UINTEGER -is similar to -.Fn d2i_ASN1_INTEGER -except that it ignores the sign bit in the BER encoding and treats -all integers as positive. -It helps to process BER input produced by broken software -that neglects adding a leading NUL content byte where required. -.Sh RETURN VALUES -The -.Fn d2i_* -decoding functions return an -.Vt ASN1_STRING -object or -.Dv NULL -if an error occurs. -.Pp -The -.Fn i2d_* -encoding functions return the number of bytes successfully encoded -or a negative value if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr ASN1_STRING_new 3 -.Sh STANDARDS -ITU-T Recommendation X.680, also known as ISO/IEC 8824-1: -Information technology - Abstract Syntax Notation One (ASN.1): -Specification of basic notation -.Pp -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn d2i_ASN1_OCTET_STRING , -.Fn i2d_ASN1_OCTET_STRING , -.Fn d2i_ASN1_BIT_STRING , -.Fn i2d_ASN1_BIT_STRING , -.Fn d2i_ASN1_INTEGER , -.Fn i2d_ASN1_INTEGER , -.Fn d2i_ASN1_IA5STRING , -.Fn i2d_ASN1_IA5STRING , -.Fn d2i_ASN1_T61STRING , -.Fn i2d_ASN1_T61STRING , -.Fn d2i_ASN1_PRINTABLESTRING , -.Fn i2d_ASN1_PRINTABLESTRING -.Fn d2i_ASN1_PRINTABLE , -.Fn i2d_ASN1_PRINTABLE , -.Fn d2i_ASN1_UTCTIME , -and -.Fn i2d_ASN1_UTCTIME -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn d2i_ASN1_BMPSTRING -and -.Fn i2d_ASN1_BMPSTRING -first appeared in SSLeay 0.9.1. -.Fn d2i_ASN1_ENUMERATED , -.Fn i2d_ASN1_ENUMERATED , -.Fn d2i_ASN1_GENERALIZEDTIME , -.Fn i2d_ASN1_GENERALIZEDTIME , -.Fn d2i_ASN1_TIME , -and -.Fn i2d_ASN1_TIME -first appeared in OpenSSL 0.9.2b. -.Fn d2i_ASN1_UINTEGER , -.Fn d2i_ASN1_UTF8STRING , -.Fn i2d_ASN1_UTF8STRING , -.Fn d2i_ASN1_VISIBLESTRING , -.Fn i2d_ASN1_VISIBLESTRING , -.Fn d2i_DIRECTORYSTRING , -.Fn i2d_DIRECTORYSTRING , -.Fn d2i_DISPLAYTEXT -and -.Fn i2d_DISPLAYTEXT -first appeared in OpenSSL 0.9.3. -These functions have been available since -.Ox 2.6 . -.Pp -.Fn d2i_ASN1_UNIVERSALSTRING , -.Fn i2d_ASN1_UNIVERSALSTRING , -.Fn d2i_ASN1_GENERALSTRING , -and -.Fn i2d_ASN1_GENERALSTRING -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/d2i_ASN1_SEQUENCE_ANY.3 b/src/lib/libcrypto/man/d2i_ASN1_SEQUENCE_ANY.3 deleted file mode 100644 index 0c4b6d728c..0000000000 --- a/src/lib/libcrypto/man/d2i_ASN1_SEQUENCE_ANY.3 +++ /dev/null @@ -1,93 +0,0 @@ -.\" $OpenBSD: d2i_ASN1_SEQUENCE_ANY.3,v 1.2 2018/03/23 04:34:23 schwarze Exp $ -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt D2I_ASN1_SEQUENCE_ANY 3 -.Os -.Sh NAME -.Nm d2i_ASN1_SEQUENCE_ANY , -.Nm i2d_ASN1_SEQUENCE_ANY , -.Nm d2i_ASN1_SET_ANY , -.Nm i2d_ASN1_SET_ANY -.Nd decode and encode ASN.1 sequences and sets -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft ASN1_SEQUENCE_ANY * -.Fo d2i_ASN1_SEQUENCE_ANY -.Fa "ASN1_SEQUENCE_ANY **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_SEQUENCE_ANY -.Fa "const ASN1_SEQUENCE_ANY *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ASN1_SEQUENCE_ANY * -.Fo d2i_ASN1_SET_ANY -.Fa "ASN1_SEQUENCE_ANY **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ASN1_SET_ANY -.Fa "const ASN1_SEQUENCE_ANY *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode ASN.1 sequences and sets. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -The type -.Vt ASN1_SEQUENCE_ANY -is defined as -.Vt STACK_OF(ASN1_TYPE) . -Whether such an object represents a sequence or a set is not stored -in the object itself but needs to be remembered separately. -.Pp -Like for -.Xr d2i_ASN1_TYPE 3 -and -.Xr i2d_ASN1_TYPE 3 , -the type of the individual values contained in the sequence or set -is not specified when calling the functions. -It might vary among the members, and it is stored together with -each value in each -.Vt ASN1_TYPE -object contained in the sequence or set. -.Sh RETURN VALUES -.Fn d2i_ASN1_SEQUENCE_ANY -returns an -.Vt ASN1_SEQUENCE_ANY -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_ASN1_SEQUENCE_ANY -returns the number of bytes written or a negative value if an error -occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr ASN1_TYPE_new 3 -.Sh HISTORY -.Fn d2i_ASN1_SEQUENCE_ANY , -.Fn i2d_ASN1_SEQUENCE_ANY , -.Fn d2i_ASN1_SET_ANY , -and -.Fn i2d_ASN1_SET_ANY -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/d2i_AUTHORITY_KEYID.3 b/src/lib/libcrypto/man/d2i_AUTHORITY_KEYID.3 deleted file mode 100644 index 413f41e179..0000000000 --- a/src/lib/libcrypto/man/d2i_AUTHORITY_KEYID.3 +++ /dev/null @@ -1,75 +0,0 @@ -.\" $OpenBSD: d2i_AUTHORITY_KEYID.3,v 1.2 2018/03/21 16:09:51 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt D2I_AUTHORITY_KEYID 3 -.Os -.Sh NAME -.Nm d2i_AUTHORITY_KEYID , -.Nm i2d_AUTHORITY_KEYID -.Nd decode and encode X.509 authority key identifiers -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft AUTHORITY_KEYID * -.Fo d2i_AUTHORITY_KEYID -.Fa "AUTHORITY_KEYID **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_AUTHORITY_KEYID -.Fa "AUTHORITY_KEYID *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -.Fn d2i_AUTHORITY_KEYID -and -.Fn i2d_AUTHORITY_KEYID -decode and encode an ASN.1 -.Vt AuthorityKeyIdentifier -structure defined in RFC 5280 section 4.2.1.1. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Sh RETURN VALUES -.Fn d2i_AUTHORITY_KEYID -returns an -.Vt AUTHORITY_KEYID -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_AUTHORITY_KEYID -returns the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr AUTHORITY_KEYID_new 3 , -.Xr X509_EXTENSION_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile: -.Bl -dash -compact -.It -section 4.2.1.1: Certificate Extensions: Authority Key Identifier -.It -section 5.2.1: CRL Extensions: Authority Key Identifier -.El -.Sh HISTORY -.Fn d2i_AUTHORITY_KEYID -and -.Fn i2d_AUTHORITY_KEYID -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/d2i_BASIC_CONSTRAINTS.3 b/src/lib/libcrypto/man/d2i_BASIC_CONSTRAINTS.3 deleted file mode 100644 index 2964a1f90e..0000000000 --- a/src/lib/libcrypto/man/d2i_BASIC_CONSTRAINTS.3 +++ /dev/null @@ -1,106 +0,0 @@ -.\" $OpenBSD: d2i_BASIC_CONSTRAINTS.3,v 1.3 2018/03/22 21:08:22 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt D2I_BASIC_CONSTRAINTS 3 -.Os -.Sh NAME -.Nm d2i_BASIC_CONSTRAINTS , -.Nm i2d_BASIC_CONSTRAINTS , -.Nm d2i_EXTENDED_KEY_USAGE , -.Nm i2d_EXTENDED_KEY_USAGE -.Nd decode and encode X.509 key usage purposes -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft BASIC_CONSTRAINTS * -.Fo d2i_BASIC_CONSTRAINTS -.Fa "BASIC_CONSTRAINTS **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_BASIC_CONSTRAINTS -.Fa "BASIC_CONSTRAINTS *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft EXTENDED_KEY_USAGE * -.Fo d2i_EXTENDED_KEY_USAGE -.Fa "EXTENDED_KEY_USAGE **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_EXTENDED_KEY_USAGE -.Fa "EXTENDED_KEY_USAGE *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode data structures describing the -intended purposes that the key contained in an X.509 certificate -is to be used for. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_BASIC_CONSTRAINTS -and -.Fn i2d_BASIC_CONSTRAINTS -decode and encode an ASN.1 -.Vt BasicConstraints -structure defined in RFC 5280 section 4.2.1.9. -.Pp -.Fn d2i_EXTENDED_KEY_USAGE -and -.Fn i2d_EXTENDED_KEY_USAGE -decode and encode an ASN.1 -.Vt ExtKeyUsageSyntax -structure defined in RFC 5280 section 4.2.1.12. -.Sh RETURN VALUES -.Fn d2i_BASIC_CONSTRAINTS -and -.Fn d2i_EXTENDED_KEY_USAGE -return a -.Vt BASIC_CONSTRAINTS -or -.Vt EXTENDED_KEY_USAGE -object, respectively, or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_BASIC_CONSTRAINTS -and -.Fn i2d_EXTENDED_KEY_USAGE -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr BASIC_CONSTRAINTS_new 3 , -.Xr EXTENDED_KEY_USAGE_new 3 , -.Xr X509_EXTENSION_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn d2i_BASIC_CONSTRAINTS -and -.Fn i2d_BASIC_CONSTRAINTS -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . -.Pp -.Fn d2i_EXTENDED_KEY_USAGE -and -.Fn i2d_EXTENDED_KEY_USAGE -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/d2i_CMS_ContentInfo.3 b/src/lib/libcrypto/man/d2i_CMS_ContentInfo.3 deleted file mode 100644 index 0c61047c42..0000000000 --- a/src/lib/libcrypto/man/d2i_CMS_ContentInfo.3 +++ /dev/null @@ -1,128 +0,0 @@ -.\" $OpenBSD: d2i_CMS_ContentInfo.3,v 1.3 2019/11/02 15:39:46 schwarze Exp $ -.\" Copyright (c) 2019 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt D2I_CMS_CONTENTINFO 3 -.Os -.Sh NAME -.Nm d2i_CMS_ContentInfo , -.Nm i2d_CMS_ContentInfo , -.Nm d2i_CMS_bio , -.Nm i2d_CMS_bio , -.Nm d2i_CMS_ReceiptRequest , -.Nm i2d_CMS_ReceiptRequest -.Nd decode and encode Cryptographic Message Syntax data -.Sh SYNOPSIS -.In openssl/cms.h -.Ft CMS_ContentInfo * -.Fo d2i_CMS_ContentInfo -.Fa "CMS_ContentInfo **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_CMS_ContentInfo -.Fa "CMS_ContentInfo *val_in" -.Fa "unsigned char **out" -.Fc -.Ft CMS_ContentInfo * -.Fo d2i_CMS_bio -.Fa "BIO *in_bio" -.Fa "CMS_ContentInfo **val_out" -.Fc -.Ft int -.Fo i2d_CMS_bio -.Fa "BIO *out_bio" -.Fa "CMS_ContentInfo *val_in" -.Fc -.Ft CMS_ReceiptRequest * -.Fo d2i_CMS_ReceiptRequest -.Fa "CMS_ReceiptRequest **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_CMS_ReceiptRequest -.Fa "CMS_ReceiptRequest *val_in" -.Fa "unsigned char **out" -.Fc -.Sh DESCRIPTION -These functions decode and encode Cryptographic Message Syntax -data structures. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_CMS_ContentInfo -and -.Fn i2d_CMS_ContentInfo -decode and encode a -.Vt CMS_ContentInfo -structure defined in RFC 5652 section 3. -.Fn d2i_CMS_bio -and -.Fn i2d_CMS_bio -are similar except that they decode or encode using a -.Vt BIO -pointer. -.Pp -.Fn d2i_CMS_ReceiptRequest -and -.Fn i2d_CMS_ReceiptRequest -decode and encode a -.Vt CMS_ReceiptRequest -structure defined in RFC 2634 section 2.7. -.Sh RETURN VALUES -.Fn d2i_CMS_ContentInfo -and -.Fn d2i_CMS_bio -return a valid -.Vt CMS_ContentInfo -structure or -.Dv NULL -if an error occurs. -.Pp -.Fn d2i_CMS_ReceiptRequest -returns a valid -.Vt CMS_ReceiptRequest -structure or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_CMS_ContentInfo -and -.Fn i2d_CMS_ReceiptRequest -return the number of bytes successfully encoded -or a negative value if an error occurs. -.Pp -.Fn i2d_CMS_bio -returns 1 for success or 0 if an error occurs. -.Pp -For all functions, the error code can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_get0_type 3 , -.Xr CMS_ReceiptRequest_create0 3 , -.Xr i2d_CMS_bio_stream 3 -.Sh STANDARDS -RFC 5652: Cryptographic Message Syntax, section 3: General Syntax -.Pp -RFC 2634: Enhanced Security Services for S/MIME, -section 2.7: Receipt Request Syntax -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.8h -and have been available since -.Ox 6.7 . diff --git a/src/lib/libcrypto/man/d2i_DHparams.3 b/src/lib/libcrypto/man/d2i_DHparams.3 deleted file mode 100644 index 7fd9878dc0..0000000000 --- a/src/lib/libcrypto/man/d2i_DHparams.3 +++ /dev/null @@ -1,99 +0,0 @@ -.\" $OpenBSD: d2i_DHparams.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ -.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Ulf Moeller and -.\" Dr. Stephen Henson . -.\" Copyright (c) 2000, 2002, 2015, 2017 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_DHPARAMS 3 -.Os -.Sh NAME -.Nm d2i_DHparams , -.Nm i2d_DHparams -.Nd PKCS#3 DH parameter functions -.Sh SYNOPSIS -.In openssl/dh.h -.Ft DH * -.Fo d2i_DHparams -.Fa "DH **a" -.Fa "unsigned char **pp" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_DHparams -.Fa "DH *a" -.Fa "unsigned char **pp" -.Fc -.Sh DESCRIPTION -These functions decode and encode PKCS#3 DH parameters using the -DHparameter structure described in PKCS#3. -They otherwise behave in a way similar to -.Xr d2i_X509 3 -and -.Xr i2d_X509 3 . -.Sh RETURN VALUES -.Fn d2i_DHparams -returns a -.Vt DH -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_DHparams -returns the number of bytes successfully encoded or a value <= 0 -if an error occurs. -.Sh SEE ALSO -.Xr d2i_X509 3 , -.Xr DH_new 3 -.Sh HISTORY -.Fn d2i_DHparams -and -.Fn i2d_DHparams -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_DIST_POINT.3 b/src/lib/libcrypto/man/d2i_DIST_POINT.3 deleted file mode 100644 index 34bdb26fb4..0000000000 --- a/src/lib/libcrypto/man/d2i_DIST_POINT.3 +++ /dev/null @@ -1,201 +0,0 @@ -.\" $OpenBSD: d2i_DIST_POINT.3,v 1.4 2018/03/23 04:34:23 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt D2I_DIST_POINT 3 -.Os -.Sh NAME -.Nm d2i_DIST_POINT , -.Nm i2d_DIST_POINT , -.Nm d2i_CRL_DIST_POINTS , -.Nm i2d_CRL_DIST_POINTS , -.Nm d2i_DIST_POINT_NAME , -.Nm i2d_DIST_POINT_NAME , -.Nm d2i_ISSUING_DIST_POINT , -.Nm i2d_ISSUING_DIST_POINT , -.Nm d2i_ACCESS_DESCRIPTION , -.Nm i2d_ACCESS_DESCRIPTION , -.Nm d2i_AUTHORITY_INFO_ACCESS , -.Nm i2d_AUTHORITY_INFO_ACCESS -.Nd decode and encode X.509 data access extensions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft DIST_POINT * -.Fo d2i_DIST_POINT -.Fa "DIST_POINT_NAME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_DIST_POINT -.Fa "DIST_POINT *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft CRL_DIST_POINTS * -.Fo d2i_CRL_DIST_POINTS -.Fa "CRL_DIST_POINTS_NAME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_CRL_DIST_POINTS -.Fa "CRL_DIST_POINTS *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft DIST_POINT_NAME * -.Fo d2i_DIST_POINT_NAME -.Fa "DIST_POINT_NAME_NAME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_DIST_POINT_NAME -.Fa "DIST_POINT_NAME *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ISSUING_DIST_POINT * -.Fo d2i_ISSUING_DIST_POINT -.Fa "ISSUING_DIST_POINT_NAME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ISSUING_DIST_POINT -.Fa "ISSUING_DIST_POINT *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ACCESS_DESCRIPTION * -.Fo d2i_ACCESS_DESCRIPTION -.Fa "ACCESS_DESCRIPTION_NAME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ACCESS_DESCRIPTION -.Fa "ACCESS_DESCRIPTION *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft AUTHORITY_INFO_ACCESS * -.Fo d2i_AUTHORITY_INFO_ACCESS -.Fa "AUTHORITY_INFO_ACCESS_NAME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_AUTHORITY_INFO_ACCESS -.Fa "AUTHORITY_INFO_ACCESS *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode X.509 extensions that communicate -where to retrieve additional information online. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_DIST_POINT -and -.Fn i2d_DIST_POINT -decode and encode an ASN.1 -.Vt DistributionPoint -structure defined in RFC 5280 section 4.2.1.13. -.Pp -.Fn d2i_CRL_DIST_POINTS -and -.Fn i2d_CRL_DIST_POINTS -decode and encode an ASN.1 -.Vt CRLDistributionPoints -structure defined in RFC 5280 section 4.2.1.13. -.Pp -.Fn d2i_DIST_POINT_NAME -and -.Fn i2d_DIST_POINT_NAME -decode and encode an ASN.1 -.Vt DistributionPointName -structure defined in RFC 5280 section 4.2.1.13. -.Pp -.Fn d2i_ISSUING_DIST_POINT -and -.Fn i2d_ISSUING_DIST_POINT -decode and encode an ASN.1 -.Vt IssuingDistributionPoint -structure defined in RFC 5280 section 5.2.5. -.Pp -.Fn d2i_ACCESS_DESCRIPTION -and -.Fn i2d_ACCESS_DESCRIPTION -decode and encode an ASN.1 -.Vt AccessDescription -structure defined in RFC 5280 section 4.2.2.1. -.Pp -.Fn d2i_AUTHORITY_INFO_ACCESS -and -.Fn i2d_AUTHORITY_INFO_ACCESS -decode and encode an ASN.1 -.Vt AuthorityInfoAccessSyntax -structure defined in RFC 5280 section 4.2.2.1. -.Sh RETURN VALUES -.Fn d2i_DIST_POINT , -.Fn d2i_CRL_DIST_POINTS , -.Fn d2i_DIST_POINT_NAME , -.Fn d2i_ISSUING_DIST_POINT , -.Fn d2i_ACCESS_DESCRIPTION , -and -.Fn d2i_AUTHORITY_INFO_ACCESS -return an object of the respective type or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_DIST_POINT , -.Fn i2d_CRL_DIST_POINTS , -.Fn i2d_DIST_POINT_NAME , -.Fn i2d_ISSUING_DIST_POINT , -.Fn i2d_ACCESS_DESCRIPTION , -and -.Fn i2d_AUTHORITY_INFO_ACCESS -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ACCESS_DESCRIPTION_new 3 , -.Xr ASN1_item_d2i 3 , -.Xr DIST_POINT_new 3 , -.Xr X509_EXTENSION_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn d2i_DIST_POINT , -.Fn i2d_DIST_POINT , -.Fn d2i_CRL_DIST_POINTS , -.Fn i2d_CRL_DIST_POINTS , -.Fn d2i_DIST_POINT_NAME , -and -.Fn i2d_DIST_POINT_NAME -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . -.Pp -.Fn d2i_ACCESS_DESCRIPTION , -.Fn i2d_ACCESS_DESCRIPTION , -.Fn d2i_AUTHORITY_INFO_ACCESS , -and -.Fn i2d_AUTHORITY_INFO_ACCESS -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn d2i_ISSUING_DIST_POINT -and -.Fn i2d_ISSUING_DIST_POINT -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/d2i_DSAPublicKey.3 b/src/lib/libcrypto/man/d2i_DSAPublicKey.3 deleted file mode 100644 index 37ef22e1b9..0000000000 --- a/src/lib/libcrypto/man/d2i_DSAPublicKey.3 +++ /dev/null @@ -1,412 +0,0 @@ -.\" $OpenBSD: d2i_DSAPublicKey.3,v 1.14 2018/08/26 17:03:32 tb Exp $ -.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2003, 2013, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 26 2018 $ -.Dt D2I_DSAPUBLICKEY 3 -.Os -.Sh NAME -.Nm d2i_DSAPublicKey , -.Nm i2d_DSAPublicKey , -.Nm d2i_DSA_PUBKEY , -.Nm i2d_DSA_PUBKEY , -.Nm d2i_DSA_PUBKEY_bio , -.Nm d2i_DSA_PUBKEY_fp , -.Nm i2d_DSA_PUBKEY_bio , -.Nm i2d_DSA_PUBKEY_fp , -.Nm d2i_DSAPrivateKey , -.Nm i2d_DSAPrivateKey , -.Nm d2i_DSAPrivateKey_bio , -.Nm d2i_DSAPrivateKey_fp , -.Nm i2d_DSAPrivateKey_bio , -.Nm i2d_DSAPrivateKey_fp , -.Nm d2i_DSAparams , -.Nm i2d_DSAparams , -.Nm d2i_DSAparams_bio , -.Nm i2d_DSAparams_bio , -.Nm d2i_DSAparams_fp , -.Nm i2d_DSAparams_fp , -.Nm DSAparams_dup , -.Nm d2i_DSA_SIG , -.Nm i2d_DSA_SIG -.Nd decode and encode DSA keys -.Sh SYNOPSIS -.In openssl/dsa.h -.Ft DSA * -.Fo d2i_DSAPublicKey -.Fa "DSA **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_DSAPublicKey -.Fa "const DSA *val_in" -.Fa "unsigned char **der_out" -.Fc -.In openssl/x509.h -.Ft DSA * -.Fo d2i_DSA_PUBKEY -.Fa "DSA **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_DSA_PUBKEY -.Fa "const DSA *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft DSA * -.Fo d2i_DSA_PUBKEY_bio -.Fa "BIO *in_bio" -.Fa "DSA **val_out" -.Fc -.Ft DSA * -.Fo d2i_DSA_PUBKEY_fp -.Fa "FILE *in_fp" -.Fa "DSA **val_out" -.Fc -.Ft int -.Fo i2d_DSA_PUBKEY_bio -.Fa "BIO *out_bio" -.Fa "DSA *val_in" -.Fc -.Ft int -.Fo i2d_DSA_PUBKEY_fp -.Fa "FILE *out_fp" -.Fa "DSA *val_in" -.Fc -.In openssl/dsa.h -.Ft DSA * -.Fo d2i_DSAPrivateKey -.Fa "DSA **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_DSAPrivateKey -.Fa "const DSA *val_in" -.Fa "unsigned char **der_out" -.Fc -.In openssl/x509.h -.Ft DSA * -.Fo d2i_DSAPrivateKey_bio -.Fa "BIO *in_bio" -.Fa "DSA **val_out" -.Fc -.Ft DSA * -.Fo d2i_DSAPrivateKey_fp -.Fa "FILE *in_fp" -.Fa "DSA **val_out" -.Fc -.Ft int -.Fo i2d_DSAPrivateKey_bio -.Fa "BIO *out_bio" -.Fa "DSA *val_in" -.Fc -.Ft int -.Fo i2d_DSAPrivateKey_fp -.Fa "FILE *out_fp" -.Fa "DSA *val_in" -.Fc -.In openssl/dsa.h -.Ft DSA * -.Fo d2i_DSAparams -.Fa "DSA **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_DSAparams -.Fa "const DSA *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft DSA * -.Fo d2i_DSAparams_bio -.Fa "BIO *in_bio" -.Fa "DSA **val_out" -.Fc -.Ft int -.Fo i2d_DSAparams_bio -.Fa "BIO *out_bio" -.Fa "DSA *val_in" -.Fc -.Ft DSA * -.Fo d2i_DSAparams_fp -.Fa "FILE *in_fp" -.Fa "DSA **val_out" -.Fc -.Ft int -.Fo i2d_DSAparams_fp -.Fa FILE *out_fp -.Fa "DSA *val_in" -.Fc -.Ft DSA * -.Fo DSAparams_dup -.Fa "DSA *val_in" -.Fc -.Ft DSA_SIG * -.Fo d2i_DSA_SIG -.Fa "DSA_SIG **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_DSA_SIG -.Fa "const DSA_SIG *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode DSA keys and parameters. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_DSAPublicKey -and -.Fn i2d_DSAPublicKey -decode and encode the DSA public key components using a non-standard -format, so consider using -.Fn d2i_DSA_PUBKEY -and -.Fn i2d_DSA_PUBKEY -instead. -The actual data encoded depends on the value of -.Fa val_in->write_params . -If -.Fa val_in->write_params -is zero, only the -.Fa val_in->pub_key -field is encoded as an ASN.1 INTEGER. -If -.Fa val_in->write_params -is 1, then a SEQUENCE consisting of the -.Fa val_in->p , -.Fa val_in->q , -.Fa val_in->g , -and -.Fa val_in->pub_key -fields is encoded. -.Pp -.Fn d2i_DSA_PUBKEY -and -.Fn i2d_DSA_PUBKEY -decode and encode a DSA public key using an ASN.1 -.Vt SubjectPublicKeyInfo -structure defined in RFC 5280 section 4.1 -and documented in -.Xr X509_PUBKEY_new 3 . -.Fn d2i_DSA_PUBKEY_bio , -.Fn d2i_DSA_PUBKEY_fp , -.Fn i2d_DSA_PUBKEY_bio , -and -.Fn i2d_DSA_PUBKEY_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_DSAPrivateKey -and -.Fn i2d_DSAPrivateKey -decode and encode the DSA private key components. -The -.Vt DSA -object passed to the private key encoding functions should have all -the private key components present. -These functions use a non-standard structure consisting of a -SEQUENCE containing the -.Fa val_in->p , -.Fa val_in->q , -.Fa val_in->g , -.Fa val_in->pub_key , -and -.Fa val_in->priv_key -fields. -This data format is unencrypted. -For private key security when writing private keys to files, -consider using -.Xr PEM_write_DSAPrivateKey 3 -instead. -.Fn d2i_DSAPrivateKey_bio , -.Fn d2i_DSAPrivateKey_fp , -.Fn i2d_DSAPrivateKey_bio , -and -.Fn i2d_DSAPrivateKey_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_DSAparams -and -.Fn i2d_DSAparams -decode and encode the DSA parameters using an ASN.1 -.Vt Dss-Parms -structure defined in RFC 3279 section 2.3.2 -and used for the parameters field of the ASN.1 -.Vt AlgorithmIdentifier -structure defined in RFC 5280 section 4.1.1.2. -.Fn d2i_DSAparams_bio , -.Fn i2d_DSAparams_bio , -.Fn d2i_DSAparams_fp , -.Fn i2d_DSAparams_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn DSAparams_dup -allocates and initializes an empty -.Vt DSA -object and copies the DSA parameters from -.Fa val_in -to it by calling -.Fn i2d_DSAparams -and -.Fn d2i_DSAparams . -If a private or public key are present in -.Fa val_in , -they are not copied. -.Pp -.Fn d2i_DSA_SIG -and -.Fn i2d_DSA_SIG -decode and encode a DSA signature using an ASN.1 -.Vt Dss-Sig-Value -structure as defined in RFC 3279 section 2.2.2 -and used for the signatureValue field of the ASN.1 -.Vt Certificate -structure described in RFC 5280 sections 4.1.1.3 and 5.1.1.3. -.Sh RETURN VALUES -.Fn d2i_DSAPublicKey , -.Fn d2i_DSA_PUBKEY , -.Fn d2i_DSA_PUBKEY_bio , -.Fn d2i_DSA_PUBKEY_fp , -.Fn d2i_DSAPrivateKey , -.Fn d2i_DSAPrivateKey_bio , -.Fn d2i_DSAPrivateKey_fp , -.Fn d2i_DSAparams , -.Fn d2i_DSAparams_bio , -.Fn d2i_DSAparams_fp , -and -.Fn DSAparams_dup -return a valid -.Vt DSA -object or -.Dv NULL -if an error occurs. -.Pp -.Fn d2i_DSA_SIG -returns a valid -.Vt DSA_SIG -object or -.Dv NULL -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr DSA_new 3 , -.Xr DSA_SIG_new 3 , -.Xr EVP_PKEY_set1_DSA 3 , -.Xr PEM_write_DSAPrivateKey 3 , -.Xr X509_PUBKEY_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, -section 4.1: Basic Certificate Fields -.Pp -RFC 3279: Algorithms and Identifiers for the Internet X.509 Public -Key Infrastructure Certificate and Certificate Revocation List (CRL) -Profile: -.Bl -dash -compact -.It -section 2.2.2: DSA Signature Algorithm -.It -section 2.3.2: DSA Signature Keys -.El -.Sh HISTORY -.Fn d2i_DSAPublicKey , -.Fn i2d_DSAPublicKey , -.Fn d2i_DSAPrivateKey , -and -.Fn i2d_DSAPrivateKey -first appeared in SSLeay 0.6.0. -.Fn d2i_DSAPrivateKey_bio , -.Fn d2i_DSAPrivateKey_fp , -.Fn i2d_DSAPrivateKey_bio , -.Fn i2d_DSAPrivateKey_fp , -.Fn d2i_DSAparams , -.Fn i2d_DSAparams , -.Fn d2i_DSAparams_bio , -.Fn i2d_DSAparams_bio , -.Fn d2i_DSAparams_fp , -.Fn i2d_DSAparams_fp , -and -.Fn DSAparams_dup -first appeared in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn d2i_DSA_SIG -and -.Fn i2d_DSA_SIG -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . -.Pp -.Fn d2i_DSA_PUBKEY , -.Fn i2d_DSA_PUBKEY , -.Fn d2i_DSA_PUBKEY_bio , -.Fn d2i_DSA_PUBKEY_fp , -.Fn i2d_DSA_PUBKEY_bio , -and -.Fn i2d_DSA_PUBKEY_fp -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/d2i_ECPKParameters.3 b/src/lib/libcrypto/man/d2i_ECPKParameters.3 deleted file mode 100644 index e82e7911dd..0000000000 --- a/src/lib/libcrypto/man/d2i_ECPKParameters.3 +++ /dev/null @@ -1,467 +0,0 @@ -.\" $OpenBSD: d2i_ECPKParameters.3,v 1.12 2018/05/19 22:51:40 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Matt Caswell . -.\" Copyright (c) 2013, 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: May 19 2018 $ -.Dt D2I_ECPKPARAMETERS 3 -.Os -.Sh NAME -.Nm d2i_ECPKParameters , -.Nm i2d_ECPKParameters , -.Nm d2i_ECPKParameters_bio , -.Nm i2d_ECPKParameters_bio , -.Nm d2i_ECPKParameters_fp , -.Nm i2d_ECPKParameters_fp , -.Nm d2i_ECParameters , -.Nm i2d_ECParameters , -.Nm ECParameters_dup , -.Nm d2i_ECPrivateKey , -.Nm i2d_ECPrivateKey , -.Nm d2i_ECPrivateKey_bio , -.Nm i2d_ECPrivateKey_bio , -.Nm d2i_ECPrivateKey_fp , -.Nm i2d_ECPrivateKey_fp , -.Nm o2i_ECPublicKey , -.Nm i2o_ECPublicKey , -.Nm ECPKParameters_print , -.Nm ECPKParameters_print_fp , -.Nm ECParameters_print , -.Nm ECParameters_print_fp , -.Nm d2i_EC_PUBKEY , -.Nm i2d_EC_PUBKEY , -.Nm d2i_EC_PUBKEY_bio , -.Nm i2d_EC_PUBKEY_bio , -.Nm d2i_EC_PUBKEY_fp , -.Nm i2d_EC_PUBKEY_fp -.Nd decode and encode ASN.1 representations of elliptic curve entities -.Sh SYNOPSIS -.In openssl/ec.h -.Ft EC_GROUP * -.Fo d2i_ECPKParameters -.Fa "EC_GROUP **val_out" -.Fa "const unsigned char **des_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ECPKParameters -.Fa "const EC_GROUP *val_in" -.Fa "unsigned char **des_out" -.Fc -.Ft EC_GROUP * -.Fo d2i_ECPKParameters_bio -.Fa "BIO *in_bio" -.Fa "EC_GROUP **val_out" -.Fc -.Ft int -.Fo i2d_ECPKParameters_bio -.Fa "BIO *out_bio" -.Fa "EC_GROUP *val_in" -.Fc -.Ft EC_GROUP * -.Fo d2i_ECPKParameters_fp -.Fa "FILE *in_fp" -.Fa "EC_GROUP **val_out" -.Fc -.Ft int -.Fo i2d_ECPKParameters_fp -.Fa "FILE *out_fp" -.Fa "EC_GROUP *val_in" -.Fc -.Ft EC_KEY * -.Fo d2i_ECParameters -.Fa "EC_KEY **val_out" -.Fa "const unsigned char **des_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ECParameters -.Fa "EC_KEY *val_in" -.Fa "unsigned char **des_out" -.Fc -.Ft EC_KEY * -.Fo ECParameters_dup -.Fa "EC_KEY *val_in" -.Fc -.Ft EC_KEY * -.Fo d2i_ECPrivateKey -.Fa "EC_KEY **val_out" -.Fa "const unsigned char **des_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ECPrivateKey -.Fa "EC_KEY *val_in" -.Fa "unsigned char **des_out" -.Fc -.Ft EC_KEY * -.Fo d2i_ECPrivateKey_bio -.Fa "BIO *in_bio" -.Fa "EC_KEY **val_out" -.Fc -.Ft int -.Fo i2d_ECPrivateKey_bio -.Fa "BIO *out_bio" -.Fa "EC_KEY *val_in" -.Fc -.Ft EC_KEY * -.Fo d2i_ECPrivateKey_fp -.Fa "FILE *in_fp" -.Fa "EC_KEY **val_out" -.Fc -.Ft int -.Fo i2d_ECPrivateKey_fp -.Fa "FILE *out_fp" -.Fa "EC_KEY *val_in" -.Fc -.Ft EC_KEY * -.Fo o2i_ECPublicKey -.Fa "EC_KEY **val_out" -.Fa "const unsigned char **des_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2o_ECPublicKey -.Fa "const EC_KEY *val_in" -.Fa "unsigned char **des_out" -.Fc -.Ft int -.Fo ECPKParameters_print -.Fa "BIO *out_bio" -.Fa "const EC_GROUP *val_in" -.Fa "int indent" -.Fc -.Ft int -.Fo ECPKParameters_print_fp -.Fa "FILE *out_fp" -.Fa "const EC_GROUP *val_in" -.Fa "int indent" -.Fc -.Ft int -.Fo ECParameters_print -.Fa "BIO *out_bio" -.Fa "const EC_KEY *val_in" -.Fc -.Ft int -.Fo ECParameters_print_fp -.Fa "FILE *out_fp" -.Fa "const EC_KEY *val_in" -.Fc -.In openssl/x509.h -.Ft EC_KEY * -.Fo d2i_EC_PUBKEY -.Fa "EC_KEY **val_out" -.Fa "const unsigned char **des_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_EC_PUBKEY -.Fa "EC_KEY *val_in" -.Fa "unsigned char **des_out" -.Fc -.Ft EC_KEY * -.Fo d2i_EC_PUBKEY_bio -.Fa "BIO *in_bio" -.Fa "EC_KEY **val_out" -.Fc -.Ft int -.Fo i2d_EC_PUBKEY_bio -.Fa "BIO *out_bio" -.Fa "EC_KEY *val_in" -.Fc -.Ft EC_KEY * -.Fo d2i_EC_PUBKEY_fp -.Fa "FILE *in_fp" -.Fa "EC_KEY **val_out" -.Fc -.Ft int -.Fo i2d_EC_PUBKEY_fp -.Fa "FILE *out_fp" -.Fa "EC_KEY *val_in" -.Fc -.Sh DESCRIPTION -These functions decode and encode elliptic curve keys and parameters. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_ECPKParameters -and -.Fn i2d_ECPKParameters -decode and encode the parameters of an elliptic curve. -.Fn d2i_ECPKParameters_bio , -.Fn i2d_ECPKParameters_bio , -.Fn d2i_ECPKParameters_fp , -and -.Fn i2d_ECPKParameters_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -These four functions are currently implemented as macros. -.Pp -.Fn d2i_ECParameters -does the same parsing as -.Fn d2i_ECPKParameters -but saves the result in the -.Fa group -field of an -.Vt EC_KEY -structure. -.Pp -.Fn i2d_ECParameters -produces the same output as -.Fn i2d_ECPKParameters -but uses -.Fa val_in->group -for input instead of -.Fa val_in . -.Pp -.Fn ECParameters_dup -allocates and initializes an empty -.Vt EC_KEY -object and copies the EC parameters from -.Fa val_in -to it by calling -.Fn i2d_ECParameters -and -.Fn d2i_ECParameters . -If a private or public key or any flags are present in -.Fa val_in , -they are not copied. -.Pp -.Fn d2i_ECPrivateKey -and -.Fn i2d_ECPrivateKey -decode and encode an EC private key using an ASN.1 -.Vt ECPrivateKey -structure defined in RFC 5915 section 3 and used for the privateKey -field of the ASN.1 -.Vt PrivateKeyInfo -structure defined in RFC 5208 section 5, see -.Xr PKCS8_PRIV_KEY_INFO_new 3 . -.Fn d2i_ECPrivateKey_bio , -.Fn i2d_ECPrivateKey_bio , -.Fn d2i_ECPrivateKey_fp , -and -.Fn i2d_ECPrivateKey_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn o2i_ECPublicKey -and -.Fn i2o_ECPublicKey -decode and encode an EC public key. -In contrast to -.Xr ASN1_item_d2i 3 , -.Fn o2i_ECPublicKey -requires -.Fa val_out , -.Pf * Fa val_out , -and -.Po Pf * Fa val_out Pc Ns -> Ns Fa group -to be -.Pf non- Dv NULL . -.Pp -.Fn ECPKParameters_print -and -.Fn ECPKParameters_print_fp -print human-readable output of the public parameters of the -.Vt EC_GROUP -to -.Fa out_bio -or -.Fa out_fp . -The output lines are indented by -.Fa indent -spaces. -.Pp -.Fn ECParameters_print -and -.Fn ECParameters_print_fp -print the parameter components of -.Fa val_in -to -.Fa out_bio -or -.Fa out_fp . -.Pp -.Fn d2i_EC_PUBKEY -and -.Fn i2d_EC_PUBKEY -decode and encode an EC public key using an ASN.1 -.Vt SubjectPublicKeyInfo -structure defined in RFC 5280 section 4.1 and documented in -.Xr X509_PUBKEY_new 3 . -.Fn d2i_EC_PUBKEY_bio , -.Fn i2d_EC_PUBKEY_bio , -.Fn d2i_EC_PUBKEY_fp , -and -.Fn i2d_EC_PUBKEY_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Sh RETURN VALUES -.Fn d2i_ECPKParameters , -.Fn d2i_ECPKParameters_bio , -and -.Fn d2i_ECPKParameters_fp -return a valid -.Vt EC_GROUP -structure or -.Dv NULL -if an error occurs. -.Pp -.Fn d2i_ECParameters , -.Fn ECParameters_dup , -.Fn d2i_ECPrivateKey , -.Fn d2i_ECPrivateKey_bio , -.Fn d2i_ECPrivateKey_fp , -.Fn o2i_ECPublicKey , -.Fn d2i_EC_PUBKEY , -.Fn d2i_EC_PUBKEY_bio , -and -.Fn d2i_EC_PUBKEY_fp -return a valid -.Vt EC_KEY -structure or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_ECPKParameters , -.Fn i2d_ECParameters , -.Fn i2d_ECPrivateKey , -.Fn i2o_ECPublicKey , -and -.Fn i2d_EC_PUBKEY -return the number of bytes successfully encoded or a negative value if -an error occurs. -.Pp -.Fn i2d_ECPKParameters_bio , -.Fn i2d_ECPKParameters_fp , -.Fn i2d_ECPrivateKey_bio , -.Fn i2d_ECPrivateKey_fp , -.Fn ECPKParameters_print , -.Fn ECPKParameters_print_fp , -.Fn ECParameters_print , -.Fn ECParameters_print_fp , -.Fn i2d_EC_PUBKEY_bio , -and -.Fn i2d_EC_PUBKEY_fp -return 1 for success or 0 if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr EC_GROUP_copy 3 , -.Xr EC_GROUP_new 3 , -.Xr EC_KEY_new 3 , -.Xr EVP_PKEY_set1_EC_KEY 3 , -.Xr PEM_write_ECPrivateKey 3 , -.Xr PKCS8_PRIV_KEY_INFO_new 3 , -.Xr X509_PUBKEY_new 3 -.Sh STANDARDS -RFC 5915: Elliptic Curve Private Key Structure -.Pp -RFC 5208: Public-Key Cryptography Standards (PKCS) #8: -Private-Key Information Syntax Specification -.Pp -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, -section 4.1: Basic Certificate Fields -.Sh HISTORY -.Fn d2i_ECPKParameters , -.Fn i2d_ECPKParameters , -.Fn d2i_ECPKParameters_bio , -.Fn i2d_ECPKParameters_bio , -.Fn d2i_ECPKParameters_fP , -.Fn i2d_ECPKParameters_fp , -.Fn d2i_ECParameters , -.Fn i2d_ECParameters , -.Fn ECParameters_dup , -.Fn d2i_ECPrivateKey , -.Fn i2d_ECPrivateKey , -.Fn d2i_ECPrivateKey_bio , -.Fn i2d_ECPrivateKey_bio , -.Fn d2i_ECPrivateKey_fp , -.Fn i2d_ECPrivateKey_fp , -.Fn o2i_ECPublicKey , -.Fn i2o_ECPublicKey , -.Fn ECPKParameters_print , -.Fn ECPKParameters_print_fp , -.Fn ECParameters_print , -.Fn ECParameters_print_fp , -.Fn d2i_EC_PUBKEY , -.Fn i2d_EC_PUBKEY , -.Fn d2i_EC_PUBKEY_bio , -.Fn i2d_EC_PUBKEY_bio , -.Fn d2i_EC_PUBKEY_fp , -and -.Fn i2d_EC_PUBKEY_fp -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/d2i_ESS_SIGNING_CERT.3 b/src/lib/libcrypto/man/d2i_ESS_SIGNING_CERT.3 deleted file mode 100644 index c1d61d3b5e..0000000000 --- a/src/lib/libcrypto/man/d2i_ESS_SIGNING_CERT.3 +++ /dev/null @@ -1,118 +0,0 @@ -.\" $OpenBSD: d2i_ESS_SIGNING_CERT.3,v 1.2 2018/03/23 04:34:23 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt D2I_ESS_SIGNING_CERT 3 -.Os -.Sh NAME -.Nm d2i_ESS_SIGNING_CERT , -.Nm i2d_ESS_SIGNING_CERT , -.Nm d2i_ESS_CERT_ID , -.Nm i2d_ESS_CERT_ID , -.Nm d2i_ESS_ISSUER_SERIAL , -.Nm i2d_ESS_ISSUER_SERIAL -.Nd decode and encode signing certificates for S/MIME -.Sh SYNOPSIS -.In openssl/ts.h -.Ft ESS_SIGNING_CERT * -.Fo d2i_ESS_SIGNING_CERT -.Fa "ESS_SIGNING_CERT **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ESS_SIGNING_CERT -.Fa "const ESS_SIGNING_CERT *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ESS_CERT_ID * -.Fo d2i_ESS_CERT_ID -.Fa "ESS_CERT_ID **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ESS_CERT_ID -.Fa "const ESS_CERT_ID *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft ESS_ISSUER_SERIAL * -.Fo d2i_ESS_ISSUER_SERIAL -.Fa "ESS_ISSUER_SERIAL **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_ESS_ISSUER_SERIAL -.Fa "const ESS_ISSUER_SERIAL *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode signing certificate attribute -structures. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_ESS_SIGNING_CERT -and -.Fn i2d_ESS_SIGNING_CERT -decode and encode an ASN.1 -.Vt SigningCertificate -structure defined in RFC 2634 section 5.4. -.Pp -.Fn d2i_ESS_CERT_ID -and -.Fn i2d_ESS_CERT_ID -decode and encode an ASN.1 -.Vt ESSCertID -structure defined in RFC 2634 section 5.4.1. -.Pp -.Fn d2i_ESS_ISSUER_SERIAL -and -.Fn i2d_ESS_ISSUER_SERIAL -decode and encode an ASN.1 -.Vt IssuerSerial -structure defined in RFC 2634 section 5.4.1. -.Sh RETURN VALUES -.Fn d2i_ESS_SIGNING_CERT , -.Fn d2i_ESS_CERT_ID , -and -.Fn d2i_ESS_ISSUER_SERIAL -return an -.Vt ESS_SIGNING_CERT , -.Vt ESS_CERT_ID , -or -.Vt ESS_ISSUER_SERIAL -object, respectively, or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_ESS_SIGNING_CERT , -.Fn i2d_ESS_CERT_ID , -and -.Fn i2d_ESS_ISSUER_SERIAL -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr ESS_SIGNING_CERT_new 3 -.Sh STANDARDS -RFC 2634: Enhanced Security Services for S/MIME, -section 5: Signing Certificate Attribute -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/d2i_GENERAL_NAME.3 b/src/lib/libcrypto/man/d2i_GENERAL_NAME.3 deleted file mode 100644 index bfdcc6c67c..0000000000 --- a/src/lib/libcrypto/man/d2i_GENERAL_NAME.3 +++ /dev/null @@ -1,160 +0,0 @@ -.\" $OpenBSD: d2i_GENERAL_NAME.3,v 1.4 2018/03/22 21:08:22 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt D2I_GENERAL_NAME 3 -.Os -.Sh NAME -.Nm d2i_GENERAL_NAME , -.Nm i2d_GENERAL_NAME , -.Nm d2i_GENERAL_NAMES , -.Nm i2d_GENERAL_NAMES , -.Nm d2i_EDIPARTYNAME , -.Nm i2d_EDIPARTYNAME , -.Nm d2i_OTHERNAME , -.Nm i2d_OTHERNAME -.Nd decode and encode names for use in X.509 extensions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft GENERAL_NAME * -.Fo d2i_GENERAL_NAME -.Fa "GENERAL_NAME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_GENERAL_NAME -.Fa "GENERAL_NAME *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft GENERAL_NAMES * -.Fo d2i_GENERAL_NAMES -.Fa "GENERAL_NAMES **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_GENERAL_NAMES -.Fa "GENERAL_NAMES *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft EDIPARTYNAME * -.Fo d2i_EDIPARTYNAME -.Fa "EDIPARTYNAME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_EDIPARTYNAME -.Fa "EDIPARTYNAME *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OTHERNAME * -.Fo d2i_OTHERNAME -.Fa "OTHERNAME **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OTHERNAME -.Fa "OTHERNAME *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode names that can be used in X.509 -extensions. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_GENERAL_NAME -and -.Fn i2d_GENERAL_NAME -decode and encode an ASN.1 -.Vt GeneralName -structure defined in RFC 5280 section 4.2.1.6. -.Pp -.Fn d2i_GENERAL_NAMES -and -.Fn i2d_GENERAL_NAMES -decode and encode an ASN.1 -.Vt GeneralNames -structure defined in RFC 5280 section 4.2.1.6. -.Pp -.Fn d2i_EDIPARTYNAME -and -.Fn i2d_EDIPARTYNAME -decode and encode an ASN.1 -.Vt EDIPartyName -structure defined in RFC 5280 section 4.2.1.6. -.Pp -.Fn d2i_OTHERNAME -and -.Fn i2d_OTHERNAME -decode and encode an ASN.1 -.Vt OtherName -structure defined in RFC 5280 section 4.2.1.6. -.Sh RETURN VALUES -.Fn d2i_GENERAL_NAME , -.Fn d2i_GENERAL_NAMES , -.Fn d2i_EDIPARTYNAME , -and -.Fn d2i_OTHERNAME -return a -.Vt GENERAL_NAME , -.Vt GENERAL_NAMES , -.Vt EDIPARTYNAME , -or -.Vt OTHERNAME -object, respectively, or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_GENERAL_NAME , -.Fn i2d_GENERAL_NAMES , -.Fn i2d_EDIPARTYNAME , -and -.Fn i2d_OTHERNAME -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr d2i_X509_NAME 3 , -.Xr GENERAL_NAME_new 3 , -.Xr X509_EXTENSION_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, -section 4.2: Certificate Extensions -.Sh HISTORY -.Fn d2i_GENERAL_NAME , -.Fn i2d_GENERAL_NAME , -.Fn d2i_GENERAL_NAMES , -and -.Fn i2d_GENERAL_NAMES -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . -.Pp -.Fn d2i_OTHERNAME -and -.Fn i2d_OTHERNAME -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn d2i_EDIPARTYNAME -and -.Fn i2d_EDIPARTYNAME -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/d2i_OCSP_REQUEST.3 b/src/lib/libcrypto/man/d2i_OCSP_REQUEST.3 deleted file mode 100644 index 07a990556d..0000000000 --- a/src/lib/libcrypto/man/d2i_OCSP_REQUEST.3 +++ /dev/null @@ -1,181 +0,0 @@ -.\" $OpenBSD: d2i_OCSP_REQUEST.3,v 1.3 2021/03/12 05:18:00 jsg Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 12 2021 $ -.Dt D2I_OCSP_REQUEST 3 -.Os -.Sh NAME -.Nm d2i_OCSP_REQUEST , -.Nm i2d_OCSP_REQUEST , -.Nm d2i_OCSP_SIGNATURE , -.Nm i2d_OCSP_SIGNATURE , -.Nm d2i_OCSP_REQINFO , -.Nm i2d_OCSP_REQINFO , -.Nm d2i_OCSP_ONEREQ , -.Nm i2d_OCSP_ONEREQ , -.Nm d2i_OCSP_CERTID , -.Nm i2d_OCSP_CERTID , -.Nm d2i_OCSP_SERVICELOC , -.Nm i2d_OCSP_SERVICELOC -.Nd decode and encode OCSP requests -.Sh SYNOPSIS -.In openssl/ocsp.h -.Ft OCSP_REQUEST * -.Fo d2i_OCSP_REQUEST -.Fa "OCSP_REQUEST **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_REQUEST -.Fa "OCSP_REQUEST *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_SIGNATURE * -.Fo d2i_OCSP_SIGNATURE -.Fa "OCSP_SIGNATURE **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_SIGNATURE -.Fa "OCSP_SIGNATURE *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_REQINFO * -.Fo d2i_OCSP_REQINFO -.Fa "OCSP_REQINFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_REQINFO -.Fa "OCSP_REQINFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_ONEREQ * -.Fo d2i_OCSP_ONEREQ -.Fa "OCSP_ONEREQ **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_ONEREQ -.Fa "OCSP_ONEREQ *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_CERTID * -.Fo d2i_OCSP_CERTID -.Fa "OCSP_CERTID **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_CERTID -.Fa "OCSP_CERTID *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_SERVICELOC * -.Fo d2i_OCSP_SERVICELOC -.Fa "OCSP_SERVICELOC **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_SERVICELOC -.Fa "OCSP_SERVICELOC *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode ASN.1 structures used for OCSP -requests. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_OCSP_REQUEST -and -.Fn i2d_OCSP_REQUEST -decode and encode an ASN.1 -.Vt OCSPRequest -structure defined in RFC 6960 section 4.1.1. -.Pp -.Fn d2i_OCSP_SIGNATURE -and -.Fn i2d_OCSP_SIGNATURE -decode and encode an ASN.1 -.Vt Signature -structure defined in RFC 6960 section 4.1.1. -.Pp -.Fn d2i_OCSP_REQINFO -and -.Fn i2d_OCSP_REQINFO -decode and encode an ASN.1 -.Vt TBSRequest -structure defined in RFC 6960 section 4.1.1. -.Pp -.Fn d2i_OCSP_ONEREQ -and -.Fn i2d_OCSP_ONEREQ -decode and encode an ASN.1 -.Vt Request -structure defined in RFC 6960 section 4.1.1. -.Pp -.Fn d2i_OCSP_CERTID -and -.Fn i2d_OCSP_CERTID -decode and encode an ASN.1 -.Vt CertID -structure defined in RFC 6960 section 4.1.1. -.Pp -.Fn d2i_OCSP_SERVICELOC -and -.Fn i2d_OCSP_SERVICELOC -decode and encode an ASN.1 -.Vt ServiceLocator -structure defined in RFC 6960 section 4.4.6. -.Sh RETURN VALUES -.Fn d2i_OCSP_REQUEST , -.Fn d2i_OCSP_SIGNATURE , -.Fn d2i_OCSP_REQINFO , -.Fn d2i_OCSP_ONEREQ , -.Fn d2i_OCSP_CERTID , -and -.Fn d2i_OCSP_SERVICELOC -return an object of the respective type or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_OCSP_REQUEST , -.Fn i2d_OCSP_SIGNATURE , -.Fn i2d_OCSP_REQINFO , -.Fn i2d_OCSP_ONEREQ , -.Fn i2d_OCSP_CERTID , -and -.Fn i2d_OCSP_SERVICELOC -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr OCSP_CERTID_new 3 , -.Xr OCSP_REQUEST_new 3 , -.Xr OCSP_SERVICELOC_new 3 -.Sh STANDARDS -RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate -Status Protocol, section 4.1: Request Syntax -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/d2i_OCSP_RESPONSE.3 b/src/lib/libcrypto/man/d2i_OCSP_RESPONSE.3 deleted file mode 100644 index 716e85dc6e..0000000000 --- a/src/lib/libcrypto/man/d2i_OCSP_RESPONSE.3 +++ /dev/null @@ -1,248 +0,0 @@ -.\" $OpenBSD: d2i_OCSP_RESPONSE.3,v 1.4 2021/03/12 05:18:00 jsg Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 12 2021 $ -.Dt D2I_OCSP_RESPONSE 3 -.Os -.Sh NAME -.Nm d2i_OCSP_RESPONSE , -.Nm i2d_OCSP_RESPONSE , -.Nm d2i_OCSP_RESPBYTES , -.Nm i2d_OCSP_RESPBYTES , -.Nm d2i_OCSP_BASICRESP , -.Nm i2d_OCSP_BASICRESP , -.Nm d2i_OCSP_RESPDATA , -.Nm i2d_OCSP_RESPDATA , -.Nm d2i_OCSP_RESPID , -.Nm i2d_OCSP_RESPID , -.Nm d2i_OCSP_SINGLERESP , -.Nm i2d_OCSP_SINGLERESP , -.Nm d2i_OCSP_CERTSTATUS , -.Nm i2d_OCSP_CERTSTATUS , -.Nm d2i_OCSP_REVOKEDINFO , -.Nm i2d_OCSP_REVOKEDINFO , -.Nm d2i_OCSP_CRLID , -.Nm i2d_OCSP_CRLID -.Nd decode and encode OCSP responses -.Sh SYNOPSIS -.In openssl/ocsp.h -.Ft OCSP_RESPONSE * -.Fo d2i_OCSP_RESPONSE -.Fa "OCSP_RESPONSE **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_RESPONSE -.Fa "OCSP_RESPONSE *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_RESPBYTES * -.Fo d2i_OCSP_RESPBYTES -.Fa "OCSP_RESPBYTES **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_RESPBYTES -.Fa "OCSP_RESPBYTES *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_BASICRESP * -.Fo d2i_OCSP_BASICRESP -.Fa "OCSP_BASICRESP **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_BASICRESP -.Fa "OCSP_BASICRESP *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_RESPDATA * -.Fo d2i_OCSP_RESPDATA -.Fa "OCSP_RESPDATA **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_RESPDATA -.Fa "OCSP_RESPDATA *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_RESPID * -.Fo d2i_OCSP_RESPID -.Fa "OCSP_RESPID **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_RESPID -.Fa "OCSP_RESPID *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_SINGLERESP * -.Fo d2i_OCSP_SINGLERESP -.Fa "OCSP_SINGLERESP **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_SINGLERESP -.Fa "OCSP_SINGLERESP *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_CERTSTATUS * -.Fo d2i_OCSP_CERTSTATUS -.Fa "OCSP_CERTSTATUS **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_CERTSTATUS -.Fa "OCSP_CERTSTATUS *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_REVOKEDINFO * -.Fo d2i_OCSP_REVOKEDINFO -.Fa "OCSP_REVOKEDINFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_REVOKEDINFO -.Fa "OCSP_REVOKEDINFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft OCSP_CRLID * -.Fo d2i_OCSP_CRLID -.Fa "OCSP_CRLID **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_OCSP_CRLID -.Fa "OCSP_CRLID *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode ASN.1 structures used for OCSP -responses. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_OCSP_RESPONSE -and -.Fn i2d_OCSP_RESPONSE -decode and encode an ASN.1 -.Vt OCSPResponse -structure defined in RFC 6960 section 4.2.1. -.Pp -.Fn d2i_OCSP_RESPBYTES -and -.Fn i2d_OCSP_RESPBYTES -decode and encode an ASN.1 -.Vt ResponseBytes -structure defined in RFC 6960 section 4.2.1. -.Pp -.Fn d2i_OCSP_BASICRESP -and -.Fn i2d_OCSP_BASICRESP -decode and encode an ASN.1 -.Vt BasicOCSPResponse -structure defined in RFC 6960 section 4.2.1. -.Pp -.Fn d2i_OCSP_RESPDATA -and -.Fn i2d_OCSP_RESPDATA -decode and encode an ASN.1 -.Vt ResponseData -structure defined in RFC 6960 section 4.2.1. -.Pp -.Fn d2i_OCSP_RESPID -and -.Fn i2d_OCSP_RESPID -decode and encode an ASN.1 -.Vt ResponderID -structure defined in RFC 6960 section 4.2.1. -.Pp -.Fn d2i_OCSP_SINGLERESP -and -.Fn i2d_OCSP_SINGLERESP -decode and encode an ASN.1 -.Vt SingleResponse -structure defined in RFC 6960 section 4.2.1. -.Pp -.Fn d2i_OCSP_CERTSTATUS -and -.Fn i2d_OCSP_CERTSTATUS -decode and encode an ASN.1 -.Vt CertStatus -structure defined in RFC 6960 section 4.2.1. -.Pp -.Fn d2i_OCSP_REVOKEDINFO -and -.Fn i2d_OCSP_REVOKEDINFO -decode and encode an ASN.1 -.Vt RevokedInfo -structure defined in RFC 6960 section 4.2.1. -.Pp -.Fn d2i_OCSP_CRLID -and -.Fn i2d_OCSP_CRLID -decode and encode an ASN.1 -.Vt CrlID -structure defined in RFC 6960 section 4.4.2. -.Sh RETURN VALUES -.Fn d2i_OCSP_RESPONSE , -.Fn d2i_OCSP_RESPBYTES , -.Fn d2i_OCSP_BASICRESP , -.Fn d2i_OCSP_RESPDATA , -.Fn d2i_OCSP_RESPID , -.Fn d2i_OCSP_SINGLERESP , -.Fn d2i_OCSP_CERTSTATUS , -.Fn d2i_OCSP_REVOKEDINFO , -and -.Fn d2i_OCSP_CRLID -return an object of the respective type or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_OCSP_RESPONSE , -.Fn i2d_OCSP_RESPBYTES , -.Fn i2d_OCSP_BASICRESP , -.Fn i2d_OCSP_RESPDATA , -.Fn i2d_OCSP_RESPID , -.Fn i2d_OCSP_SINGLERESP , -.Fn i2d_OCSP_CERTSTATUS , -.Fn i2d_OCSP_REVOKEDINFO , -and -.Fn i2d_OCSP_CRLID -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr OCSP_CRLID_new 3 , -.Xr OCSP_REQUEST_new 3 , -.Xr OCSP_RESPONSE_new 3 , -.Xr OCSP_SINGLERESP_new 3 -.Sh STANDARDS -RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate -Status Protocol, section 4.2: Response Syntax -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 3.2 . diff --git a/src/lib/libcrypto/man/d2i_PKCS12.3 b/src/lib/libcrypto/man/d2i_PKCS12.3 deleted file mode 100644 index 55272d1f36..0000000000 --- a/src/lib/libcrypto/man/d2i_PKCS12.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" $OpenBSD: d2i_PKCS12.3,v 1.2 2018/03/21 17:57:48 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt D2I_PKCS12 3 -.Os -.Sh NAME -.Nm d2i_PKCS12 , -.Nm i2d_PKCS12 , -.Nm d2i_PKCS12_bio , -.Nm i2d_PKCS12_bio , -.Nm d2i_PKCS12_fp , -.Nm i2d_PKCS12_fp , -.Nm d2i_PKCS12_MAC_DATA , -.Nm i2d_PKCS12_MAC_DATA , -.Nm d2i_PKCS12_SAFEBAG , -.Nm i2d_PKCS12_SAFEBAG , -.Nm d2i_PKCS12_BAGS , -.Nm i2d_PKCS12_BAGS -.Nd decode and encode PKCS#12 structures -.Sh SYNOPSIS -.In openssl/pkcs12.h -.Ft PKCS12 * -.Fo d2i_PKCS12 -.Fa "PKCS12 **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS12 -.Fa "PKCS12 *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS12 * -.Fo d2i_PKCS12_bio -.Fa "BIO *in_bio" -.Fa "PKCS12 **val_out" -.Fc -.Ft int -.Fo i2d_PKCS12_bio -.Fa "BIO *out_bio" -.Fa "PKCS12 *val_in" -.Fc -.Ft PKCS12 * -.Fo d2i_PKCS12_fp -.Fa "FILE *in_fp" -.Fa "PKCS12 **val_out" -.Fc -.Ft int -.Fo i2d_PKCS12_fp -.Fa "FILE *out_fp" -.Fa "PKCS12 *val_in" -.Fc -.Ft PKCS12_MAC_DATA * -.Fo d2i_PKCS12_MAC_DATA -.Fa "PKCS12_MAC_DATA **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS12_MAC_DATA -.Fa "PKCS12_MAC_DATA *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS12_SAFEBAG * -.Fo d2i_PKCS12_SAFEBAG -.Fa "PKCS12_SAFEBAG **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS12_SAFEBAG -.Fa "PKCS12_SAFEBAG *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS12_BAGS * -.Fo d2i_PKCS12_BAGS -.Fa "PKCS12_BAGS **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS12_BAGS -.Fa "PKCS12_BAGS *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode PKCS#12 structures. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_PKCS12 -and -.Fn i2d_PKCS12 -decode and encode an ASN.1 -.Vt PFX -.Pq personal information exchange -structure defined in RFC 7292 section 4. -.Fn d2i_PKCS12_bio , -.Fn i2d_PKCS12_bio , -.Fn d2i_PKCS12_fp , -and -.Fn i2d_PKCS12_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_PKCS12_MAC_DATA -and -.Fn i2d_PKCS12_MAC_DATA -decode and encode an ASN.1 -.Vt MacData -structure defined in RFC 7292 section 4. -.Pp -.Fn d2i_PKCS12_SAFEBAG -and -.Fn i2d_PKCS12_SAFEBAG -decode and encode an ASN.1 -.Vt SafeBag -structure defined in RFC 7292 section 4.2. -.Pp -.Fn d2i_PKCS12_BAGS -and -.Fn i2d_PKCS12_BAGS -decode and encode the bagValue field of an ASN.1 -.Vt SafeBag -structure. -.Sh RETURN VALUES -.Fn d2i_PKCS12 , -.Fn d2i_PKCS12_bio , -and -.Fn d2i_PKCS12_fp -return a -.Vt PKCS12 -object or -.Dv NULL -if an error occurs. -.Pp -.Fn d2i_PKCS12_MAC_DATA , -.Fn d2i_PKCS12_SAFEBAG , -and -.Fn d2i_PKCS12_BAGS -return a -.Vt PKCS12_MAC_DATA , -.Vt PKCS12_SAFEBAG , -or -.Vt PKCS12_BAGS -object, respectively, or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_PKCS12 , -.Fn i2d_PKCS12_MAC_DATA , -.Fn i2d_PKCS12_SAFEBAG , -and -.Fn i2d_PKCS12_BAGS -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Pp -.Fn i2d_PKCS12_bio -and -.Fn i2d_PKCS12_fp -return 1 for success or 0 if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr PKCS12_create 3 , -.Xr PKCS12_new 3 , -.Xr PKCS12_parse 3 , -.Xr PKCS12_SAFEBAG_new 3 -.Sh STANDARDS -RFC 7292: PKCS #12: Personal Information Exchange Syntax -.Sh HISTORY -.Fn d2i_PKCS12 , -.Fn i2d_PKCS12 , -.Fn d2i_PKCS12_bio , -.Fn i2d_PKCS12_bio , -.Fn d2i_PKCS12_fp , -.Fn i2d_PKCS12_fp , -.Fn d2i_PKCS12_MAC_DATA , -.Fn i2d_PKCS12_MAC_DATA , -.Fn d2i_PKCS12_SAFEBAG , -.Fn i2d_PKCS12_SAFEBAG , -.Fn d2i_PKCS12_BAGS , -and -.Fn i2d_PKCS12_BAGS -first appeared in OpenSSL 0.9.3 and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/d2i_PKCS7.3 b/src/lib/libcrypto/man/d2i_PKCS7.3 deleted file mode 100644 index 0581583fc7..0000000000 --- a/src/lib/libcrypto/man/d2i_PKCS7.3 +++ /dev/null @@ -1,354 +0,0 @@ -.\" $OpenBSD: d2i_PKCS7.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_PKCS7 3 -.Os -.Sh NAME -.Nm d2i_PKCS7 , -.Nm i2d_PKCS7 , -.Nm d2i_PKCS7_bio , -.Nm i2d_PKCS7_bio , -.Nm d2i_PKCS7_fp , -.Nm i2d_PKCS7_fp , -.Nm i2d_PKCS7_NDEF , -.Nm d2i_PKCS7_DIGEST , -.Nm i2d_PKCS7_DIGEST , -.Nm d2i_PKCS7_ENCRYPT , -.Nm i2d_PKCS7_ENCRYPT , -.Nm d2i_PKCS7_ENC_CONTENT , -.Nm i2d_PKCS7_ENC_CONTENT , -.Nm d2i_PKCS7_ENVELOPE , -.Nm i2d_PKCS7_ENVELOPE , -.Nm d2i_PKCS7_ISSUER_AND_SERIAL , -.Nm i2d_PKCS7_ISSUER_AND_SERIAL , -.Nm d2i_PKCS7_RECIP_INFO , -.Nm i2d_PKCS7_RECIP_INFO , -.Nm d2i_PKCS7_SIGNED , -.Nm i2d_PKCS7_SIGNED , -.Nm d2i_PKCS7_SIGNER_INFO , -.Nm i2d_PKCS7_SIGNER_INFO , -.Nm d2i_PKCS7_SIGN_ENVELOPE , -.Nm i2d_PKCS7_SIGN_ENVELOPE -.Nd decode and encode PKCS#7 data structures -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft PKCS7 * -.Fo d2i_PKCS7 -.Fa "PKCS7 **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS7 -.Fa "PKCS7 *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS7 * -.Fo d2i_PKCS7_bio -.Fa "BIO *in_bio" -.Fa "PKCS7 **val_out" -.Fc -.Ft int -.Fo i2d_PKCS7_bio -.Fa "BIO *out_bio" -.Fa "PKCS7 *val_in" -.Fc -.Ft PKCS7 * -.Fo d2i_PKCS7_fp -.Fa "FILE *in_fp" -.Fa "PKCS7 **val_out" -.Fc -.Ft int -.Fo i2d_PKCS7_fp -.Fa "FILE *out_fp" -.Fa "PKCS7 *val_in" -.Fc -.Ft int -.Fo i2d_PKCS7_NDEF -.Fa "PKCS7 *val_in" -.Fa "unsigned char **ber_out" -.Fc -.Ft PKCS7_DIGEST * -.Fo d2i_PKCS7_DIGEST -.Fa "PKCS7_DIGEST **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS7_DIGEST -.Fa "PKCS7_DIGEST *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS7_ENCRYPT * -.Fo d2i_PKCS7_ENCRYPT -.Fa "PKCS7_ENCRYPT **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS7_ENCRYPT -.Fa "PKCS7_ENCRYPT *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS7_ENC_CONTENT * -.Fo d2i_PKCS7_ENC_CONTENT -.Fa "PKCS7_ENC_CONTENT **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS7_ENC_CONTENT -.Fa "PKCS7_ENC_CONTENT *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS7_ENVELOPE * -.Fo d2i_PKCS7_ENVELOPE -.Fa "PKCS7_ENVELOPE **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS7_ENVELOPE -.Fa "PKCS7_ENVELOPE *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS7_ISSUER_AND_SERIAL * -.Fo d2i_PKCS7_ISSUER_AND_SERIAL -.Fa "PKCS7_ISSUER_AND_SERIAL **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS7_ISSUER_AND_SERIAL -.Fa "PKCS7_ISSUER_AND_SERIAL *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS7_RECIP_INFO * -.Fo d2i_PKCS7_RECIP_INFO -.Fa "PKCS7_RECIP_INFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS7_RECIP_INFO -.Fa "PKCS7_RECIP_INFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS7_SIGNED * -.Fo d2i_PKCS7_SIGNED -.Fa "PKCS7_SIGNED **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS7_SIGNED -.Fa "PKCS7_SIGNED *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS7_SIGNER_INFO * -.Fo d2i_PKCS7_SIGNER_INFO -.Fa "PKCS7_SIGNER_INFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS7_SIGNER_INFO -.Fa "PKCS7_SIGNER_INFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS7_SIGN_ENVELOPE * -.Fo d2i_PKCS7_SIGN_ENVELOPE -.Fa "PKCS7_SIGN_ENVELOPE **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS7_SIGN_ENVELOPE -.Fa "PKCS7_SIGN_ENVELOPE *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode PKCS#7 data structures. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_PKCS7 -and -.Fn i2d_PKCS7 -decode and encode an ASN.1 -.Vt ContentInfo -structure defined in RFC 2315 section 7. -.Fn d2i_PKCS7_bio , -.Fn i2d_PKCS7_bio , -.Fn d2i_PKCS7_fp , -and -.Fn i2d_PKCS7_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn i2d_PKCS7_NDEF -is similar to -.Fn i2d_PKCS7 -except that it encodes using BER rather than DER, using the indefinite -length form where appropriate. -.Pp -.Fn d2i_PKCS7_DIGEST -and -.Fn i2d_PKCS7_DIGEST -decode and encode an ASN.1 -.Vt DigestedData -structure defined in RFC 2315 section 12. -.Pp -.Fn d2i_PKCS7_ENCRYPT -and -.Fn i2d_PKCS7_ENCRYPT -decode and encode an ASN.1 -.Vt EncryptedData -structure defined in RFC 2315 section 13. -.Pp -.Fn d2i_PKCS7_ENC_CONTENT -and -.Fn i2d_PKCS7_ENC_CONTENT -decode and encode an ASN.1 -.Vt EncryptedContentInfo -structure defined in RFC 2315 section 10.1. -.Pp -.Fn d2i_PKCS7_ENVELOPE -and -.Fn i2d_PKCS7_ENVELOPE -decode and encode an ASN.1 -.Vt EnvelopedData -structure defined in RFC 2315 section 10. -.Pp -.Fn d2i_PKCS7_ISSUER_AND_SERIAL -and -.Fn i2d_PKCS7_ISSUER_AND_SERIAL -decode and encode an ASN.1 -.Vt IssuerAndSerialNumber -structure defined in RFC 2315 section 6.7. -.Pp -.Fn d2i_PKCS7_RECIP_INFO -and -.Fn i2d_PKCS7_RECIP_INFO -decode and encode an ASN.1 -.Vt RecipientInfo -structure defined in RFC 2315 section 10.2. -.Pp -.Fn d2i_PKCS7_SIGNED -and -.Fn i2d_PKCS7_SIGNED -decode and encode an ASN.1 -.Vt SignedData -structure defined in RFC 2315 section 9. -.Pp -.Fn d2i_PKCS7_SIGNER_INFO -and -.Fn i2d_PKCS7_SIGNER_INFO -decode and encode an ASN.1 -.Vt SignerInfo -structure defined in RFC 2315 section 9.2. -.Pp -.Fn d2i_PKCS7_SIGN_ENVELOPE -and -.Fn i2d_PKCS7_SIGN_ENVELOPE -decode and encode an ASN.1 -.Vt SignedAndEnvelopedData -structure defined in RFC 2315 section 11. -.Sh RETURN VALUES -.Fn d2i_PKCS7 , -.Fn d2i_PKCS7_bio , -and -.Fn d2i_PKCS7_fp -return a -.Vt PKCS7 -object or -.Dv NULL -if an error occurs. -.Pp -.Fn d2i_PKCS7_DIGEST , -.Fn d2i_PKCS7_ENCRYPT , -.Fn d2i_PKCS7_ENC_CONTENT , -.Fn d2i_PKCS7_ENVELOPE , -.Fn d2i_PKCS7_ISSUER_AND_SERIAL , -.Fn d2i_PKCS7_RECIP_INFO , -.Fn d2i_PKCS7_SIGNED , -.Fn d2i_PKCS7_SIGNER_INFO , -and -.Fn d2i_PKCS7_SIGN_ENVELOPE -return an object of the respective type or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_PKCS7 , -.Fn i2d_PKCS7_NDEF , -.Fn i2d_PKCS7_DIGEST , -.Fn i2d_PKCS7_ENCRYPT , -.Fn i2d_PKCS7_ENC_CONTENT , -.Fn i2d_PKCS7_ENVELOPE , -.Fn i2d_PKCS7_ISSUER_AND_SERIAL , -.Fn i2d_PKCS7_RECIP_INFO , -.Fn i2d_PKCS7_SIGNED , -.Fn i2d_PKCS7_SIGNER_INFO , -and -.Fn i2d_PKCS7_SIGN_ENVELOPE -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Pp -.Fn i2d_PKCS7_bio -and -.Fn i2d_PKCS7_fp -return 1 for success or 0 if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr i2d_PKCS7_bio_stream 3 , -.Xr PEM_write_bio_PKCS7_stream 3 , -.Xr PEM_write_PKCS7 3 , -.Xr PKCS7_new 3 , -.Xr SMIME_write_PKCS7 3 -.Sh STANDARDS -RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5 -.Sh HISTORY -.Fn d2i_PKCS7 , -.Fn i2d_PKCS7 , -.Fn d2i_PKCS7_bio , -.Fn i2d_PKCS7_bio , -.Fn d2i_PKCS7_fp , -.Fn i2d_PKCS7_fp , -.Fn d2i_PKCS7_DIGEST , -.Fn i2d_PKCS7_DIGEST , -.Fn d2i_PKCS7_ENCRYPT , -.Fn i2d_PKCS7_ENCRYPT , -.Fn d2i_PKCS7_ENC_CONTENT , -.Fn i2d_PKCS7_ENC_CONTENT , -.Fn d2i_PKCS7_ENVELOPE , -.Fn i2d_PKCS7_ENVELOPE , -.Fn d2i_PKCS7_ISSUER_AND_SERIAL , -.Fn i2d_PKCS7_ISSUER_AND_SERIAL , -.Fn d2i_PKCS7_RECIP_INFO , -.Fn i2d_PKCS7_RECIP_INFO , -.Fn d2i_PKCS7_SIGNED , -.Fn i2d_PKCS7_SIGNED , -.Fn d2i_PKCS7_SIGNER_INFO , -.Fn i2d_PKCS7_SIGNER_INFO , -.Fn d2i_PKCS7_SIGN_ENVELOPE , -and -.Fn i2d_PKCS7_SIGN_ENVELOPE -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 b/src/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 deleted file mode 100644 index 58dd989fae..0000000000 --- a/src/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 +++ /dev/null @@ -1,172 +0,0 @@ -.\" $OpenBSD: d2i_PKCS8PrivateKey_bio.3,v 1.11 2019/06/07 19:28:52 schwarze Exp $ -.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2016, 2017 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 7 2019 $ -.Dt D2I_PKCS8PRIVATEKEY_BIO 3 -.Os -.Sh NAME -.Nm d2i_PKCS8PrivateKey_bio , -.Nm d2i_PKCS8PrivateKey_fp , -.Nm i2d_PKCS8PrivateKey_bio , -.Nm i2d_PKCS8PrivateKey_fp , -.Nm i2d_PKCS8PrivateKey_nid_bio , -.Nm i2d_PKCS8PrivateKey_nid_fp -.Nd PKCS#8 format private key functions -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_PKEY * -.Fo d2i_PKCS8PrivateKey_bio -.Fa "BIO *bp" -.Fa "EVP_PKEY **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft EVP_PKEY * -.Fo d2i_PKCS8PrivateKey_fp -.Fa "FILE *fp" -.Fa "EVP_PKEY **x" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo i2d_PKCS8PrivateKey_bio -.Fa "BIO *bp" -.Fa "EVP_PKEY *x" -.Fa "const EVP_CIPHER *enc" -.Fa "char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo i2d_PKCS8PrivateKey_fp -.Fa "FILE *fp" -.Fa "EVP_PKEY *x" -.Fa "const EVP_CIPHER *enc" -.Fa "char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo i2d_PKCS8PrivateKey_nid_bio -.Fa "BIO *bp" -.Fa "EVP_PKEY *x" -.Fa "int nid" -.Fa "char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Ft int -.Fo i2d_PKCS8PrivateKey_nid_fp -.Fa "FILE *fp" -.Fa "EVP_PKEY *x" -.Fa "int nid" -.Fa "char *kstr" -.Fa "int klen" -.Fa "pem_password_cb *cb" -.Fa "void *u" -.Fc -.Sh DESCRIPTION -The PKCS#8 functions encode and decode private keys in PKCS#8 format -using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption -algorithms. -.Pp -Other than the use of DER as opposed to PEM these functions are -identical to the corresponding functions described in -.Xr PEM_read_PrivateKey 3 . -.Pp -These functions are currently the only way to store encrypted private -keys using DER format. -.Pp -Currently all the functions use -.Vt BIO -or -.Vt FILE -pointers. -There are no functions which work directly on memory, -though this can be readily worked around -by converting the buffers to memory BIOs; -see -.Xr BIO_s_mem 3 -for details. -.Sh RETURN VALUES -.Fn d2i_PKCS8PrivateKey_bio -and -.Fn d2i_PKCS8PrivateKey_fp -return a -.Vt EVP_PKEY -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_PKCS8PrivateKey_bio , -.Fn i2d_PKCS8PrivateKey_fp , -.Fn i2d_PKCS8PrivateKey_nid_bio , -and -.Fn i2d_PKCS8PrivateKey_nid_fp -return 1 on success or 0 on error. -.Sh SEE ALSO -.Xr d2i_X509_SIG 3 , -.Xr PEM_write_PKCS8PrivateKey 3 , -.Xr PKCS8_PRIV_KEY_INFO_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.5 -and have been available since -.Ox 2.7 . -.Sh CAVEATS -Do not confuse these functions with -.Xr i2d_PKCS8PrivateKeyInfo_bio 3 -and -.Xr i2d_PKCS8PrivateKeyInfo_fp 3 , -which write out private keys in -.Sy unencrypted -DER format. diff --git a/src/lib/libcrypto/man/d2i_PKCS8_PRIV_KEY_INFO.3 b/src/lib/libcrypto/man/d2i_PKCS8_PRIV_KEY_INFO.3 deleted file mode 100644 index 1ac0f2c308..0000000000 --- a/src/lib/libcrypto/man/d2i_PKCS8_PRIV_KEY_INFO.3 +++ /dev/null @@ -1,127 +0,0 @@ -.\" $OpenBSD: d2i_PKCS8_PRIV_KEY_INFO.3,v 1.3 2018/03/21 21:18:08 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt D2I_PKCS8_PRIV_KEY_INFO 3 -.Os -.Sh NAME -.Nm d2i_PKCS8_PRIV_KEY_INFO , -.Nm i2d_PKCS8_PRIV_KEY_INFO , -.Nm d2i_PKCS8_PRIV_KEY_INFO_bio , -.Nm i2d_PKCS8_PRIV_KEY_INFO_bio , -.Nm d2i_PKCS8_PRIV_KEY_INFO_fp , -.Nm i2d_PKCS8_PRIV_KEY_INFO_fp -.Nd decode and encode PKCS#8 private key -.Sh SYNOPSIS -.In openssl/x509.h -.Ft PKCS8_PRIV_KEY_INFO * -.Fo d2i_PKCS8_PRIV_KEY_INFO -.Fa "PKCS8_PRIV_KEY_INFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKCS8_PRIV_KEY_INFO -.Fa "PKCS8_PRIV_KEY_INFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PKCS8_PRIV_KEY_INFO * -.Fo d2i_PKCS8_PRIV_KEY_INFO_bio -.Fa "BIO *in_bio" -.Fa "PKCS8_PRIV_KEY_INFO **val_out" -.Fc -.Ft int -.Fo i2d_PKCS8_PRIV_KEY_INFO_bio -.Fa "BIO *out_bio" -.Fa "PKCS8_PRIV_KEY_INFO *val_in" -.Fc -.Ft PKCS8_PRIV_KEY_INFO * -.Fo d2i_PKCS8_PRIV_KEY_INFO_fp -.Fa "FILE *in_fp" -.Fa "PKCS8_PRIV_KEY_INFO **val_out" -.Fc -.Ft int -.Fo i2d_PKCS8_PRIV_KEY_INFO_fp -.Fa "BIO *out_fp" -.Fa "PKCS8_PRIV_KEY_INFO *val_in" -.Fc -.Sh DESCRIPTION -.Fn d2i_PKCS8_PRIV_KEY_INFO -and -.Fn i2d_PKCS8_PRIV_KEY_INFO -decode and encode an ASN.1 -.Vt PrivateKeyInfo -structure defined in RFC 5208 section 5. -.Pp -.Fn d2i_PKCS8_PRIV_KEY_INFO_bio , -.Fn i2d_PKCS8_PRIV_KEY_INFO_bio , -.Fn d2i_PKCS8_PRIV_KEY_INFO_fp , -and -.Fn i2d_PKCS8_PRIV_KEY_INFO_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -These functions all use unencrypted DER format. -To store private keys in encrypted form, consider -.Xr d2i_PKCS8PrivateKey_bio 3 -or -.Xr PEM_write_PKCS8PrivateKey 3 . -.Sh RETURN VALUES -.Fn d2i_PKCS8_PRIV_KEY_INFO , -.Fn d2i_PKCS8_PRIV_KEY_INFO_bio , -and -.Fn d2i_PKCS8_PRIV_KEY_INFO_fp -return a -.Vt PKCS8_PRIV_KEY_INFO -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_PKCS8_PRIV_KEY_INFO -returns the number of bytes successfully encoded or a negative value -if an error occurs. -.Pp -.Fn i2d_PKCS8_PRIV_KEY_INFO_bio -and -.Fn i2d_PKCS8_PRIV_KEY_INFO_fp -return 1 for success or 0 if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr d2i_PKCS8PrivateKey_bio 3 , -.Xr d2i_PrivateKey 3 , -.Xr PEM_write_PKCS8_PRIV_KEY_INFO 3 , -.Xr PKCS8_PRIV_KEY_INFO_new 3 -.Sh STANDARDS -RFC 5208: PKCS#8: Private-Key Information Syntax Specification -.Sh HISTORY -.Fn d2i_PKCS8_PRIV_KEY_INFO -and -.Fn i2d_PKCS8_PRIV_KEY_INFO -first appeared in OpenSSL 0.9.3. -.Fn d2i_PKCS8_PRIV_KEY_INFO_bio , -.Fn i2d_PKCS8_PRIV_KEY_INFO_bio , -.Fn d2i_PKCS8_PRIV_KEY_INFO_fp , -and -.Fn i2d_PKCS8_PRIV_KEY_INFO_fp -first appeared in OpenSSL 0.9.4. -All these functions have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/d2i_PKEY_USAGE_PERIOD.3 b/src/lib/libcrypto/man/d2i_PKEY_USAGE_PERIOD.3 deleted file mode 100644 index df8639264c..0000000000 --- a/src/lib/libcrypto/man/d2i_PKEY_USAGE_PERIOD.3 +++ /dev/null @@ -1,74 +0,0 @@ -.\" $OpenBSD: d2i_PKEY_USAGE_PERIOD.3,v 1.2 2018/03/21 16:09:51 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt D2I_PKEY_USAGE_PERIOD 3 -.Os -.Sh NAME -.Nm d2i_PKEY_USAGE_PERIOD , -.Nm i2d_PKEY_USAGE_PERIOD -.Nd decode and encode X.509 key usage period extensions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft PKEY_USAGE_PERIOD * -.Fo d2i_PKEY_USAGE_PERIOD -.Fa "PKEY_USAGE_PERIOD **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PKEY_USAGE_PERIOD -.Fa "PKEY_USAGE_PERIOD *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -.Fn d2i_PKEY_USAGE_PERIOD -and -.Fn i2d_PKEY_USAGE_PERIOD -decode and encode an ASN.1 -.Vt PrivateKeyUsagePeriod -structure defined in RFC 3280 section 4.2.1.4. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Sh RETURN VALUES -.Fn d2i_PKEY_USAGE_PERIOD -returns a -.Vt PKEY_USAGE_PERIOD -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_PKEY_USAGE_PERIOD -returns the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr PKEY_USAGE_PERIOD_new 3 , -.Xr X509_EXTENSION_new 3 -.Sh STANDARDS -RFC 3280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, -section 4.2.1.4: Private Key Usage Period -.Pp -RFC 3280 was obsoleted by RFC 5280; see -.Xr PKEY_USAGE_PERIOD_new 3 -for details. -.Sh HISTORY -.Fn d2i_PKEY_USAGE_PERIOD -and -.Fn i2d_PKEY_USAGE_PERIOD -first appeared in OpenSSL 0.9.2b and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/d2i_POLICYINFO.3 b/src/lib/libcrypto/man/d2i_POLICYINFO.3 deleted file mode 100644 index bae78b17c7..0000000000 --- a/src/lib/libcrypto/man/d2i_POLICYINFO.3 +++ /dev/null @@ -1,165 +0,0 @@ -.\" $OpenBSD: d2i_POLICYINFO.3,v 1.2 2018/03/21 17:57:48 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt D2I_POLICYINFO 3 -.Os -.Sh NAME -.Nm d2i_POLICYINFO , -.Nm i2d_POLICYINFO , -.Nm d2i_CERTIFICATEPOLICIES , -.Nm i2d_CERTIFICATEPOLICIES , -.Nm d2i_POLICYQUALINFO , -.Nm i2d_POLICYQUALINFO , -.Nm d2i_USERNOTICE , -.Nm i2d_USERNOTICE , -.Nm d2i_NOTICEREF , -.Nm i2d_NOTICEREF -.Nd decode and encode X.509 certificate policies -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft POLICYINFO * -.Fo d2i_POLICYINFO -.Fa "POLICYINFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_POLICYINFO -.Fa "POLICYINFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft CERTIFICATEPOLICIES * -.Fo d2i_CERTIFICATEPOLICIES -.Fa "CERTIFICATEPOLICIES **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_CERTIFICATEPOLICIES -.Fa "CERTIFICATEPOLICIES *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft POLICYQUALINFO * -.Fo d2i_POLICYQUALINFO -.Fa "POLICYQUALINFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_POLICYQUALINFO -.Fa "POLICYQUALINFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft USERNOTICE * -.Fo d2i_USERNOTICE -.Fa "USERNOTICE **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_USERNOTICE -.Fa "USERNOTICE *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft NOTICEREF * -.Fo d2i_NOTICEREF -.Fa "NOTICEREF **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_NOTICEREF -.Fa "NOTICEREF *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode X.509 certificate policies. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_POLICYINFO -and -.Fn i2d_POLICYINFO -decode and encode an ASN.1 -.Vt PolicyInformation -structure defined in RFC 5280 section 4.2.1.4. -.Pp -.Fn d2i_CERTIFICATEPOLICIES -and -.Fn i2d_CERTIFICATEPOLICIES -decode and encode an ASN.1 -.Vt CertificatePolicies -structure defined in RFC 5280 section 4.2.1.4. -.Pp -.Fn d2i_POLICYQUALINFO -and -.Fn i2d_POLICYQUALINFO -decode and encode an ASN.1 -.Vt PolicyQualifierInfo -structure defined in RFC 5280 section 4.2.1.4. -.Pp -.Fn d2i_USERNOTICE -and -.Fn i2d_USERNOTICE -decode and encode an ASN.1 -.Vt UserNotice -structure defined in RFC 5280 section 4.2.1.4. -.Pp -.Fn d2i_NOTICEREF -and -.Fn i2d_NOTICEREF -decode and encode an ASN.1 -.Vt NoticeReference -structure defined in RFC 5280 section 4.2.1.4. -.Sh RETURN VALUES -.Fn d2i_POLICYINFO , -.Fn d2i_CERTIFICATEPOLICIES , -.Fn d2i_POLICYQUALINFO , -.Fn d2i_USERNOTICE , -and -.Fn d2i_NOTICEREF -return a -.Vt POLICYINFO , -.Vt CERTIFICATEPOLICIES , -.Vt POLICYQUALINFO , -.Vt USERNOTICE , -or -.Vt NOTICEREF -object, respectively, or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_POLICYINFO , -.Fn i2d_CERTIFICATEPOLICIES , -.Fn i2d_POLICYQUALINFO , -.Fn i2d_USERNOTICE , -and -.Fn i2d_NOTICEREF -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr POLICYINFO_new 3 , -.Xr X509_EXTENSION_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, -section 4.2.1.4: Certificate Policies -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.3 -and have been available since -.Ox 2.6 . diff --git a/src/lib/libcrypto/man/d2i_PROXY_POLICY.3 b/src/lib/libcrypto/man/d2i_PROXY_POLICY.3 deleted file mode 100644 index 794c6edcec..0000000000 --- a/src/lib/libcrypto/man/d2i_PROXY_POLICY.3 +++ /dev/null @@ -1,97 +0,0 @@ -.\" $OpenBSD: d2i_PROXY_POLICY.3,v 1.2 2018/03/22 22:07:12 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 22 2018 $ -.Dt D2I_PROXY_POLICY 3 -.Os -.Sh NAME -.Nm d2i_PROXY_POLICY , -.Nm i2d_PROXY_POLICY , -.Nm d2i_PROXY_CERT_INFO_EXTENSION , -.Nm i2d_PROXY_CERT_INFO_EXTENSION -.Nd decode and encode X.509 proxy certificate extensions -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft PROXY_POLICY * -.Fo d2i_PROXY_POLICY -.Fa "PROXY_POLICY **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PROXY_POLICY -.Fa "PROXY_POLICY *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft PROXY_CERT_INFO_EXTENSION * -.Fo d2i_PROXY_CERT_INFO_EXTENSION -.Fa "PROXY_CERT_INFO_EXTENSION **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PROXY_CERT_INFO_EXTENSION -.Fa "PROXY_CERT_INFO_EXTENSION *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions encode and decode X.509 extensions that decide -whether a certificate is a proxy certificate, and which policies -apply to it. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_PROXY_POLICY -and -.Fn i2d_PROXY_POLICY -decode and encode an ASN.1 -.Vt ProxyPolicy -structure defined in RFC 3820 section 3.8. -.Pp -.Fn d2i_PROXY_CERT_INFO_EXTENSION -and -.Fn i2d_PROXY_CERT_INFO_EXTENSION -decode and encode an ASN.1 -.Vt ProxyCertInfo -structure defined in RFC 3820 section 3.8. -.Sh RETURN VALUES -.Fn d2i_PROXY_POLICY -and -.Fn d2i_PROXY_CERT_INFO_EXTENSION -return a -.Vt PROXY_POLICY -or -.Vt PROXY_CERT_INFO_EXTENSION -object, respectively, or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_PROXY_POLICY -and -.Fn i2d_PROXY_CERT_INFO_EXTENSION -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr PROXY_POLICY_new 3 , -.Xr X509_EXTENSION_new 3 -.Sh STANDARDS -RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy -Certificate Profile -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7g -and have been available since -.Ox 3.8 . diff --git a/src/lib/libcrypto/man/d2i_PrivateKey.3 b/src/lib/libcrypto/man/d2i_PrivateKey.3 deleted file mode 100644 index 588bda8791..0000000000 --- a/src/lib/libcrypto/man/d2i_PrivateKey.3 +++ /dev/null @@ -1,287 +0,0 @@ -.\" $OpenBSD: d2i_PrivateKey.3,v 1.9 2019/06/06 01:06:59 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 6 2019 $ -.Dt D2I_PRIVATEKEY 3 -.Os -.Sh NAME -.Nm d2i_PrivateKey , -.Nm d2i_AutoPrivateKey , -.Nm i2d_PrivateKey , -.Nm d2i_PrivateKey_bio , -.Nm d2i_PrivateKey_fp , -.Nm i2d_PKCS8PrivateKeyInfo_bio , -.Nm i2d_PKCS8PrivateKeyInfo_fp , -.Nm d2i_PublicKey , -.Nm i2d_PublicKey -.Nd decode and encode EVP_PKEY objects -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_PKEY * -.Fo d2i_PrivateKey -.Fa "int type" -.Fa "EVP_PKEY **val_out" -.Fa "const unsigned char **des_in" -.Fa "long length" -.Fc -.Ft EVP_PKEY * -.Fo d2i_AutoPrivateKey -.Fa "EVP_PKEY **val_out" -.Fa "const unsigned char **des_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PrivateKey -.Fa "EVP_PKEY *val_in" -.Fa "unsigned char **des_out" -.Fc -.Ft EVP_PKEY * -.Fo d2i_PrivateKey_bio -.Fa "BIO *in_bio" -.Fa "EVP_PKEY **val_out" -.Fc -.Ft EVP_PKEY * -.Fo d2i_PrivateKey_fp -.Fa "FILE *in_fp" -.Fa "EVP_PKEY **val_out" -.Fc -.Ft int -.Fo i2d_PKCS8PrivateKeyInfo_bio -.Fa "BIO *out_bio" -.Fa "EVP_PKEY *val_in" -.Fc -.Ft int -.Fo i2d_PKCS8PrivateKeyInfo_fp -.Fa "FILE *out_fp" -.Fa "EVP_PKEY *val_in" -.Fc -.Ft EVP_PKEY * -.Fo d2i_PublicKey -.Fa "int type" -.Fa "EVP_PKEY **val_out" -.Fa "const unsigned char **des_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_PublicKey -.Fa "EVP_PKEY *val_in" -.Fa "unsigned char **des_out" -.Fc -.Sh DESCRIPTION -These are algorithm-independent interfaces to decode and encode -private and public keys. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_PrivateKey -decodes a private key using algorithm -.Fa type . -It attempts to use any algorithm specific format or the PKCS#8 unencrypted -.Vt PrivateKeyInfo -format defined in RFC 5208 section 5. -The -.Fa type -parameter should be a public key algorithm constant such as -.Dv EVP_PKEY_RSA . -An error occurs if the decoded key does not match -.Fa type . -.Pp -.Fn d2i_AutoPrivateKey -is similar to -.Fn d2i_PrivateKey -except that it attempts to automatically detect the algorithm. -.Pp -.Fn d2i_PrivateKey_bio -and -.Fn d2i_PrivateKey_fp -are similar to -.Fn d2i_PrivateKey -except that they read from a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn i2d_PrivateKey -encodes -.Fa val_in . -It uses an algorithm specific format or, if none is defined for -that key type, the PKCS#8 unencrypted -.Vt PrivateKeyInfo -format. -.Pp -.Fn i2d_PKCS8PrivateKeyInfo_bio -and -.Fn i2d_PKCS8PrivateKeyInfo_fp -encode -.Fa val_in -in PKCS#8 unencrypted -.Vt PrivateKeyInfo -format. -They are similar to -.Fn i2d_PrivateKey -except that they don't use any algorithm-specific formats -and that they write to a -.Vt BIO -or -.Vt FILE -pointer rather than to a buffer. -.Pp -All these functions use DER format and unencrypted keys. -Applications wishing to encrypt or decrypt private keys should use other -functions such as -.Xr d2i_PKCS8PrivateKey_bio 3 -instead. -.Pp -If -.Pf * Fa val_out -is not -.Dv NULL -when calling -.Fn d2i_PrivateKey -or -.Fn d2i_AutoPrivateKey -(i.e. an existing structure is being reused) and the key format is -PKCS#8, then -.Pf * Fa val_out -will be freed and replaced on a successful call. -.Pp -.Fn d2i_PublicKey -calls -.Xr d2i_DSAPublicKey 3 , -.Xr o2i_ECPublicKey 3 , -or -.Xr d2i_RSAPublicKey 3 -depending on -.Fa type -and stores the result in the returned -.Vt EVP_PKEY -object. -.Pp -.Fn i2d_PublicKey -calls -.Xr i2d_DSAPublicKey 3 , -.Xr i2o_ECPublicKey 3 , -or -.Xr i2d_RSAPublicKey 3 -depending on the algorithm used by -.Fa val_in . -.Sh RETURN VALUES -.Fn d2i_PrivateKey , -.Fn d2i_AutoPrivateKey , -.Fn d2i_PrivateKey_bio , -.Fn d2i_PrivateKey_fp , -and -.Fn d2i_PublicKey -return a valid -.Vt EVP_PKEY -structure or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_PrivateKey -and -.Fn i2d_PublicKey -return the number of bytes successfully encoded or a negative value if -an error occurs. -.Pp -.Fn i2d_PKCS8PrivateKeyInfo_bio -and -.Fn i2d_PKCS8PrivateKeyInfo_fp -return 1 for success or 0 if an error occurs. -.Pp -For all functions, the error code can be obtained by calling -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr d2i_PKCS8_PRIV_KEY_INFO 3 , -.Xr d2i_PKCS8PrivateKey_bio 3 , -.Xr EVP_PKEY_new 3 , -.Xr EVP_PKEY_type 3 , -.Xr PEM_write_PrivateKey 3 , -.Xr PKCS8_PRIV_KEY_INFO_new 3 -.Sh STANDARDS -RFC 5208: Public-Key Cryptography Standards (PKCS) #8: Private-Key -Information Syntax Specification -.Sh HISTORY -.Fn d2i_PrivateKey , -.Fn i2d_PrivateKey , -.Fn d2i_PublicKey , -and -.Fn i2d_PublicKey -first appeared in SSLeay 0.6.0 and have been available since -.Ox 2.4 . -.Pp -.Fn d2i_AutoPrivateKey , -.Fn d2i_PrivateKey_bio , -.Fn i2d_PrivateKey_bio , -.Fn d2i_PrivateKey_fp , -.Fn i2d_PrivateKey_fp , -.Fn i2d_PKCS8PrivateKeyInfo_bio , -and -.Fn i2d_PKCS8PrivateKeyInfo_fp -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/d2i_RSAPublicKey.3 b/src/lib/libcrypto/man/d2i_RSAPublicKey.3 deleted file mode 100644 index d6c376d84b..0000000000 --- a/src/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ /dev/null @@ -1,389 +0,0 @@ -.\" $OpenBSD: d2i_RSAPublicKey.3,v 1.13 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Ulf Moeller and -.\" Dr. Stephen Henson . -.\" Copyright (c) 2000, 2002, 2003, 2009, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_RSAPUBLICKEY 3 -.Os -.Sh NAME -.Nm d2i_RSAPublicKey , -.Nm i2d_RSAPublicKey , -.Nm d2i_RSAPrivateKey , -.Nm i2d_RSAPrivateKey , -.Nm d2i_Netscape_RSA , -.Nm i2d_Netscape_RSA , -.Nm d2i_RSA_PSS_PARAMS , -.Nm i2d_RSA_PSS_PARAMS , -.Nm d2i_RSAPublicKey_bio , -.Nm d2i_RSAPublicKey_fp , -.Nm i2d_RSAPublicKey_bio , -.Nm i2d_RSAPublicKey_fp , -.Nm d2i_RSAPrivateKey_bio , -.Nm d2i_RSAPrivateKey_fp , -.Nm i2d_RSAPrivateKey_bio , -.Nm i2d_RSAPrivateKey_fp , -.Nm d2i_RSA_PUBKEY , -.Nm i2d_RSA_PUBKEY , -.Nm d2i_RSA_PUBKEY_bio , -.Nm d2i_RSA_PUBKEY_fp , -.Nm i2d_RSA_PUBKEY_bio , -.Nm i2d_RSA_PUBKEY_fp -.Nd decode and encode RSA keys and parameters -.Sh SYNOPSIS -.In openssl/rsa.h -.Ft RSA * -.Fo d2i_RSAPublicKey -.Fa "RSA **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_RSAPublicKey -.Fa "RSA *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft RSA * -.Fo d2i_RSAPrivateKey -.Fa "RSA **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_RSAPrivateKey -.Fa "RSA *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft RSA * -.Fo d2i_Netscape_RSA -.Fa "RSA **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fa "int (*cb)()" -.Fc -.Ft int -.Fo i2d_Netscape_RSA -.Fa "RSA *val_in" -.Fa "unsigned char **der_out" -.Fa "int (*cb)()" -.Fc -.Ft RSA_PSS_PARAMS * -.Fo d2i_RSA_PSS_PARAMS -.Fa "RSA_PSS_PARAMS **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_RSA_PSS_PARAMS -.Fa "RSA_PSS_PARAMS *val_in" -.Fa "unsigned char **der_out" -.Fc -.In openssl/x509.h -.Ft RSA * -.Fo d2i_RSAPublicKey_bio -.Fa "BIO *in_bio" -.Fa "RSA **val_out" -.Fc -.Ft RSA * -.Fo d2i_RSAPublicKey_fp -.Fa "FILE *in_fp" -.Fa "RSA **val_out" -.Fc -.Ft int -.Fo i2d_RSAPublicKey_bio -.Fa "BIO *out_bio" -.Fa "RSA *val_in" -.Fc -.Ft int -.Fo i2d_RSAPublicKey_fp -.Fa "FILE *out_fp" -.Fa "RSA *val_in" -.Fc -.Ft RSA * -.Fo d2i_RSAPrivateKey_bio -.Fa "BIO *in_bio" -.Fa "RSA **val_out" -.Fc -.Ft RSA * -.Fo d2i_RSAPrivateKey_fp -.Fa "FILE *in_fp" -.Fa "RSA **val_out" -.Fc -.Ft int -.Fo i2d_RSAPrivateKey_bio -.Fa "BIO *out_bio" -.Fa "RSA *val_in" -.Fc -.Ft int -.Fo i2d_RSAPrivateKey_fp -.Fa "FILE *out_fp" -.Fa "RSA *val_in" -.Fc -.Ft RSA * -.Fo d2i_RSA_PUBKEY -.Fa "RSA **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_RSA_PUBKEY -.Fa "RSA *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft RSA * -.Fo d2i_RSA_PUBKEY_bio -.Fa "BIO *in_bio" -.Fa "RSA **val_out" -.Fc -.Ft RSA * -.Fo d2i_RSA_PUBKEY_fp -.Fa "FILE *in_fp" -.Fa "RSA **val_out" -.Fc -.Ft int -.Fo i2d_RSA_PUBKEY_bio -.Fa "BIO *out_bio" -.Fa "RSA *val_in" -.Fc -.Ft int -.Fo i2d_RSA_PUBKEY_fp -.Fa "FILE *out_fp" -.Fa "RSA *val_in" -.Fc -.Sh DESCRIPTION -These functions decode and encode RSA private and public keys. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_RSAPublicKey -and -.Fn i2d_RSAPublicKey -decode and encode a PKCS#1 -.Vt RSAPublicKey -structure defined in RFC 8017 appendix A.1.1. -.Fn d2i_RSAPublicKey_bio , -.Fn d2i_RSAPublicKey_fp , -.Fn i2d_RSAPublicKey_bio , -and -.Fn i2d_RSAPublicKey_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_RSAPrivateKey -and -.Fn i2d_RSAPrivateKey -decode and encode a PKCS#1 -.Vt RSAPrivateKey -structure defined in RFC 8017 appendix A.1.2. -The -.Vt RSA -structure passed to the private key encoding functions should have -all the PKCS#1 private key components present. -The data encoded by the private key functions is unencrypted and -therefore offers no private key security. -.Fn d2i_RSAPrivateKey_bio , -.Fn d2i_RSAPrivateKey_fp , -.Fn i2d_RSAPrivateKey_bio , -and -.Fn i2d_RSAPrivateKey_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_Netscape_RSA -and -.Fn i2d_Netscape_RSA -decode and encode an RSA private key in NET format. -These functions are present to provide compatibility with -certain very old software. -The NET format has some severe security weaknesses and should be -avoided if possible. -.Pp -.Fn d2i_RSA_PSS_PARAMS -and -.Fn i2d_RSA_PSS_PARAMS -decode and encode a PKCS#1 -.Vt RSASSA-PSS-params -structure defined in RFC 8017 appendix A.2.3 and documented in -.Xr RSA_PSS_PARAMS_new 3 . -.Pp -.Fn d2i_RSA_PUBKEY -and -.Fn i2d_RSA_PUBKEY -decode and encode an RSA public key using an ASN.1 -.Vt SubjectPublicKeyInfo -structure defined in RFC 5280 section 4.1 and documented in -.Xr X509_PUBKEY_new 3 . -.Fn d2i_RSA_PUBKEY_bio , -.Fn d2i_RSA_PUBKEY_fp , -.Fn i2d_RSA_PUBKEY_bio , -and -.Fn i2d_RSA_PUBKEY_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Sh RETURN VALUES -.Fn d2i_RSAPublicKey , -.Fn d2i_RSAPublicKey_bio , -.Fn d2i_RSAPublicKey_fp , -.Fn d2i_RSAPrivateKey , -.Fn d2i_RSAPrivateKey_bio , -.Fn d2i_RSAPrivateKey_fp , -.Fn d2i_Netscape_RSA , -.Fn d2i_RSA_PUBKEY , -.Fn d2i_RSA_PUBKEY_bio , -and -.Fn d2i_RSA_PUBKEY_fp -return a valid -.Vt RSA -object or -.Dv NULL -if an error occurs. -.Pp -.Fn d2i_RSA_PSS_PARAMS -returns a valid -.Vt RSA_PSS_PARAMS -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_RSAPublicKey , -.Fn i2d_RSAPrivateKey , -.Fn i2d_Netscape_RSA , -.Fn i2d_RSA_PSS_PARAMS , -and -.Fn i2d_RSA_PUBKEY -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Pp -.Fn i2d_RSAPublicKey_bio , -.Fn i2d_RSAPublicKey_fp , -.Fn i2d_RSAPrivateKey_bio , -.Fn i2d_RSAPrivateKey_fp , -.Fn i2d_RSA_PUBKEY_bio , -and -.Fn i2d_RSA_PUBKEY_fp -return 1 for success or 0 if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr EVP_PKEY_set1_RSA 3 , -.Xr PEM_write_RSAPrivateKey 3 , -.Xr RSA_new 3 , -.Xr RSA_PSS_PARAMS_new 3 , -.Xr X509_PUBKEY_new 3 -.Sh STANDARDS -RFC 8017: PKCS #1: RSA Cryptography Specifications -.Pp -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, -section 4.1: Basic Certificate Fields -.Sh HISTORY -.Fn d2i_RSAPublicKey , -.Fn i2d_RSAPublicKey , -.Fn d2i_RSAPrivateKey , -.Fn i2d_RSAPrivateKey , -.Fn d2i_RSAPrivateKey_fp , -.Fn i2d_RSAPrivateKey_fp , -.Fn d2i_Netscape_RSA , -and -.Fn i2d_Netscape_RSA -first appeared in SSLeay 0.5.1. -.Fn d2i_RSAPrivateKey_bio -and -.Fn i2d_RSAPrivateKey_bio -first appeared in SSLeay 0.6.0. -.Fn d2i_RSAPublicKey_bio , -.Fn d2i_RSAPublicKey_fp , -.Fn i2d_RSAPublicKey_bio , -and -.Fn i2d_RSAPublicKey_fp -first appeared in SSLeay 0.8.1. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn d2i_RSA_PUBKEY , -.Fn i2d_RSA_PUBKEY , -.Fn d2i_RSA_PUBKEY_bio , -.Fn d2i_RSA_PUBKEY_fp , -.Fn i2d_RSA_PUBKEY_bio , -and -.Fn i2d_RSA_PUBKEY_fp -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . -.Pp -.Fn d2i_RSA_PSS_PARAMS -and -.Fn i2d_RSA_PSS_PARAMS -first appeared in OpenSSL 1.0.1 and have been available since -.Ox 5.3 . diff --git a/src/lib/libcrypto/man/d2i_TS_REQ.3 b/src/lib/libcrypto/man/d2i_TS_REQ.3 deleted file mode 100644 index 9f7c860fa1..0000000000 --- a/src/lib/libcrypto/man/d2i_TS_REQ.3 +++ /dev/null @@ -1,333 +0,0 @@ -.\" $OpenBSD: d2i_TS_REQ.3,v 1.2 2018/03/23 04:34:23 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt D2I_TS_REQ 3 -.Os -.Sh NAME -.Nm d2i_TS_REQ , -.Nm i2d_TS_REQ , -.Nm d2i_TS_REQ_bio , -.Nm i2d_TS_REQ_bio , -.Nm d2i_TS_REQ_fp , -.Nm i2d_TS_REQ_fp , -.Nm d2i_TS_RESP , -.Nm i2d_TS_RESP , -.Nm d2i_TS_RESP_bio , -.Nm i2d_TS_RESP_bio , -.Nm d2i_TS_RESP_fp , -.Nm i2d_TS_RESP_fp , -.Nm d2i_TS_STATUS_INFO , -.Nm i2d_TS_STATUS_INFO , -.Nm d2i_TS_TST_INFO , -.Nm i2d_TS_TST_INFO , -.Nm d2i_TS_TST_INFO_bio , -.Nm i2d_TS_TST_INFO_bio , -.Nm d2i_TS_TST_INFO_fp , -.Nm i2d_TS_TST_INFO_fp , -.Nm d2i_TS_ACCURACY , -.Nm i2d_TS_ACCURACY , -.Nm d2i_TS_MSG_IMPRINT , -.Nm i2d_TS_MSG_IMPRINT , -.Nm d2i_TS_MSG_IMPRINT_bio , -.Nm i2d_TS_MSG_IMPRINT_bio , -.Nm d2i_TS_MSG_IMPRINT_fp , -.Nm i2d_TS_MSG_IMPRINT_fp -.Nd decode and encode X.509 time-stamp protocol structures -.Sh SYNOPSIS -.In openssl/ts.h -.Ft TS_REQ * -.Fo d2i_TS_REQ -.Fa "TS_REQ **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_TS_REQ -.Fa "const TS_REQ *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft TS_REQ * -.Fo d2i_TS_REQ_bio -.Fa "BIO *in_bio" -.Fa "TS_REQ **val_out" -.Fc -.Ft int -.Fo i2d_TS_REQ_bio -.Fa "BIO *out_bio" -.Fa "TS_REQ *val_in" -.Fc -.Ft TS_REQ * -.Fo d2i_TS_REQ_fp -.Fa "FILE *in_fp" -.Fa "TS_REQ **val_out" -.Fc -.Ft int -.Fo i2d_TS_REQ_fp -.Fa "FILE *out_fp" -.Fa "TS_REQ *val_in" -.Fc -.Ft TS_RESP * -.Fo d2i_TS_RESP -.Fa "TS_RESP **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_TS_RESP -.Fa "const TS_RESP *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft TS_RESP * -.Fo d2i_TS_RESP_bio -.Fa "BIO *in_bio" -.Fa "TS_RESP **val_out" -.Fc -.Ft int -.Fo i2d_TS_RESP_bio -.Fa "BIO *out_bio" -.Fa "TS_RESP *val_in" -.Fc -.Ft TS_RESP * -.Fo d2i_TS_RESP_fp -.Fa "FILE *in_fp" -.Fa "TS_RESP **val_out" -.Fc -.Ft int -.Fo i2d_TS_RESP_fp -.Fa "FILE *out_fp" -.Fa "TS_RESP *val_in" -.Fc -.Ft TS_STATUS_INFO * -.Fo d2i_TS_STATUS_INFO -.Fa "TS_STATUS_INFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_TS_STATUS_INFO -.Fa "const TS_STATUS_INFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft TS_TST_INFO * -.Fo d2i_TS_TST_INFO -.Fa "TS_TST_INFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_TS_TST_INFO -.Fa "const TS_TST_INFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft TS_TST_INFO * -.Fo d2i_TS_TST_INFO_bio -.Fa "BIO *in_bio" -.Fa "TS_TST_INFO **val_out" -.Fc -.Ft int -.Fo i2d_TS_TST_INFO_bio -.Fa "BIO *out_bio" -.Fa "TS_TST_INFO *val_in" -.Fc -.Ft TS_TST_INFO * -.Fo d2i_TS_TST_INFO_fp -.Fa "FILE *in_fp" -.Fa "TS_TST_INFO **val_out" -.Fc -.Ft int -.Fo i2d_TS_TST_INFO_fp -.Fa "FILE *out_fp" -.Fa "TS_TST_INFO *val_in" -.Fc -.Ft TS_ACCURACY * -.Fo d2i_TS_ACCURACY -.Fa "TS_ACCURACY **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_TS_ACCURACY -.Fa "const TS_ACCURACY *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft TS_MSG_IMPRINT * -.Fo d2i_TS_MSG_IMPRINT -.Fa "TS_MSG_IMPRINT **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_TS_MSG_IMPRINT -.Fa "const TS_MSG_IMPRINT *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft TS_MSG_IMPRINT * -.Fo d2i_TS_MSG_IMPRINT_bio -.Fa "BIO *in_bio" -.Fa "TS_MSG_IMPRINT **val_out" -.Fc -.Ft int -.Fo i2d_TS_MSG_IMPRINT_bio -.Fa "BIO *out_bio" -.Fa "TS_MSG_IMPRINT *val_in" -.Fc -.Ft TS_MSG_IMPRINT * -.Fo d2i_TS_MSG_IMPRINT_fp -.Fa "FILE *in_fp" -.Fa "TS_MSG_IMPRINT **val_out" -.Fc -.Ft int -.Fo i2d_TS_MSG_IMPRINT_fp -.Fa "FILE *out_fp" -.Fa "TS_MSG_IMPRINT *val_in" -.Fc -.Sh DESCRIPTION -These functions decode and encode X.509 structures used for the -time-stamp protocol. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_TS_REQ -and -.Fn i2d_TS_REQ -decode and encode an ASN.1 -.Vt TimeStampReq -structure defined in RFC 3161 section 2.4.1. -.Fn d2i_TS_REQ_bio , -.Fn i2d_TS_REQ_bio , -.Fn d2i_TS_REQ_fp , -and -.Fn i2d_TS_REQ_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_TS_RESP -and -.Fn i2d_TS_RESP -decode and encode an ASN.1 -.Vt TimeStampResp -structure defined in RFC 3161 section 2.4.2. -.Fn d2i_TS_RESP_bio , -.Fn i2d_TS_RESP_bio , -.Fn d2i_TS_RESP_fp , -and -.Fn i2d_TS_RESP_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_TS_STATUS_INFO -and -.Fn i2d_TS_STATUS_INFO -decode and encode an ASN.1 -.Vt PKIStatusInfo -structure defined in RFC 3161 section 2.4.2. -.Pp -.Fn d2i_TS_TST_INFO -and -.Fn i2d_TS_TST_INFO -decode and encode an ASN.1 -.Vt TSTInfo -structure defined in RFC 3161 section 2.4.2. -.Fn d2i_TS_TST_INFO_bio , -.Fn i2d_TS_TST_INFO_bio , -.Fn d2i_TS_TST_INFO_fp , -and -.Fn i2d_TS_TST_INFO_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_TS_ACCURACY -and -.Fn i2d_TS_ACCURACY -decode and encode an ASN.1 -.Vt Accuracy -structure defined in RFC 3161 section 2.4.2. -.Pp -.Fn d2i_TS_MSG_IMPRINT -and -.Fn i2d_TS_MSG_IMPRINT -decode and encode an ASN.1 -.Vt MessageImprint -structure defined in RFC 3161 section 2.4.1. -.Fn d2i_TS_MSG_IMPRINT_bio , -.Fn i2d_TS_MSG_IMPRINT_bio , -.Fn d2i_TS_MSG_IMPRINT_fp , -and -.Fn i2d_TS_MSG_IMPRINT_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Sh RETURN VALUES -.Fn d2i_TS_REQ , -.Fn d2i_TS_REQ_bio , -.Fn d2i_TS_REQ_fp , -.Fn d2i_TS_RESP , -.Fn d2i_TS_RESP_bio , -.Fn d2i_TS_RESP_fp , -.Fn d2i_TS_STATUS_INFO , -.Fn d2i_TS_TST_INFO , -.Fn d2i_TS_TST_INFO_bio , -.Fn d2i_TS_TST_INFO_fp , -.Fn d2i_TS_ACCURACY , -.Fn d2i_TS_MSG_IMPRINT , -.Fn d2i_TS_MSG_IMPRINT_bio , -and -.Fn d2i_TS_MSG_IMPRINT_fp -return an object of the respective type or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_TS_REQ , -.Fn i2d_TS_RESP , -.Fn i2d_TS_STATUS_INFO , -.Fn i2d_TS_TST_INFO , -.Fn i2d_TS_ACCURACY , -and -.Fn i2d_TS_MSG_IMPRINT -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Pp -.Fn i2d_TS_REQ_bio , -.Fn i2d_TS_REQ_fp , -.Fn i2d_TS_RESP_bio , -.Fn i2d_TS_RESP_fp , -.Fn i2d_TS_TST_INFO_bio , -.Fn i2d_TS_TST_INFO_fp , -.Fn i2d_TS_MSG_IMPRINT_bio , -and -.Fn i2d_TS_MSG_IMPRINT_fp -return 1 for success or 0 if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr TS_REQ_new 3 -.Sh STANDARDS -RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . diff --git a/src/lib/libcrypto/man/d2i_X509.3 b/src/lib/libcrypto/man/d2i_X509.3 deleted file mode 100644 index 94b136a0ce..0000000000 --- a/src/lib/libcrypto/man/d2i_X509.3 +++ /dev/null @@ -1,296 +0,0 @@ -.\" $OpenBSD: d2i_X509.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_X509 3 -.Os -.Sh NAME -.Nm d2i_X509 , -.Nm i2d_X509 , -.Nm d2i_X509_bio , -.Nm d2i_X509_fp , -.Nm i2d_X509_bio , -.Nm i2d_X509_fp , -.Nm d2i_X509_AUX , -.Nm i2d_X509_AUX , -.Nm d2i_X509_CERT_AUX , -.Nm i2d_X509_CERT_AUX , -.Nm d2i_X509_CINF , -.Nm i2d_X509_CINF , -.Nm d2i_X509_VAL , -.Nm i2d_X509_VAL -.Nd decode and encode X.509 certificates -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509 * -.Fo d2i_X509 -.Fa "X509 **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509 -.Fa "X509 *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft X509 * -.Fo d2i_X509_bio -.Fa "BIO *in_bio" -.Fa "X509 **val_out" -.Fc -.Ft X509 * -.Fo d2i_X509_fp -.Fa "FILE *in_fp" -.Fa "X509 **val_out" -.Fc -.Ft int -.Fo i2d_X509_bio -.Fa "BIO *out_bio" -.Fa "X509 *val_in" -.Fc -.Ft int -.Fo i2d_X509_fp -.Fa "FILE *out_fp" -.Fa "X509 *val_in" -.Fc -.Ft X509 * -.Fo d2i_X509_AUX -.Fa "X509 **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_AUX -.Fa "X509 *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft X509_CERT_AUX * -.Fo d2i_X509_CERT_AUX -.Fa "X509_CERT_AUX **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_CERT_AUX -.Fa "X509_CERT_AUX *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft X509_CINF * -.Fo d2i_X509_CINF -.Fa "X509_CINF **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_CINF -.Fa "X509_CINF *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft X509_VAL * -.Fo d2i_X509_VAL -.Fa "X509_VAL **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_VAL -.Fa "X509_VAL *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode X.509 certificates -and some of their substructures. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_X509 -and -.Fn i2d_X509 -decode and encode an ASN.1 -.Vt Certificate -structure defined in RFC 5280 section 4.1. -.Pp -.Fn d2i_X509_bio , -.Fn d2i_X509_fp , -.Fn i2d_X509_bio , -and -.Fn i2d_X509_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_X509_AUX -is similar to -.Fn d2i_X509 , -but the input is expected to consist of an X.509 certificate followed -by auxiliary trust information. -This is used by the PEM routines to read TRUSTED CERTIFICATE objects. -This function should not be called on untrusted input. -.Pp -.Fn i2d_X509_AUX -is similar to -.Fn i2d_X509 , -but the encoded output contains both the certificate and any auxiliary -trust information. -This is used by the PEM routines to write TRUSTED CERTIFICATE objects. -Note that this is a non-standard OpenSSL-specific data format. -.Pp -.Fn d2i_X509_CERT_AUX -and -.Fn i2d_X509_CERT_AUX -decode and encode optional non-standard auxiliary data appended to -a certificate, for example friendly alias names and trust data. -.Pp -.Fn d2i_X509_CINF -and -.Fn i2d_X509_CINF -decode and encode an ASN.1 -.Vt TBSCertificate -structure defined in RFC 5280 section 4.1. -.Pp -.Fn d2i_X509_VAL -and -.Fn i2d_X509_VAL -decode and encode an ASN.1 -.Vt Validity -structure defined in RFC 5280 section 4.1. -.Sh RETURN VALUES -.Fn d2i_X509 , -.Fn d2i_X509_bio , -.Fn d2i_X509_fp , -and -.Fn d2i_X509_AUX -return a valid -.Vt X509 -structure or -.Dv NULL -if an error occurs. -.Pp -.Fn d2i_X509_CERT_AUX , -.Fn d2i_X509_CINF , -and -.Fn d2i_X509_VAL -return an -.Vt X509_CERT_AUX , -.Vt X509_CINF , -or -.Vt X509_VAL -object, respectively, or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_X509 , -.Fn i2d_X509_AUX , -.Fn i2d_X509_CERT_AUX , -.Fn i2d_X509_CINF , -and -.Fn i2d_X509_VAL -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Pp -.Fn i2d_X509_bio -and -.Fn i2d_X509_fp -return 1 for success or 0 if an error occurs. -.Pp -For all functions, the error code can be obtained by -.Xr ERR_get_error 3 . -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr X509_CINF_new 3 , -.Xr X509_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn d2i_X509 , -.Fn i2d_X509 , -.Fn d2i_X509_fp , -.Fn i2d_X509_fp , -.Fn d2i_X509_CINF , -.Fn i2d_X509_CINF , -.Fn d2i_X509_VAL , -and -.Fn i2d_X509_VAL -first appeared in SSLeay 0.5.1. -.Fn d2i_X509_bio -and -.Fn i2d_X509_bio -first appeared in SSLeay 0.6.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn d2i_X509_AUX , -.Fn i2d_X509_AUX , -.Fn d2i_X509_CERT_AUX , -and -.Fn i2d_X509_CERT_AUX -first appeared in OpenSSL 0.9.5 and have been available since -.Ox 2.7 . diff --git a/src/lib/libcrypto/man/d2i_X509_ALGOR.3 b/src/lib/libcrypto/man/d2i_X509_ALGOR.3 deleted file mode 100644 index 530ae86cf4..0000000000 --- a/src/lib/libcrypto/man/d2i_X509_ALGOR.3 +++ /dev/null @@ -1,58 +0,0 @@ -.\" $OpenBSD: d2i_X509_ALGOR.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_X509_ALGOR 3 -.Os -.Sh NAME -.Nm d2i_X509_ALGOR , -.Nm i2d_X509_ALGOR -.Nd decode and encode algorithm identifiers -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_ALGOR * -.Fo d2i_X509_ALGOR -.Fa "X509_ALGOR **val_out" -.Fa "unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_ALGOR -.Fa "X509_ALGOR *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -.Fn d2i_X509_ALGOR -and -.Fn i2d_X509_ALGOR -decode and encode an ASN.1 -.Vt AlgorithmIdentifier -structure defined in RFC 5280 section 4.1.1.2. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr X509_ALGOR_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn d2i_X509_ALGOR -and -.Fn i2d_X509_ALGOR -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_X509_ATTRIBUTE.3 b/src/lib/libcrypto/man/d2i_X509_ATTRIBUTE.3 deleted file mode 100644 index 6b070e5e51..0000000000 --- a/src/lib/libcrypto/man/d2i_X509_ATTRIBUTE.3 +++ /dev/null @@ -1,76 +0,0 @@ -.\" $OpenBSD: d2i_X509_ATTRIBUTE.3,v 1.3 2018/03/27 17:35:50 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_X509_ATTRIBUTE 3 -.Os -.Sh NAME -.Nm d2i_X509_ATTRIBUTE , -.Nm i2d_X509_ATTRIBUTE -.\" In the following line, "X.501" and "Attribute" are not typos. -.\" The "Attribute" type is defined in X.501, not in X.509. -.\" The type in called "Attribute" with capital "A", not "attribute". -.Nd decode and encode generic X.501 Attribute -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_ATTRIBUTE * -.Fo d2i_X509_ATTRIBUTE -.Fa "X509_ATTRIBUTE **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_ATTRIBUTE -.Fa "X509_ATTRIBUTE *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -.Fn d2i_X509_ATTRIBUTE -and -.Fn i2d_X509_ATTRIBUTE -decode and encode a generic ASN.1 -.Vt Attribute -structure defined in X.501 section 8.2. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Sh RETURN VALUES -.Fn d2i_X509_ATTRIBUTE -returns an -.Vt X509_ATTRIBUTE -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_X509_ATTRIBUTE -returns the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr d2i_PKCS12 3 , -.Xr d2i_PKCS8_PRIV_KEY_INFO 3 , -.Xr d2i_X509_EXTENSION 3 , -.Xr d2i_X509_REQ 3 , -.Xr X509_ATTRIBUTE_new 3 -.Sh STANDARDS -ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: Information -Technology Open Systems Interconnection The Directory: Models, -section 8.2: Overall structure -.Sh HISTORY -.Fn d2i_X509_ATTRIBUTE -and -.Fn i2d_X509_ATTRIBUTE -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_X509_CRL.3 b/src/lib/libcrypto/man/d2i_X509_CRL.3 deleted file mode 100644 index 920be4aa89..0000000000 --- a/src/lib/libcrypto/man/d2i_X509_CRL.3 +++ /dev/null @@ -1,148 +0,0 @@ -.\" $OpenBSD: d2i_X509_CRL.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_X509_CRL 3 -.Os -.Sh NAME -.Nm d2i_X509_CRL , -.Nm i2d_X509_CRL , -.Nm d2i_X509_CRL_bio , -.Nm d2i_X509_CRL_fp , -.Nm i2d_X509_CRL_bio , -.Nm i2d_X509_CRL_fp , -.Nm d2i_X509_CRL_INFO , -.Nm i2d_X509_CRL_INFO , -.Nm d2i_X509_REVOKED , -.Nm i2d_X509_REVOKED -.Nd decode and encode X.509 certificate revocation lists -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_CRL * -.Fo d2i_X509_CRL -.Fa "X509_CRL **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_CRL -.Fa "X509_CRL *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft X509_CRL * -.Fo d2i_X509_CRL_bio -.Fa "BIO *in_bio" -.Fa "X509_CRL **der_out" -.Fc -.Ft X509_CRL * -.Fo d2i_X509_CRL_fp -.Fa "FILE *in_fp" -.Fa "X509_CRL **der_out" -.Fc -.Ft int -.Fo i2d_X509_CRL_bio -.Fa "BIO *out_bio" -.Fa "X509_CRL *der_in" -.Fc -.Ft int -.Fo i2d_X509_CRL_fp -.Fa "FILE *out_fp" -.Fa "X509_CRL *der_in" -.Fc -.Ft X509_CRL_INFO * -.Fo d2i_X509_CRL_INFO -.Fa "X509_CRL_INFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_CRL_INFO -.Fa "X509_CRL_INFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft X509_REVOKED * -.Fo d2i_X509_REVOKED -.Fa "X509_REVOKED **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_REVOKED -.Fa "X509_REVOKED *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode X.509 certificate revocation lists. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_X509_CRL -and -.Fn i2d_X509_CRL -decode and encode an ASN.1 -.Vt CertificateList -structure defined in RFC 5280 section 5.1. -.Fn d2i_X509_CRL_bio , -.Fn d2i_X509_CRL_fp , -.Fn i2d_X509_CRL_bio , -and -.Fn i2d_X509_CRL_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_X509_CRL_INFO -and -.Fn i2d_X509_CRL_INFO -decode and encode an ASN.1 -.Vt TBSCertList -structure defined in RFC 5280 section 5.1. -.Pp -.Fn d2i_X509_REVOKED -and -.Fn i2d_X509_REVOKED -decode and encode an ASN.1 structure representing one element of -the revokedCertificates field of the ASN.1 -.Vt TBSCertList -structure. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr X509_CRL_new 3 , -.Xr X509_REVOKED_new 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile, -section 5: CRL and CRL Extensions Profile -.Sh HISTORY -.Fn d2i_X509_CRL , -.Fn i2d_X509_CRL , -.Fn d2i_X509_CRL_fp , -.Fn i2d_X509_CRL_fp , -.Fn d2i_X509_CRL_INFO , -.Fn i2d_X509_CRL_INFO , -.Fn d2i_X509_REVOKED , -and -.Fn i2d_X509_REVOKED -first appeared in SSLeay 0.5.1. -.Fn d2i_X509_CRL_bio -and -.Fn i2d_X509_CRL_bio -first appeared in SSLeay 0.6.0. -These functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_X509_EXTENSION.3 b/src/lib/libcrypto/man/d2i_X509_EXTENSION.3 deleted file mode 100644 index 46a680c1ba..0000000000 --- a/src/lib/libcrypto/man/d2i_X509_EXTENSION.3 +++ /dev/null @@ -1,104 +0,0 @@ -.\" $OpenBSD: d2i_X509_EXTENSION.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_X509_EXTENSION 3 -.Os -.Sh NAME -.Nm d2i_X509_EXTENSION , -.Nm i2d_X509_EXTENSION , -.Nm d2i_X509_EXTENSIONS , -.Nm i2d_X509_EXTENSIONS -.\" In the next line, the capital "E" is not a typo. -.\" The ASN.1 structure is called "Extensions", not "extensions". -.Nd decode and encode X.509 Extensions -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_EXTENSION * -.Fo d2i_X509_EXTENSION -.Fa "X509_EXTENSION **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_EXTENSION -.Fa "X509_EXTENSION *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft X509_EXTENSIONS * -.Fo d2i_X509_EXTENSIONS -.Fa "X509_EXTENSIONS **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_EXTENSIONS -.Fa "X509_EXTENSIONS *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -.Fn d2i_X509_EXTENSION -and -.Fn i2d_X509_EXTENSION -decode and encode an ASN.1 -.Vt Extension -structure defined in RFC 5280 section 4.1. -.Pp -.Fn d2i_X509_EXTENSIONS -and -.Fn i2d_X509_EXTENSIONS -decode and encode an ASN.1 -.Vt Extensions -structure defined in RFC 5280 section 4.1, -which is a SEQUENCE OF -.Vt Extension . -.Sh RETURN VALUES -.Fn d2i_X509_EXTENSION -and -.Fn d2i_X509_EXTENSIONS -return an -.Vt X509_EXTENSION -or -.Vt X509_EXTENSIONS -object, respectively, or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_X509_EXTENSION -and -.Fn i2d_X509_EXTENSIONS -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509V3_get_d2i 3 , -.Xr X509v3_get_ext_by_NID 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Sh HISTORY -.Fn d2i_X509_EXTENSION -and -.Fn i2d_X509_EXTENSION -first appeared in SSLeay 0.6.2 and have been available since -.Ox 2.4 . -.Pp -.Fn d2i_X509_EXTENSIONS -and -.Fn i2d_X509_EXTENSIONS -first appeared in OpenSSL 0.9.8h and have been available since -.Ox 4.5 . diff --git a/src/lib/libcrypto/man/d2i_X509_NAME.3 b/src/lib/libcrypto/man/d2i_X509_NAME.3 deleted file mode 100644 index 6e3e4a7f69..0000000000 --- a/src/lib/libcrypto/man/d2i_X509_NAME.3 +++ /dev/null @@ -1,213 +0,0 @@ -.\" $OpenBSD: d2i_X509_NAME.3,v 1.16 2021/07/20 17:31:32 schwarze Exp $ -.\" checked up to: -.\" OpenSSL crypto/d2i_X509_NAME 4692340e Jun 7 15:49:08 2016 -0400 and -.\" OpenSSL man3/X509_NAME_get0_der 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" Copyright (c) 2016, 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 20 2021 $ -.Dt D2I_X509_NAME 3 -.Os -.Sh NAME -.Nm d2i_X509_NAME , -.Nm i2d_X509_NAME , -.Nm X509_NAME_get0_der , -.Nm X509_NAME_dup , -.Nm X509_NAME_set , -.Nm d2i_X509_NAME_ENTRY , -.Nm i2d_X509_NAME_ENTRY , -.Nm X509_NAME_ENTRY_dup -.\" In the following line, "X.501" and "Name" are not typos. -.\" The "Name" type is defined in X.501, not in X.509. -.\" The type is called "Name" with capital "N", not "name". -.Nd decode and encode X.501 Name objects -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_NAME * -.Fo d2i_X509_NAME -.Fa "X509_NAME **val_out" -.Fa "unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_NAME -.Fa "X509_NAME *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft int -.Fo X509_NAME_get0_der -.Fa "X509_NAME *val_in" -.Fa "const unsigned char **der_out" -.Fa "size_t *out_len" -.Fc -.Ft X509_NAME * -.Fo X509_NAME_dup -.Fa "X509_NAME *val_in" -.Fc -.Ft int -.Fo X509_NAME_set -.Fa "X509_NAME **val_out" -.Fa "X509_NAME *val_in" -.Fc -.Ft X509_NAME_ENTRY * -.Fo d2i_X509_NAME_ENTRY -.Fa "X509_NAME_ENTRY **val_out" -.Fa "unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_NAME_ENTRY -.Fa "X509_NAME_ENTRY *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft X509_NAME_ENTRY * -.Fo X509_NAME_ENTRY_dup -.Fa "X509_NAME_ENTRY *val_in" -.Fc -.Sh DESCRIPTION -These functions decode and encode X.501 -.Vt Name -objects using DER format. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_X509_NAME -and -.Fn i2d_X509_NAME -decode and encode an ASN.1 -.Vt Name -structure defined in RFC 5280 section 4.1.2.4. -.Pp -.Fn X509_NAME_get0_der -is a variant of -.Fn i2d_X509_NAME -that does not copy the encoded output but instead returns a pointer -to the internally cached DER-encoded version of the name. -Also, it does not return the length of the output in bytes, -but instead stores it in -.Fa out_len . -If the cached encoded form happens to be out of date, both functions -update it before copying it or returning a pointer to it. -.Pp -.Fn X509_NAME_dup -copies -.Fa val_in -by calling -.Fn i2d_X509_NAME -and -.Fn d2i_X509_NAME . -.Pp -.Fn X509_NAME_set -makes sure that -.Pf * Fa val_out -contains the same data as -.Fa val_in -after the call, except that it fails if -.Fa val_in -is -.Dv NULL . -If -.Pf * Fa val_out -is the same pointer as -.Fa val_in , -the function succeeds without changing anything. -Otherwise, it copies -.Fa val_in -using -.Fn X509_NAME_dup , -and in case of success, it frees -.Pf * Fa val_out -and sets it to a pointer to the the new object. -When the function fails, it never changes anything. -In any case, -.Fa val_in -remains valid and may or may not be the same pointer as -.Pf * Fa val_out -after the call. -.Pp -.Fn d2i_X509_NAME_ENTRY -and -.Fn i2d_X509_NAME_ENTRY -decode and encode an ASN.1 -.Vt RelativeDistinguishedName -structure defined in RFC 5280 section 4.1.2.4. -.Pp -.Fn X509_NAME_ENTRY_dup -copies -.Fa val_in -by calling -.Fn i2d_X509_NAME_ENTRY -and -.Fn d2i_X509_NAME_ENTRY . -.Sh RETURN VALUES -.Fn d2i_X509_NAME -and -.Fn X509_NAME_dup -return the new -.Vt X509_NAME -object or -.Dv NULL -if an error occurs. -.Pp -.Fn X509_NAME_set -and -.Fn X509_NAME_get0_der -return 1 on success or 0 if an error occurs. -.Pp -.Fn d2i_X509_NAME_ENTRY -and -.Fn X509_NAME_ENTRY_dup -return the new -.Vt X509_NAME_ENTRY -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_X509_NAME -and -.Fn i2d_X509_NAME_ENTRY -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr X509_NAME_ENTRY_new 3 , -.Xr X509_NAME_new 3 , -.Xr X509_NAME_print_ex 3 -.Sh STANDARDS -RFC 5280: Internet X.509 Public Key Infrastructure Certificate and -Certificate Revocation List (CRL) Profile -.Pp -ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: -Information technology - ASN.1 encoding rules: -Specification of Basic Encoding Rules (BER), Canonical Encoding -Rules (CER) and Distinguished Encoding Rules (DER). -.Sh HISTORY -.Fn X509_NAME_dup -first appeared in SSLeay 0.4.4. -.Fn d2i_X509_NAME , -.Fn i2d_X509_NAME , -.Fn d2i_X509_NAME_ENTRY , -.Fn i2d_X509_NAME_ENTRY , -and -.Fn X509_NAME_ENTRY_dup -first appeared in SSLeay 0.5.1. -.Fn X509_NAME_set -first appeared in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn X509_NAME_get0_der -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.3 . diff --git a/src/lib/libcrypto/man/d2i_X509_REQ.3 b/src/lib/libcrypto/man/d2i_X509_REQ.3 deleted file mode 100644 index 95785a2d25..0000000000 --- a/src/lib/libcrypto/man/d2i_X509_REQ.3 +++ /dev/null @@ -1,151 +0,0 @@ -.\" $OpenBSD: d2i_X509_REQ.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_X509_REQ 3 -.Os -.Sh NAME -.Nm d2i_X509_REQ , -.Nm i2d_X509_REQ , -.Nm d2i_X509_REQ_bio , -.Nm d2i_X509_REQ_fp , -.Nm i2d_X509_REQ_bio , -.Nm i2d_X509_REQ_fp , -.Nm d2i_X509_REQ_INFO , -.Nm i2d_X509_REQ_INFO -.Nd decode and encode PKCS#10 certification requests -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_REQ * -.Fo d2i_X509_REQ -.Fa "X509_REQ **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_REQ -.Fa "X509_REQ *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft X509_REQ * -.Fo d2i_X509_REQ_bio -.Fa "BIO *in_bio" -.Fa "X509_REQ **val_out" -.Fc -.Ft X509_REQ * -.Fo d2i_X509_REQ_fp -.Fa "FILE *in_fp" -.Fa "X509_REQ **val_out" -.Fc -.Ft int -.Fo i2d_X509_REQ_bio -.Fa "BIO *out_bio" -.Fa "X509_REQ *val_in" -.Fc -.Ft int -.Fo i2d_X509_REQ_fp -.Fa "FILE *out_fp" -.Fa "X509_REQ *val_in" -.Fc -.Ft X509_REQ_INFO * -.Fo d2i_X509_REQ_INFO -.Fa "X509_REQ_INFO **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_REQ_INFO -.Fa "X509_REQ_INFO *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -These functions decode and encode PKCS#10 certification requests. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_X509_REQ -and -.Fn i2d_X509_REQ -decode and encode an ASN.1 -.Vt CertificationRequest -structure defined in RFC 2986 section 4.2. -.Fn d2i_X509_REQ_bio , -.Fn d2i_X509_REQ_fp , -.Fn i2d_X509_REQ_bio , -and -.Fn i2d_X509_REQ_fp -are similar except that they decode or encode using a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn d2i_X509_REQ_INFO -and -.Fn i2d_X509_REQ_INFO -decode and encode an ASN.1 -.Vt CertificationRequestInfo -structure defined in RFC 2986 section 4.1. -.Sh RETURN VALUES -.Fn d2i_X509_REQ , -.Fn d2i_X509_REQ_bio , -and -.Fn d2i_X509_REQ_fp -return an -.Vt X509_REQ -object or -.Dv NULL -if an error occurs. -.Pp -.Fn d2i_X509_REQ_INFO -returns an -.Vt X509_REQ_INFO -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_X509_REQ -and -.Fn i2d_X509_REQ_INFO -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Pp -.Fn i2d_X509_REQ_bio -and -.Fn i2d_X509_REQ_fp -return 1 for success or 0 if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr PEM_read_X509_REQ 3 , -.Xr X509_REQ_new 3 -.Sh STANDARDS -RFC 2986: PKCS #10: Certification Request Syntax Specification -.Sh HISTORY -.Fn d2i_X509_REQ , -.Fn i2d_X509_REQ , -.Fn d2i_X509_REQ_fp , -.Fn i2d_X509_REQ_fp , -.Fn d2i_X509_REQ_INFO , -and -.Fn i2d_X509_REQ_INFO -first appeared in SSLeay 0.5.1. -.Fn d2i_X509_REQ_bio -and -.Fn i2d_X509_REQ_bio -first appeared in SSLeay 0.6.0. -These functions have been available since -.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_X509_SIG.3 b/src/lib/libcrypto/man/d2i_X509_SIG.3 deleted file mode 100644 index fddeed79b3..0000000000 --- a/src/lib/libcrypto/man/d2i_X509_SIG.3 +++ /dev/null @@ -1,159 +0,0 @@ -.\" $OpenBSD: d2i_X509_SIG.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 27 2018 $ -.Dt D2I_X509_SIG 3 -.Os -.Sh NAME -.Nm d2i_X509_SIG , -.Nm i2d_X509_SIG , -.Nm d2i_PKCS8_bio , -.Nm i2d_PKCS8_bio , -.Nm d2i_PKCS8_fp , -.Nm i2d_PKCS8_fp -.\" In the next line, the number "7" is not a typo. -.\" These functions are misnamed. -.Nd decode and encode PKCS#7 digest information -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_SIG * -.Fo d2i_X509_SIG -.Fa "X509_SIG **val_out" -.Fa "unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_X509_SIG -.Fa "X509_SIG *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft X509_SIG * -.Fo d2i_PKCS8_bio -.Fa "BIO *in_bio" -.Fa "X509_SIG **val_out" -.Fc -.Ft int -.Fo i2d_PKCS8_bio -.Fa "BIO *out_bio" -.Fa "X509_SIG *val_in" -.Fc -.Ft X509_SIG * -.Fo d2i_PKCS8_fp -.Fa "FILE *in_fp" -.Fa "X509_SIG **val_out" -.Fc -.Ft int -.Fo i2d_PKCS8_fp -.Fa "FILE *out_fp" -.Fa "X509_SIG *val_in" -.Fc -.Sh DESCRIPTION -.Fn d2i_X509_SIG -and -.Fn i2d_X509_SIG -decode and encode an ASN.1 -.Vt DigestInfo -structure defined in RFC 2315 section 9.4 -and equivalently in RFC 8017 section 9.2. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Pp -.Fn d2i_PKCS8_bio -and -.Fn d2i_PKCS8_fp -are similar to -.Fn d2i_X509_SIG -except that they read from a -.Vt BIO -or -.Vt FILE -pointer. -.Pp -.Fn i2d_PKCS8_bio -and -.Fn i2d_PKCS8_fp -are similar to -.Fn i2d_X509_SIG -except that they write to a -.Vt BIO -or -.Vt FILE -pointer. -.Sh RETURN VALUES -.Fn d2i_X509_SIG , -.Fn d2i_PKCS8_bio , -and -.Fn d2i_PKCS8_fp -return a -.Vt X509_SIG -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_X509_SIG -returns the number of bytes successfully encoded or a negative value -if an error occurs. -.Pp -.Fn i2d_PKCS8_bio -and -.Fn i2d_PKCS8_fp -return 1 for success or 0 if an error occurs. -.Sh SEE ALSO -.Xr ASN1_item_d2i 3 , -.Xr PKCS7_new 3 , -.Xr RSA_sign 3 , -.Xr X509_SIG_new 3 -.Sh STANDARDS -RFC 2315: PKCS #7: Cryptographic Message Syntax, -section 9: Signed-data content type -.Pp -RFC 8017: PKCS #1: RSA Cryptography Specifications, -section 9: Encoding Methods for Signatures -.Sh HISTORY -.Fn d2i_X509_SIG -and -.Fn i2d_X509_SIG -first appeared in SSLeay 0.5.1 and have been available since -.Ox 2.4 . -.Pp -.Fn d2i_PKCS8_bio , -.Fn i2d_PKCS8_bio , -.Fn d2i_PKCS8_fp , -and -.Fn i2d_PKCS8_fp -first appeared in OpenSSL 0.9.4 and have been available since -.Ox 2.6 . -.Sh BUGS -.Fn d2i_PKCS8_bio , -.Fn i2d_PKCS8_bio , -.Fn d2i_PKCS8_fp , -and -.Fn i2d_PKCS8_fp -are severely misnamed and should have been called -.Dq d2i_X509_SIG_bio -and so on. -.Pp -Or arguably, the -.Vt X509_SIG -object is misnamed itself, considering that it represents -.Vt DigestInfo -from PKCS#7 and PKCS#1. -Then again, calling it -.Dq PKCS8 -instead clearly isn't an improvement. -.Pp -Either way, these names just don't fit. diff --git a/src/lib/libcrypto/man/des_read_pw.3 b/src/lib/libcrypto/man/des_read_pw.3 deleted file mode 100644 index 30ae099dc6..0000000000 --- a/src/lib/libcrypto/man/des_read_pw.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" $OpenBSD: des_read_pw.3,v 1.10 2020/06/19 17:17:13 schwarze Exp $ -.\" OpenSSL doc/crypto/ui_compat.pod May 14 11:28:00 2006 +0000 -.\" OpenSSL doc/crypto/des.pod 2a9aca32 Oct 25 08:44:10 2001 +0000 -.\" -.\" This file was written by Ulf Moeller and -.\" Richard Levitte . -.\" Copyright (c) 2000, 2001 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 19 2020 $ -.Dt DES_READ_PW 3 -.Os -.Sh NAME -.Nm des_read_pw , -.Nm des_read_pw_string , -.Nm EVP_read_pw_string , -.Nm EVP_read_pw_string_min -.Nd compatibility user interface functions -.Sh SYNOPSIS -.In openssl/ui_compat.h -.Ft int -.Fo des_read_pw -.Fa "char *buf" -.Fa "char *buff" -.Fa "int length" -.Fa "const char *prompt" -.Fa "int verify" -.Fc -.Ft int -.Fo des_read_pw_string -.Fa "char *buf" -.Fa "int length" -.Fa "const char *prompt" -.Fa "int verify" -.Fc -.In openssl/evp.h -.Ft int -.Fo EVP_read_pw_string -.Fa "char *buf" -.Fa "int length" -.Fa "const char *prompt" -.Fa "int verify" -.Fc -.Ft int -.Fo EVP_read_pw_string_min -.Fa "char *buf" -.Fa "int min_length" -.Fa "int length" -.Fa "const char *prompt" -.Fa "int verify" -.Fc -.Sh DESCRIPTION -These functions are deprecated. -Use -.Xr UI_UTIL_read_pw 3 -instead. -.Pp -The DES library contained a few routines to prompt for passwords. -These aren't necessarily dependent on DES, and have therefore become -part of the UI compatibility library. -.Pp -.Fn des_read_pw -writes the string specified by -.Fa prompt -to standard output, turns echo off, and reads an input string from the -terminal. -The string is returned in -.Fa buf , -which must have space for at least -.Fa length -bytes. -If -.Fa verify -is set, the user is asked for the password twice and unless the two -copies match, an error is returned. -The second password is stored in -.Fa buff , -which must therefore also be at least -.Fa length -bytes. -.Pp -.Fn des_read_pw_string -is a variant of -.Fn des_read_pw -that provides a buffer if -.Fa verify -is set. -It is available in the MIT Kerberos library as well. -If -.Fa length -exceeds -.Dv BUFSIZ , -.Fn des_read_pw_string -uses -.Dv BUFSIZ . -.Pp -.Fn EVP_read_pw_string -and -.Fn EVP_read_pw_string_min -are functionally similar to -.Fn des_read_pw_string . -.Fn EVP_read_pw_string_min -additionally checks that the password is at least -.Fa min_length -bytes long. -.Sh RETURN VALUES -These functions return 0 on success and a negative value on failure. -.Pp -They return -1 if -.Fa length -is less than or equal to zero or on memory allocation failure. -They return -1 or -2 if the internal call to -.Xr UI_process 3 -fails. -.Pp -In addition, -.Fa EVP_read_pw_string_min -returns -1 if -.Fa min_length -is negative, if -.Fa length -is less than or equal to -.Fa min_length , -or if the user entered a password shorter than -.Fa min_length . -.Sh SEE ALSO -.Xr UI_new 3 , -.Xr UI_UTIL_read_pw 3 -.Sh HISTORY -.Fn des_read_pw_string -appeared in SSLeay 0.4 or earlier. -.Fn EVP_read_pw_string -first appeared in SSLeay 0.5.1. -.Fn des_read_pw -first appeared in SSLeay 0.8.0. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn EVP_read_pw_string_min -first appeared in OpenSSL 1.0.0 -and has been available since -.Ox 4.9 . -.Sh AUTHORS -.An Richard Levitte Aq Mt richard@levitte.org -for the OpenSSL project. diff --git a/src/lib/libcrypto/man/evp.3 b/src/lib/libcrypto/man/evp.3 deleted file mode 100644 index dad999fc19..0000000000 --- a/src/lib/libcrypto/man/evp.3 +++ /dev/null @@ -1,212 +0,0 @@ -.\" $OpenBSD: evp.3,v 1.14 2019/08/25 17:08:20 schwarze Exp $ -.\" OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100 -.\" -.\" This file was written by Ulf Moeller , -.\" Matt Caswell , Geoff Thorpe , -.\" and Dr. Stephen Henson . -.\" Copyright (c) 2000, 2002, 2006, 2013, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: August 25 2019 $ -.Dt EVP 3 -.Os -.Sh NAME -.Nm evp -.Nd high level cryptographic functions -.Sh SYNOPSIS -.In openssl/evp.h -.Sh DESCRIPTION -The EVP library provides a high level interface to cryptographic -functions. -.Pp -.Xr EVP_SealInit 3 -and -.Xr EVP_OpenInit 3 -provide public key encryption and decryption to implement digital -"envelopes". -.Pp -The -.Xr EVP_DigestSignInit 3 -and -.Xr EVP_DigestVerifyInit 3 -functions implement digital signatures and Message Authentication Codes -(MACs). -Also see the older -.Xr EVP_SignInit 3 -and -.Xr EVP_VerifyInit 3 -functions. -.Pp -Symmetric encryption is available with the -.Xr EVP_EncryptInit 3 -functions. -The -.Xr EVP_DigestInit 3 -functions provide message digests. -.Pp -Authenticated encryption with additional data (AEAD) is available with -the -.Xr EVP_AEAD_CTX_init 3 -functions. -.Pp -The -.Fn EVP_PKEY_* -functions provide a high level interface to asymmetric algorithms. -To create a new -.Vt EVP_PKEY , -see -.Xr EVP_PKEY_new 3 . -.Vt EVP_PKEY Ns s -can be associated with a private key of a particular algorithm -by using the functions described in the -.Xr EVP_PKEY_set1_RSA 3 -page, or new keys can be generated using -.Xr EVP_PKEY_keygen 3 . -.Vt EVP_PKEY Ns s -can be compared using -.Xr EVP_PKEY_cmp 3 -or printed using -.Xr EVP_PKEY_print_private 3 . -.Pp -The -.Fn EVP_PKEY_* -functions support the full range of asymmetric algorithm operations: -.Bl -bullet -.It -For key agreement, see -.Xr EVP_PKEY_derive 3 . -.It -For signing and verifying, see -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 , -and -.Xr EVP_PKEY_verify_recover 3 . -However, note that these functions do not perform a digest of the -data to be signed. -Therefore normally you would use the -.Xr EVP_DigestSignInit 3 -functions for this purpose. -.It -For encryption and decryption see -.Xr EVP_PKEY_encrypt 3 -and -.Xr EVP_PKEY_decrypt 3 , -respectively. -However, note that these functions perform encryption and decryption only. -As public key encryption is an expensive operation, normally you -would wrap an encrypted message in a digital envelope using the -.Xr EVP_SealInit 3 -and -.Xr EVP_OpenInit 3 -functions. -.El -.Pp -The -.Xr EVP_BytesToKey 3 -function provides some limited support for password based encryption. -Careful selection of the parameters will provide a PKCS#5 PBKDF1 -compatible implementation. -However, new applications should typically not use this (preferring, for -example, PBKDF2 from PCKS#5). -.Pp -The -.Xr EVP_EncodeInit 3 -family of functions provides base64 encoding and decoding. -.Pp -All the symmetric algorithms (ciphers), digests and asymmetric -algorithms (public key algorithms) can be replaced by -.Vt ENGINE -modules providing alternative implementations; see -.Xr ENGINE_register_RSA 3 -and the related manual pages for more information. -If -.Vt ENGINE -implementations of ciphers or digests are registered as defaults, -then the various EVP functions will automatically use those -implementations in preference to built in software implementations. -.Pp -Although low level algorithm specific functions exist for many -algorithms, their use is discouraged. -They cannot be used with an -.Vt ENGINE , -and -.Vt ENGINE -versions of new algorithms cannot be accessed using the low level -functions. -Using them also makes code harder to adapt to new algorithms, some -options are not cleanly supported at the low level, and some -operations are more efficient using the high level interfaces. -.Sh SEE ALSO -.Xr crypto 3 , -.Xr ENGINE_register_RSA 3 , -.Xr EVP_AEAD_CTX_init 3 , -.Xr EVP_aes_128_cbc 3 , -.Xr EVP_BytesToKey 3 , -.Xr EVP_camellia_128_cbc 3 , -.Xr EVP_des_cbc 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_DigestSignInit 3 , -.Xr EVP_EncodeInit 3 , -.Xr EVP_EncryptInit 3 , -.Xr EVP_OpenInit 3 , -.Xr EVP_PKEY_decrypt 3 , -.Xr EVP_PKEY_derive 3 , -.Xr EVP_PKEY_encrypt 3 , -.Xr EVP_PKEY_keygen 3 , -.Xr EVP_PKEY_new 3 , -.Xr EVP_PKEY_print_private 3 , -.Xr EVP_PKEY_set1_RSA 3 , -.Xr EVP_PKEY_sign 3 , -.Xr EVP_PKEY_verify 3 , -.Xr EVP_PKEY_verify_recover 3 , -.Xr EVP_rc4 3 , -.Xr EVP_SealInit 3 , -.Xr EVP_SignInit 3 , -.Xr EVP_sm3 3 , -.Xr EVP_sm4_cbc 3 , -.Xr EVP_VerifyInit 3 , -.Xr EVP_whirlpool 3 diff --git a/src/lib/libcrypto/man/get_rfc3526_prime_8192.3 b/src/lib/libcrypto/man/get_rfc3526_prime_8192.3 deleted file mode 100644 index b26e28be9a..0000000000 --- a/src/lib/libcrypto/man/get_rfc3526_prime_8192.3 +++ /dev/null @@ -1,178 +0,0 @@ -.\" $OpenBSD: get_rfc3526_prime_8192.3,v 1.4 2018/03/23 23:18:17 schwarze Exp $ -.\" checked up to: OpenSSL DH_get_1024_160 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" -.\" Copyright (c) 2017 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 23 2018 $ -.Dt GET_RFC3526_PRIME_8192 3 -.Os -.Sh NAME -.Nm get_rfc2409_prime_768 , -.Nm get_rfc2409_prime_1024 , -.Nm get_rfc3526_prime_1536 , -.Nm get_rfc3526_prime_2048 , -.Nm get_rfc3526_prime_3072 , -.Nm get_rfc3526_prime_4096 , -.Nm get_rfc3526_prime_6144 , -.Nm get_rfc3526_prime_8192 , -.Nm BN_get_rfc2409_prime_768 , -.Nm BN_get_rfc2409_prime_1024 , -.Nm BN_get_rfc3526_prime_2048 , -.Nm BN_get_rfc3526_prime_3072 , -.Nm BN_get_rfc3526_prime_4096 , -.Nm BN_get_rfc3526_prime_6144 , -.Nm BN_get_rfc3526_prime_8192 -.Nd standard moduli for Diffie-Hellmann key exchange -.Sh SYNOPSIS -.In openssl/bn.h -.Ft BIGNUM * -.Fn get_rfc2409_prime_768 "BIGNUM *bn" -.Ft BIGNUM * -.Fn get_rfc2409_prime_1024 "BIGNUM *bn" -.Ft BIGNUM * -.Fn get_rfc3526_prime_1536 "BIGNUM *bn" -.Ft BIGNUM * -.Fn get_rfc3526_prime_2048 "BIGNUM *bn" -.Ft BIGNUM * -.Fn get_rfc3526_prime_3072 "BIGNUM *bn" -.Ft BIGNUM * -.Fn get_rfc3526_prime_4096 "BIGNUM *bn" -.Ft BIGNUM * -.Fn get_rfc3526_prime_6144 "BIGNUM *bn" -.Ft BIGNUM * -.Fn get_rfc3526_prime_8192 "BIGNUM *bn" -.Ft BIGNUM * -.Fn BN_get_rfc2409_prime_768 "BIGNUM *bn" -.Ft BIGNUM * -.Fn BN_get_rfc2409_prime_1024 "BIGNUM *bn" -.Ft BIGNUM * -.Fn BN_get_rfc3526_prime_1536 "BIGNUM *bn" -.Ft BIGNUM * -.Fn BN_get_rfc3526_prime_2048 "BIGNUM *bn" -.Ft BIGNUM * -.Fn BN_get_rfc3526_prime_3072 "BIGNUM *bn" -.Ft BIGNUM * -.Fn BN_get_rfc3526_prime_4096 "BIGNUM *bn" -.Ft BIGNUM * -.Fn BN_get_rfc3526_prime_6144 "BIGNUM *bn" -.Ft BIGNUM * -.Fn BN_get_rfc3526_prime_8192 "BIGNUM *bn" -.Sh DESCRIPTION -Each of these functions returns one specific constant Sophie Germain -prime number -.Fa p . -The names with the prefix -.Sq BN_ -are aliases for the names without that prefix. -.Pp -If -.Fa bn -is -.Dv NULL , -a new -.Vt BIGNUM -object is created and returned. -Otherwise, the number is stored in -.Pf * Fa bn -and -.Fa bn -is returned. -.Pp -All these numbers are of the form -.Pp -.EQ -p = 2 sup s - 2 sup left ( s - 64 right ) - 1 + 2 sup 64 * -left { left [ 2 sup left ( s - 130 right ) pi right ] + offset right } -delim $$ -.EN -.Pp -where -.Ar s -is the size of the binary representation of the number in bits -and appears at the end of the function names. -As long as the offset is sufficiently small, the above form assures -that the top and bottom 64 bits of each number are all 1. -.Pp -The offsets are defined in the standards as follows: -.Bl -column 16n 8n -offset indent -.It size Ar s Ta Ar offset -.It Ta -.It \ 768 = 3 * 2^8 Ta 149686 -.It 1024 = 2 * 2^9 Ta 129093 -.It 1536 = 3 * 2^9 Ta 741804 -.It 2048 = 2 * 2^10 Ta 124476 -.It 3072 = 3 * 2^10 Ta 1690314 -.It 4096 = 2 * 2^11 Ta 240904 -.It 6144 = 3 * 2^11 Ta 929484 -.It 8192 = 2 * 2^12 Ta 4743158 -.El -.Pp -For each of these prime numbers, the finite group of natural numbers -smaller than -.Fa p , -where the group operation is defined as multiplication modulo -.Fa p , -is used for Diffie-Hellmann key exchange. -The first two of these groups are called the First Oakley Group and -the Second Oakley Group. -Obiviously, all these groups are cyclic groups of order -.Fa p , -respectively, and the numbers returned by these functions are not -secrets. -.Sh RETURN VALUES -If memory allocation fails, these functions return -.Dv NULL . -That can happen even if -.Fa bn -is not -.Dv NULL . -.Sh SEE ALSO -.Xr BN_mod_exp 3 , -.Xr BN_new 3 , -.Xr BN_set_flags 3 , -.Xr DH_new 3 -.Sh STANDARDS -RFC 2409, "The Internet Key Exchange (IKE)", defines the Oakley Groups. -.Pp -RFC 2412, "The OAKLEY Key Determination Protocol", contains additional -information about these numbers. -.Pp -RFC 3526, "More Modular Exponential (MODP) Diffie-Hellman groups -for Internet Key Exchange (IKE)", defines the other six numbers. -.Sh HISTORY -.Fn get_rfc2409_prime_768 , -.Fn get_rfc2409_prime_1024 , -.Fn get_rfc3526_prime_1536 , -.Fn get_rfc3526_prime_2048 , -.Fn get_rfc3526_prime_3072 , -.Fn get_rfc3526_prime_4096 , -.Fn get_rfc3526_prime_6144 , -and -.Fn get_rfc3526_prime_8192 -first appeared in OpenSSL 0.9.8a and have been available since -.Ox 4.5 . -.Pp -The -.Sy BN_ -aliases first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.3 . -.Sh CAVEATS -As all the memory needed for storing the numbers is dynamically -allocated, the -.Dv BN_FLG_STATIC_DATA -flag is not set on the returned -.Vt BIGNUM -objects. -So be careful to not change the returned numbers. diff --git a/src/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/src/lib/libcrypto/man/i2d_CMS_bio_stream.3 deleted file mode 100644 index efb8902faf..0000000000 --- a/src/lib/libcrypto/man/i2d_CMS_bio_stream.3 +++ /dev/null @@ -1,95 +0,0 @@ -.\" $OpenBSD: i2d_CMS_bio_stream.3,v 1.4 2019/11/02 15:39:46 schwarze Exp $ -.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 2 2019 $ -.Dt I2D_CMS_BIO_STREAM 3 -.Os -.Sh NAME -.Nm i2d_CMS_bio_stream -.Nd output CMS_ContentInfo structure in BER format -.Sh SYNOPSIS -.In openssl/cms.h -.Ft int -.Fo i2d_CMS_bio_stream -.Fa "BIO *out" -.Fa "CMS_ContentInfo *cms" -.Fa "BIO *data" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn i2d_CMS_bio_stream -outputs a -.Vt CMS_ContentInfo -structure in BER format. -.Pp -It is otherwise identical to the function -.Xr SMIME_write_CMS 3 . -.Pp -This function is effectively a version of -.Xr i2d_CMS_bio 3 -supporting streaming. -.Sh RETURN VALUES -.Fn i2d_CMS_bio_stream -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr CMS_ContentInfo_new 3 , -.Xr CMS_encrypt 3 , -.Xr CMS_sign 3 , -.Xr ERR_get_error 3 , -.Xr PEM_write_bio_CMS_stream 3 , -.Xr SMIME_write_CMS 3 -.Sh HISTORY -.Fn i2d_CMS_bio_stream -first appeared in OpenSSL 1.0.0 -and has been available since -.Ox 6.7 . -.Sh BUGS -The prefix "i2d" is arguably wrong because the function outputs BER -format. diff --git a/src/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/src/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 deleted file mode 100644 index 3d5df72b3f..0000000000 --- a/src/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 +++ /dev/null @@ -1,94 +0,0 @@ -.\" $OpenBSD: i2d_PKCS7_bio_stream.3,v 1.8 2020/06/03 13:41:27 schwarze Exp $ -.\" OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2007, 2008, 2009, 2013 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 3 2020 $ -.Dt I2D_PKCS7_BIO_STREAM 3 -.Os -.Sh NAME -.Nm i2d_PKCS7_bio_stream -.Nd output PKCS7 structure in BER format -.Sh SYNOPSIS -.In openssl/pkcs7.h -.Ft int -.Fo i2d_PKCS7_bio_stream -.Fa "BIO *out" -.Fa "PKCS7 *p7" -.Fa "BIO *data" -.Fa "int flags" -.Fc -.Sh DESCRIPTION -.Fn i2d_PKCS7_bio_stream -outputs a -.Vt PKCS7 -structure in BER format. -It is otherwise identical to the function -.Xr SMIME_write_PKCS7 3 . -This function is effectively a version of -.Xr d2i_PKCS7_bio 3 -supporting streaming. -.Sh RETURN VALUES -.Fn i2d_PKCS7_bio_stream -returns 1 for success or 0 for failure. -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr ERR_get_error 3 , -.Xr PEM_write_bio_PKCS7_stream 3 , -.Xr PEM_write_PKCS7 3 , -.Xr PKCS7_final 3 , -.Xr PKCS7_new 3 , -.Xr SMIME_write_PKCS7 3 -.Sh HISTORY -.Fn i2d_PKCS7_bio_stream -first appeared in OpenSSL 1.0.0 and has been available since -.Ox 4.9 . -.Sh BUGS -The prefix "i2d" is arguably wrong because the function outputs BER -format. diff --git a/src/lib/libcrypto/man/lh_new.3 b/src/lib/libcrypto/man/lh_new.3 deleted file mode 100644 index 1c37347ef6..0000000000 --- a/src/lib/libcrypto/man/lh_new.3 +++ /dev/null @@ -1,554 +0,0 @@ -.\" $OpenBSD: lh_new.3,v 1.7 2020/03/28 22:40:58 schwarze Exp $ -.\" OpenSSL 1bc74519 May 20 08:11:46 2016 -0400 -.\" -.\" -------------------------------------------------------------------------- -.\" Major patches to this file were contributed by -.\" Ulf Moeller , Geoff Thorpe , -.\" and Ben Laurie . -.\" -------------------------------------------------------------------------- -.\" Copyright (c) 2000, 2001, 2002, 2008, 2009 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" -------------------------------------------------------------------------- -.\" Parts of this file are derived from SSLeay documentation, -.\" which is covered by the following Copyright and license: -.\" -------------------------------------------------------------------------- -.\" -.\" Copyright (C) 1995-1998 Tim Hudson (tjh@cryptsoft.com) -.\" All rights reserved. -.\" -.\" This package is an SSL implementation written -.\" by Eric Young (eay@cryptsoft.com). -.\" The implementation was written so as to conform with Netscapes SSL. -.\" -.\" This library is free for commercial and non-commercial use as long as -.\" the following conditions are aheared to. The following conditions -.\" apply to all code found in this distribution, be it the RC4, RSA, -.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation -.\" included with this distribution is covered by the same copyright terms -.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). -.\" -.\" Copyright remains Eric Young's, and as such any Copyright notices in -.\" the code are not to be removed. -.\" If this package is used in a product, Eric Young should be given -.\" attribution as the author of the parts of the library used. -.\" This can be in the form of a textual message at program startup or -.\" in documentation (online or textual) provided with the package. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" "This product includes cryptographic software written by -.\" Eric Young (eay@cryptsoft.com)" -.\" The word 'cryptographic' can be left out if the rouines from the -.\" library being used are not cryptographic related :-). -.\" 4. If you include any Windows specific code (or a derivative thereof) -.\" from the apps directory (application code) you must include an -.\" acknowledgement: "This product includes software written by -.\" Tim Hudson (tjh@cryptsoft.com)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" The licence and distribution terms for any publically available version or -.\" derivative of this code cannot be changed. i.e. this code cannot simply be -.\" copied and put under another distribution licence -.\" [including the GNU Public Licence.] -.\" -.Dd $Mdocdate: March 28 2020 $ -.Dt LH_NEW 3 -.Os -.Sh NAME -.Nm lh_new , -.Nm lh_free , -.Nm lh_insert , -.Nm lh_delete , -.Nm lh_retrieve , -.Nm lh_doall , -.Nm lh_doall_arg , -.Nm lh_error -.Nd dynamic hash table -.Sh SYNOPSIS -.In openssl/lhash.h -.Fn DECLARE_LHASH_OF -.Ft LHASH * -.Fn lh__new void -.Ft void -.Fo lh__free -.Fa "LHASH_OF() *table" -.Fc -.Ft * -.Fo lh__insert -.Fa "LHASH_OF() *table" -.Fa " *data" -.Fc -.Ft * -.Fo lh__delete -.Fa "LHASH_OF() *table" -.Fa " *data" -.Fc -.Ft * -.Fo lh__retrieve -.Fa "LHASH_OF) *table" -.Fa " *data" -.Fc -.Ft void -.Fo lh__doall -.Fa "LHASH_OF() *table" -.Fa "LHASH_DOALL_FN_TYPE func" -.Fc -.Ft void -.Fo lh__doall_arg -.Fa "LHASH_OF() *table" -.Fa "LHASH_DOALL_ARG_FN_TYPE func" -.Fa "" -.Fa " *arg" -.Fc -.Ft int -.Fo lh__error -.Fa "LHASH_OF() *table" -.Fc -.Ft typedef int -.Fo (*LHASH_COMP_FN_TYPE) -.Fa "const void *" -.Fa "const void *" -.Fc -.Ft typedef unsigned long -.Fo (*LHASH_HASH_FN_TYPE) -.Fa "const void *" -.Fc -.Ft typedef void -.Fo (*LHASH_DOALL_FN_TYPE) -.Fa "const void *" -.Fc -.Ft typedef void -.Fo (*LHASH_DOALL_ARG_FN_TYPE) -.Fa "const void *" -.Fa "const void *" -.Fc -.Sh DESCRIPTION -This library implements type-checked dynamic hash tables. -The hash table entries can be arbitrary structures. -Usually they consist of key and value fields. -.Pp -.Fn lh__new -creates a new -.Vt LHASH_OF() -structure to store arbitrary data entries, and provides the hash and -compare callbacks to be used in organising the table's entries. -The hash callback takes a pointer to a table entry as its argument -and returns an unsigned long hash value for its key field. -The hash value is normally truncated to a power of 2, so make sure that -your hash function returns well mixed low order bits. -The compare callback takes two arguments (pointers to two hash table -entries), and returns 0 if their keys are equal, non-zero otherwise. -If your hash table will contain items of some particular type and the -hash and compare callbacks hash and compare these types, then the -.Fn DECLARE_LHASH_HASH_FN -and -.Fn IMPLEMENT_LHASH_COMP_FN -macros can be used to create callback wrappers of the prototypes -required by -.Fn lh__new . -These provide per-variable casts before calling the type-specific -callbacks written by the application author. -These macros, as well as those used for the doall callbacks, are -defined as; -.Bd -literal -offset 2n -#define DECLARE_LHASH_HASH_FN(name, o_type) \e - unsigned long name##_LHASH_HASH(const void *); -#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \e - unsigned long name##_LHASH_HASH(const void *arg) { \e - const o_type *a = arg; \e - return name##_hash(a); } -#define LHASH_HASH_FN(name) name##_LHASH_HASH - -#define DECLARE_LHASH_COMP_FN(name, o_type) \e - int name##_LHASH_COMP(const void *, const void *); -#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \e - int name##_LHASH_COMP(const void *arg1, const void *arg2) { \e - const o_type *a = arg1; \e - const o_type *b = arg2; \e - return name##_cmp(a,b); } -#define LHASH_COMP_FN(name) name##_LHASH_COMP - -#define DECLARE_LHASH_DOALL_FN(name, o_type) \e - void name##_LHASH_DOALL(void *); -#define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \e - void name##_LHASH_DOALL(void *arg) { \e - o_type *a = arg; \e - name##_doall(a); } -#define LHASH_DOALL_FN(name) name##_LHASH_DOALL - -#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \e - void name##_LHASH_DOALL_ARG(void *, void *); -#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \e - void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \e - o_type *a = arg1; \e - a_type *b = arg2; \e - name##_doall_arg(a, b); } -#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG -.Ed -.Pp -An example of a hash table storing (pointers to) structures of type -\&'STUFF' could be defined as follows; -.Bd -literal -offset 2n -/* Calculate the hash value of 'tohash' (implemented elsewhere) */ -unsigned long STUFF_hash(const STUFF *tohash); -/* Order 'arg1' and 'arg2' (implemented elsewhere) */ -int stuff_cmp(const STUFF *arg1, const STUFF *arg2); -/* Create type-safe wrapper functions for use in the LHASH internals */ -static IMPLEMENT_LHASH_HASH_FN(stuff, STUFF); -static IMPLEMENT_LHASH_COMP_FN(stuff, STUFF); -/* ... */ -int main(int argc, char *argv[]) { - /* Create the new hash table using the hash/compare wrappers */ - LHASH_OF(STUFF) *hashtable = - lh_STUFF_new(LHASH_HASH_FN(STUFF_hash), - LHASH_COMP_FN(STUFF_cmp)); - /* ... */ -} -.Ed -.Pp -.Fn lh__free -frees the -.Vt LHASH_OF() -structure -.Fa table . -Allocated hash table entries will not be freed; consider using -.Fn lh__doall -to deallocate any remaining entries in the hash table (see below). -.Pp -.Fn lh__insert -inserts the structure pointed to by -.Fa data -into -.Fa table . -If there already is an entry with the same key, the old value is -replaced. -Note that -.Fn lh__insert -stores pointers, the data are not copied. -.Pp -.Fn lh__delete -deletes an entry from -.Fa table . -.Pp -.Fn lh__retrieve -looks up an entry in -.Fa table . -Normally, -.Fa data -is a structure with the key field(s) set; the function will return a -pointer to a fully populated structure. -.Pp -.Fn lh__doall -will, for every entry in the hash table, call -.Fa func -with the data item as its parameter. -For -.Fn lh__doall -and -.Fn lh__doall_arg , -function pointer casting should be avoided in the callbacks (see -.Sx NOTES ) -\(em instead use the declare/implement macros to create type-checked -wrappers that cast variables prior to calling your type-specific -callbacks. -An example of this is illustrated here where the callback is used to -cleanup resources for items in the hash table prior to the hashtable -itself being deallocated: -.Bd -literal -offset 2n -/* Clean up resources belonging to 'a' (this is implemented elsewhere) */ -void STUFF_cleanup_doall(STUFF *a); -/* Implement a prototype-compatible wrapper for "STUFF_cleanup" */ -IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF) - /* ... then later in the code ... */ -/* So to run "STUFF_cleanup" against all items in a hash table ... */ -lh_STUFF_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup)); -/* Then the hash table itself can be deallocated */ -lh_STUFF_free(hashtable); -.Ed -.Pp -When doing this, be careful if you delete entries from the hash table in -your callbacks: the table may decrease in size, moving the item that you -are currently on down lower in the hash table \(em this could cause some -entries to be skipped during the iteration. -The second best solution to this problem is to set hash->down_load=0 -before you start (which will stop the hash table ever decreasing in -size). -The best solution is probably to avoid deleting items from the hash -table inside a doall callback! -.Pp -.Fn lh__doall_arg -is the same as -.Fn lh__doall -except that -.Fa func -will be called with -.Fa arg -as the second argument and -.Fa func -should be of type -.Vt LHASH_DOALL_ARG_FN_TYPE -(a callback prototype that is passed both the table entry and an extra -argument). -As with -.Fn lh__doall , -you can instead choose to declare your callback with a prototype -matching the types you are dealing with and use the declare/implement -macros to create compatible wrappers that cast variables before calling -your type-specific callbacks. -An example of this is demonstrated here (printing all hash table entries -to a BIO that is provided by the caller): -.Bd -literal -offset 2n -/* Print item 'a' to 'output_bio' (this is implemented elsewhere) */ -void STUFF_print_doall_arg(const STUFF *a, BIO *output_bio); -/* Implement a prototype-compatible wrapper for "STUFF_print" */ -static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF, const STUFF, BIO) - /* ... then later in the code ... */ -/* Print out the entire hashtable to a particular BIO */ -lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO, - logging_bio); -.Ed -.Pp -.Fn lh__error -can be used to determine if an error occurred in the last operation. -.Fn lh__error -is a macro. -.Sh RETURN VALUES -.Fn lh__new -returns -.Dv NULL -on error, otherwise a pointer to the new -.Vt LHASH -structure. -.Pp -When a hash table entry is replaced, -.Fn lh__insert -returns the value being replaced. -.Dv NULL -is returned on normal operation and on error. -.Pp -.Fn lh__delete -returns the entry being deleted. -.Dv NULL -is returned if there is no such value in the hash table. -.Pp -.Fn lh__retrieve -returns the hash table entry if it has been found, or -.Dv NULL -otherwise. -.Pp -.Fn lh__error -returns 1 if an error occurred in the last operation, or 0 otherwise. -.Sh NOTES -The various LHASH macros and callback types exist to make it possible to -write type-checked code without resorting to function-prototype casting -\(em an evil that makes application code much harder to audit/verify and -also opens the window of opportunity for stack corruption and other -hard-to-find bugs. -It also, apparently, violates ANSI-C. -.Pp -The LHASH code regards table entries as constant data. -As such, it internally represents -.Fn lh__insert Ap ed -items with a -.Vt const void * -pointer type. -This is why callbacks such as those used by -.Fn lh__doall -and -.Fn lh__doall_arg -declare their prototypes with "const", even for the parameters that pass -back the table items' data pointers \(em for consistency, user-provided -data is "const" at all times as far as the LHASH code is concerned. -However, as callers are themselves providing these pointers, they can -choose whether they too should be treating all such parameters as -constant. -.Pp -As an example, a hash table may be maintained by code that, for -reasons of encapsulation, has only "const" access to the data being -indexed in the hash table (i.e. it is returned as "const" from -elsewhere in their code) \(em in this case the LHASH prototypes are -appropriate as-is. -Conversely, if the caller is responsible for the life-time of the data -in question, then they may well wish to make modifications to table item -passed back in the -.Fn lh__doall -or -.Fn lh__doall_arg -callbacks (see the "STUFF_cleanup" example above). -If so, the caller can either cast the "const" away (if they're providing -the raw callbacks themselves) or use the macros to declare/implement the -wrapper functions without "const" types. -.Pp -Callers that only have "const" access to data they are indexing in a -table, yet declare callbacks without constant types (or cast the "const" -away themselves), are therefore creating their own risks/bugs without -being encouraged to do so by the API. -On a related note, those auditing code should pay special attention -to any instances of DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros -that provide types without any "const" qualifiers. -.Sh INTERNALS -The following description is based on the SSLeay documentation: -.Pp -The lhash library implements a hash table described in the -.Em Communications of the ACM -in 1991. -What makes this hash table different is that as the table fills, -the hash table is increased (or decreased) in size via -.Xr reallocarray 3 . -When a 'resize' is done, instead of all hashes being redistributed over -twice as many 'buckets', one bucket is split. -So when an 'expand' is done, there is only a minimal cost to -redistribute some values. -Subsequent inserts will cause more single 'bucket' redistributions but -there will never be a sudden large cost due to redistributing all the -\&'buckets'. -.Pp -The state for a particular hash table is kept in the -.Vt LHASH -structure. -The decision to increase or decrease the hash table size is made -depending on the 'load' of the hash table. -The load is the number of items in the hash table divided by the size of -the hash table. -The default values are as follows. -If (hash->up_load < load) => expand. -if (hash->down_load > load) => contract. -The -.Fa up_load -has a default value of 1 and -.Fa down_load -has a default value of 2. -These numbers can be modified by the application by just playing -with the -.Fa up_load -and -.Fa down_load -variables. -The 'load' is kept in a form which is multiplied by 256. -So hash->up_load=8*256 will cause a load of 8 to be set. -.Pp -If you are interested in performance the field to watch is -.Fa num_comp_calls . -The hash library keeps track of the 'hash' value for each item so when a -lookup is done, the 'hashes' are compared, if there is a match, then a -full compare is done, and hash->num_comp_calls is incremented. -If num_comp_calls is not equal to num_delete plus num_retrieve it means -that your hash function is generating hashes that are the same for -different values. -It is probably worth changing your hash function if this is the case -because even if your hash table has 10 items in a 'bucket', it can be -searched with 10 -.Vt unsigned long -compares and 10 linked list traverses. -This will be much less expensive that 10 calls to your compare function. -.Pp -.Fn lh_strhash -is a demo string hashing function: -.Pp -.Dl unsigned long lh_strhash(const char *c); -.Pp -Since the LHASH routines would normally be passed structures, this -routine would not normally be passed to -.Fn lh__new , -rather it would be used in the function passed to -.Fn lh__new . -.Sh SEE ALSO -.Xr crypto 3 , -.Xr lh_stats 3 -.Sh HISTORY -.Fn lh_new , -.Fn lh_free , -.Fn lh_insert , -.Fn lh_delete , -.Fn lh_retrieve , -and -.Fn lh_doall -appeared in SSLeay 0.4 or earlier. -.Fn lh_doall_arg -first appeared in SSLeay 0.5.1. -These functions have been available since -.Ox 2.4 . -.Pp -.Fn lh__error -was added in SSLeay 0.9.1b. -.Pp -In OpenSSL 0.9.7, all lhash functions that were passed function pointers -were changed for better type safety, and the function types -.Vt LHASH_COMP_FN_TYPE , -.Vt LHASH_HASH_FN_TYPE , -.Vt LHASH_DOALL_FN_TYPE , -and -.Vt LHASH_DOALL_ARG_FN_TYPE -became available. -.Pp -In OpenSSL 1.0.0, the lhash interface was revamped for even better type -checking. -.Sh BUGS -.Fn lh__insert -returns -.Dv NULL -both for success and error. diff --git a/src/lib/libcrypto/man/lh_stats.3 b/src/lib/libcrypto/man/lh_stats.3 deleted file mode 100644 index 5041721fe1..0000000000 --- a/src/lib/libcrypto/man/lh_stats.3 +++ /dev/null @@ -1,206 +0,0 @@ -.\" $OpenBSD: lh_stats.3,v 1.7 2020/03/29 17:05:02 schwarze Exp $ -.\" OpenSSL e2f92610 May 18 11:44:05 2016 -0400 -.\" -.\" -------------------------------------------------------------------------- -.\" Major patches to this file were contributed by -.\" Ulf Moeller . -.\" -------------------------------------------------------------------------- -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" -------------------------------------------------------------------------- -.\" Parts of this file are derived from SSLeay documentation, -.\" which is covered by the following Copyright and license: -.\" -------------------------------------------------------------------------- -.\" -.\" Copyright (C) 1995-1998 Tim Hudson (tjh@cryptsoft.com) -.\" All rights reserved. -.\" -.\" This package is an SSL implementation written -.\" by Eric Young (eay@cryptsoft.com). -.\" The implementation was written so as to conform with Netscapes SSL. -.\" -.\" This library is free for commercial and non-commercial use as long as -.\" the following conditions are aheared to. The following conditions -.\" apply to all code found in this distribution, be it the RC4, RSA, -.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation -.\" included with this distribution is covered by the same copyright terms -.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). -.\" -.\" Copyright remains Eric Young's, and as such any Copyright notices in -.\" the code are not to be removed. -.\" If this package is used in a product, Eric Young should be given -.\" attribution as the author of the parts of the library used. -.\" This can be in the form of a textual message at program startup or -.\" in documentation (online or textual) provided with the package. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" "This product includes cryptographic software written by -.\" Eric Young (eay@cryptsoft.com)" -.\" The word 'cryptographic' can be left out if the rouines from the -.\" library being used are not cryptographic related :-). -.\" 4. If you include any Windows specific code (or a derivative thereof) -.\" from the apps directory (application code) you must include an -.\" acknowledgement: "This product includes software written by -.\" Tim Hudson (tjh@cryptsoft.com)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" The licence and distribution terms for any publically available version or -.\" derivative of this code cannot be changed. i.e. this code cannot simply be -.\" copied and put under another distribution licence -.\" [including the GNU Public Licence.] -.\" -.Dd $Mdocdate: March 29 2020 $ -.Dt LH_STATS 3 -.Os -.Sh NAME -.Nm lh_stats , -.Nm lh_node_stats , -.Nm lh_node_usage_stats , -.Nm lh_stats_bio , -.Nm lh_node_stats_bio , -.Nm lh_node_usage_stats_bio -.Nd LHASH statistics -.Sh SYNOPSIS -.In openssl/lhash.h -.Ft void -.Fo lh_stats -.Fa "LHASH *table" -.Fa "FILE *out" -.Fc -.Ft void -.Fo lh_node_stats -.Fa "LHASH *table" -.Fa "FILE *out" -.Fc -.Ft void -.Fo lh_node_usage_stats -.Fa "LHASH *table" -.Fa "FILE *out" -.Fc -.Ft void -.Fo lh_stats_bio -.Fa "LHASH *table" -.Fa "BIO *out" -.Fc -.Ft void -.Fo lh_node_stats_bio -.Fa "LHASH *table" -.Fa "BIO *out" -.Fc -.Ft void -.Fo lh_node_usage_stats_bio -.Fa "LHASH *table" -.Fa "BIO *out" -.Fc -.Sh DESCRIPTION -The -.Vt LHASH -structure records statistics about most aspects of accessing the hash -table. -.Pp -.Fn lh_stats -prints out statistics on the size of the hash table, how many entries -are in it, and the number and result of calls to the routines in this -library. -.Pp -.Fn lh_node_stats -prints the number of entries for each 'bucket' in the hash table. -.Pp -.Fn lh_node_usage_stats -prints out a short summary of the state of the hash table. -It prints the 'load' and the 'actual load'. -The load is the average number of data items per 'bucket' in the hash -table. -The 'actual load' is the average number of items per 'bucket', but only -for buckets which contain entries. -So the 'actual load' is the average number of searches that will need to -find an item in the hash table, while the 'load' is the average number -that will be done to record a miss. -.Pp -.Fn lh_stats_bio , -.Fn lh_node_stats_bio , -and -.Fn lh_node_usage_stats_bio -are the same as the above, except that the output goes to a -.Vt BIO . -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr lh_new 3 -.Sh HISTORY -.Fn lh_stats , -.Fn lh_node_stats , -.Fn lh_node_usage_stats -appeared in SSLeay 0.4. -.Fn lh_stats_bio , -.Fn lh_node_stats_bio , -and -.Fn lh_node_usage_stats_bio -first appeared in SSLeay 0.6.0. -These functions have been available since -.Ox 2.4 . -.Sh AUTHORS -.An Eric Young diff --git a/src/lib/libcrypto/man/openssl.cnf.5 b/src/lib/libcrypto/man/openssl.cnf.5 deleted file mode 100644 index ae56869b8b..0000000000 --- a/src/lib/libcrypto/man/openssl.cnf.5 +++ /dev/null @@ -1,468 +0,0 @@ -.\" $OpenBSD: openssl.cnf.5,v 1.7 2020/02/17 12:52:42 inoguchi Exp $ -.\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100 -.\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 1999, 2000, 2004, 2013, 2015, 2016, 2017 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: February 17 2020 $ -.Dt OPENSSL.CNF 5 -.Os -.Sh NAME -.Nm openssl.cnf -.Nd OpenSSL configuration files -.Sh DESCRIPTION -The OpenSSL CONF library can be used to read configuration files; see -.Xr CONF_modules_load_file 3 . -It is used for the OpenSSL master configuration file -.Pa /etc/ssl/openssl.cnf -and in a few other places like -.Sy SPKAC -files and certificate extension files for the -.Xr openssl 1 -.Cm x509 -utility. -OpenSSL applications can also use the CONF library for their own -purposes. -.Pp -A configuration file is divided into a number of sections. -Each section starts with a line -.Bq Ar section_name -and ends when a new section is started or the end of the file is reached. -A section name can consist of alphanumeric characters and underscores. -.Pp -The first section of a configuration file is special and is referred to -as the -.Dq default section . -It is usually unnamed and extends from the start of file to the -first named section. -When a name is being looked up, it is first looked up in a named -section (if any) and then in the default section. -.Pp -The environment is mapped onto a section called -.Ic ENV . -.Pp -Comments can be included by preceding them with the -.Ql # -character. -.Pp -Each section in a configuration file consists of a number of name and -value pairs of the form -.Ar name Ns = Ns Ar value . -.Pp -The -.Ar name -string can contain any alphanumeric characters as well as a few -punctuation symbols such as -.Ql \&. -.Ql \&, -.Ql \&; -and -.Ql _ . -.Pp -The -.Ar value -string consists of the string following the -.Ql = -character until the end of the line with any leading and trailing -whitespace removed. -.Pp -The value string undergoes variable expansion. -This can be done by including substrings of the form -.Pf $ Ar name -or -.Pf $ Brq Ar name : -this will substitute the value of the named variable in the current -section. -It is also possible to substitute a value from another section using the -syntax -.Pf $ Ar section Ns :: Ns Ar name -or -.Pf $ Brq Ar section Ns :: Ns Ar name . -By using the form -.Pf $ Ic ENV Ns :: Ns Ar name , -environment variables can be substituted. -It is also possible to assign values to environment variables by using -the name -.Ic ENV Ns :: Ns Ar name . -This will work if the program looks up environment variables using -the CONF library instead of calling -.Xr getenv 3 -directly. -The value string must not exceed 64k in length after variable expansion or an -error will occur. -.Pp -It is possible to escape certain characters by using any kind of quote -or the -.Ql \e -character. -By making the last character of a line a -.Ql \e , -a -.Ar value -string can be spread across multiple lines. -In addition the sequences -.Ql \en , -.Ql \er , -.Ql \eb , -and -.Ql \et -are recognized. -.Sh OPENSSL LIBRARY CONFIGURATION -Applications can automatically configure certain aspects of OpenSSL -using the master OpenSSL configuration file, or optionally an -alternative configuration file. -The -.Xr openssl 1 -utility includes this functionality: any sub command uses the master -OpenSSL configuration file unless an option is used in the sub command -to use an alternative configuration file. -.Pp -To enable library configuration, the default section needs to contain -an appropriate line which points to the main configuration section. -The default name is -.Ic openssl_conf , -which is used by the -.Xr openssl 1 -utility. -Other applications may use an alternative name such as -.Sy myapplication_conf . -All library configuration lines appear in the default section -at the start of the configuration file. -.Pp -The configuration section should consist of a set of name value pairs -which contain specific module configuration information. -The -.Ar name -represents the name of the configuration module. -The meaning of the -.Ar value -is module specific: it may, for example, represent a further -configuration section containing configuration module specific -information. -For example: -.Bd -literal -offset indent -# The following line must be in the default section. -openssl_conf = openssl_init - -[openssl_init] -oid_section = new_oids -engines = engine_section - -[new_oids] -\&... new oids here ... - -[engine_section] -\&... engine stuff here ... -.Ed -.Pp -The features of each configuration module are described below. -.Ss ASN1 Object Configuration Module -This module has the name -.Ic oid_section . -The value of this variable points to a section containing name value -pairs of OIDs: the name is the OID short and long name, and the value is the -numerical form of the OID. -Although some of the -.Xr openssl 1 -utility subcommands already have their own ASN1 OBJECT section -functionality, not all do. -By using the ASN1 OBJECT configuration module, all the -.Xr openssl 1 -utility subcommands can see the new objects as well as any compliant -applications. -For example: -.Bd -literal -offset indent -[new_oids] -some_new_oid = 1.2.3.4 -some_other_oid = 1.2.3.5 -.Ed -.Pp -It is also possible to set the value to the long name followed by a -comma and the numerical OID form. -For example: -.Pp -.Dl shortName = some object long name, 1.2.3.4 -.Ss Engine Configuration Module -This ENGINE configuration module has the name -.Ic engines . -The value of this variable points to a section containing further ENGINE -configuration information. -.Pp -The section pointed to by -.Ic engines -is a table of engine names (though see -.Ic engine_id -below) and further sections containing configuration information -specific to each ENGINE. -.Pp -Each ENGINE specific section is used to set default algorithms, load -dynamic ENGINEs, perform initialization and send ctrls. -The actual operation performed depends on the command -name which is the name of the name value pair. -The currently supported commands are listed below. -.Pp -For example: -.Bd -literal -offset indent -[engine_section] -# Configure ENGINE named "foo" -foo = foo_section -# Configure ENGINE named "bar" -bar = bar_section - -[foo_section] -\&... foo ENGINE specific commands ... - -[bar_section] -\&... "bar" ENGINE specific commands ... -.Ed -.Pp -The command -.Ic engine_id -is used to give the ENGINE name. -If used this command must be first. -For example: -.Bd -literal -offset indent -[engine_section] -# This would normally handle an ENGINE named "foo" -foo = foo_section - -[foo_section] -# Override default name and use "myfoo" instead. -engine_id = myfoo -.Ed -.Pp -The command -.Ic dynamic_path -loads and adds an ENGINE from the given path. -It is equivalent to sending the ctrls -.Sy SO_PATH -with the path argument followed by -.Sy LIST_ADD -with value 2 and -.Sy LOAD -to the dynamic ENGINE. -If this is not the required behaviour then alternative ctrls can be sent -directly to the dynamic ENGINE using ctrl commands. -.Pp -The command -.Ic init -determines whether to initialize the ENGINE. -If the value is 0, the ENGINE will not be initialized. -If it is 1, an attempt is made to initialized the ENGINE immediately. -If the -.Ic init -command is not present, then an attempt will be made to initialize -the ENGINE after all commands in its section have been processed. -.Pp -The command -.Ic default_algorithms -sets the default algorithms an ENGINE will supply using the functions -.Xr ENGINE_set_default_string 3 . -.Pp -If the name matches none of the above command names it is assumed -to be a ctrl command which is sent to the ENGINE. -The value of the command is the argument to the ctrl command. -If the value is the string -.Cm EMPTY , -then no value is sent to the command. -.Pp -For example: -.Bd -literal -offset indent -[engine_section] -# Configure ENGINE named "foo" -foo = foo_section - -[foo_section] -# Load engine from DSO -dynamic_path = /some/path/fooengine.so -# A foo specific ctrl. -some_ctrl = some_value -# Another ctrl that doesn't take a value. -other_ctrl = EMPTY -# Supply all default algorithms -default_algorithms = ALL -.Ed -.Sh FILES -.Bl -tag -width /etc/ssl/openssl.cnf -compact -.It Pa /etc/ssl/openssl.cnf -standard configuration file -.El -.Sh EXAMPLES -Here is a sample configuration file using some of the features -mentioned above: -.Bd -literal -offset indent -# This is the default section. -HOME=/temp -RANDFILE= ${ENV::HOME}/.rnd -configdir=$ENV::HOME/config - -[ section_one ] -# We are now in section one. - -# Quotes permit leading and trailing whitespace -any = " any variable name " - -other = A string that can \e -cover several lines \e -by including \e\e characters - -message = Hello World\en - -[ section_two ] -greeting = $section_one::message -.Ed -.Pp -This next example shows how to expand environment variables safely. -.Pp -Suppose you want a variable called -.Sy tmpfile -to refer to a temporary filename. -The directory it is placed in can determined by the -.Ev TEMP -or -.Ev TMP -environment variables but they may not be set to any value at all. -If you just include the environment variable names and the variable -doesn't exist then this will cause an error when an attempt is made to -load the configuration file. -By making use of the default section both values can be looked up with -.Ev TEMP -taking priority and -.Pa /tmp -used if neither is defined: -.Bd -literal -offset indent -TMP=/tmp -# The above value is used if TMP isn't in the environment -TEMP=$ENV::TMP -# The above value is used if TEMP isn't in the environment -tmpfile=${ENV::TEMP}/tmp.filename -.Ed -.Pp -More complex OpenSSL library configuration. -Add OID: -.Bd -literal -offset indent -# Default appname: should match "appname" parameter (if any) -# supplied to CONF_modules_load_file et al. -openssl_conf = openssl_conf_section - -[openssl_conf_section] -# Configuration module list -alg_section = evp_sect -oid_section = new_oids - -[new_oids] -# New OID, just short name -newoid1 = 1.2.3.4.1 -# New OID shortname and long name -newoid2 = New OID 2 long name, 1.2.3.4.2 -.Ed -.Pp -The above examples can be used with any application supporting library -configuration if "openssl_conf" is modified to match the appropriate -"appname". -.Pp -For example if the second sample file above is saved to "example.cnf" -then the command line: -.Pp -.Dl OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1 -.Pp -will output: -.Dl 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 -.Pp -showing that the OID "newoid1" has been added as "1.2.3.4.1". -.Sh SEE ALSO -.Xr openssl 1 , -.Xr CONF_modules_load_file 3 , -.Xr OPENSSL_config 3 , -.Xr x509v3.cnf 5 -.Sh CAVEATS -If a configuration file attempts to expand a variable that doesn't -exist, then an error is flagged and the file will not load. -This can also happen if an attempt is made to expand an environment -variable that doesn't exist. -For example, in a previous version of OpenSSL the default OpenSSL -master configuration file used the value of -.Ev HOME -which may not be defined on non Unix systems and would cause an error. -.Pp -This can be worked around by including a default section to provide -a default value: then if the environment lookup fails, the default -value will be used instead. -For this to work properly, the default value must be defined earlier -in the configuration file than the expansion. -See the -.Sx EXAMPLES -section for an example of how to do this. -.Pp -If the same variable is defined more than once in the same section, -then all but the last value will be silently ignored. -In certain circumstances such as with DNs, the same field may occur -multiple times. -This is usually worked around by ignoring any characters before an -initial -.Ql \&. , -for example: -.Bd -literal -offset indent -1.OU="My first OU" -2.OU="My Second OU" -.Ed -.Sh BUGS -Currently there is no way to include characters using the octal -.Pf \e Ar nnn -form. -Strings are all NUL terminated, so NUL bytes cannot form part of -the value. -.Pp -The escaping isn't quite right: if you want to use sequences like -.Ql \en , -you can't use any quote escaping on the same line. -.Pp -Files are loaded in a single pass. -This means that a variable expansion will only work if the variables -referenced are defined earlier in the file. diff --git a/src/lib/libcrypto/man/x509_verify.3 b/src/lib/libcrypto/man/x509_verify.3 deleted file mode 100644 index b9fe13a54f..0000000000 --- a/src/lib/libcrypto/man/x509_verify.3 +++ /dev/null @@ -1,221 +0,0 @@ -.\" $OpenBSD: x509_verify.3,v 1.2 2020/09/14 14:21:46 schwarze Exp $ -.\" -.\" Copyright (c) 2020 Bob Beck -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: September 14 2020 $ -.Dt X509_VERIFY 3 -.Os -.Sh NAME -.Nm x509_verify , -.Nm x509_verify_ctx_new , -.Nm x509_verify_ctx_free , -.Nm x509_verify_ctx_set_max_depth , -.Nm x509_verify_ctx_set_max_signatures , -.Nm x509_verify_ctx_set_max_chains , -.Nm x509_verify_ctx_set_purpose , -.Nm x509_verify_ctx_set_intermediates , -.Nm x509_verify_ctx_error_string , -.Nm x509_verify_ctx_error_depth , -.Nm x509_verify_ctx_chain -.Nd discover and verify X.509 certificate chains -.Sh SYNOPSIS -.In openssl/x509_verify.h -.Ft size_t -.Fo x509_verify -.Fa "X509_VERIFY_CTX *ctx" -.Fa "X509 *leaf" -.Fa "char *name" -.Fc -.Ft X509_VERIFY_CTX * -.Fo x509_verify_ctx_new -.Fa "STACK_OF(X509) *roots" -.Fc -.Ft void -.Fo x509_verify_ctx_free -.Fa "X509_VERIFY_CTX *ctx" -.Fc -.Ft int -.Fo x509_verify_ctx_set_max_depth -.Fa "X509_VERIFY_CTX *ctx" -.Fa "size_t max" -.Fc -.Ft int -.Fo x509_verify_ctx_set_max_signatures -.Fa "X509_VERIFY_CTX *ctx" -.Fa "size_t max" -.Fc -.Ft int -.Fo x509_verify_ctx_set_max_chains -.Fa "X509_VERIFY_CTX *ctx" -.Fa "size_t max" -.Fc -.Ft int -.Fo x509_verify_ctx_set_purpose -.Fa "X509_VERIFY_CTX *ctx" -.Fa "int purpose_id" -.Fc -.Ft int -.Fo x509_verify_ctx_set_intermediates -.Fa "X509_VERIFY_CTX *ctx" -.Fa "STACK_OF(X509) *intermediates" -.Fc -.Ft const char * -.Fo x509_verify_ctx_error_string -.Fa "X509_VERIFY_CTX *ctx" -.Fc -.Ft size_t -.Fo x509_verify_ctx_error_depth -.Fa "X509_VERIFY_CTX *ctx" -.Fc -.Ft STACK_OF(X509) * -.Fo x509_verify_ctx_chain -.Fa "X509_VERIFY_CTX *ctx" -.Fa "size_t index" -.Fc -.Sh DESCRIPTION -The -.Fn x509_verify -function attempts to discover and validate all certificate chains -for the -.Fa name -from the -.Fa leaf -certificate based on the parameters in -.Fa ctx . -Multiple chains may be built and validated. -Revocation checking is not done by this function, and should be -performed by the caller on any returned chains if so desired. -.Pp -.Fn x509_verify_ctx_new -allocates a new context using the trusted -.Fa roots . -In case of success, it increments the reference count of -.Fa roots . -.Pp -.Fn x509_verify_ctx_free -frees -.Fa ctx -and decrements the reference count of the -.Fa roots -and -.Fa intermediates -associated with it. -If -.Fa ctx -is -.Dv NULL , -no action occurs. -.Pp -.Fn x509_verify_ctx_set_max_depth -sets the maximum depth of certificate chains that will be constructed to -.Fa max , -which can be in the range from 1 to the default of 32. -.Pp -.Fn x509_verify_ctx_set_max_signatures -sets the maximum number of public key signature operations that will be -used when verifying certificate chains to -.Fa max , -which can be in the range from 1 to 100000. -The default is 256. -.Pp -.Fn x509_verify_ctx_set_max_chains -sets the maximum number of chains which may be returned to -.Fa max , -which can be in the range from 1 to the default of 8. -.Pp -.Fn x509_verify_ctx_set_purpose -sets the certificate purpose for validation to -.Fa purpose_id . -The -.Dv X509_PURPOSE_* -constants listed in -.Xr X509_check_purpose 3 -can be used. -.Pp -.Fn x509_verify_ctx_set_intermediates -provides some intermediate certificates, typically received from -the peer, to be used for building chains. -In case of success, this function increases the reference count of -.Fa intermediates . -.Pp -.Fn x509_verify_ctx_error_string -extracts a description of the last error encountered by a previous -call to -.Fn x509_verify -from -.Fa ctx . -.Pp -.Fn x509_verify_ctx_error_depth -extracts the depth of the last error encountered by a previous -call to -.Fn x509_verify -from -.Fa ctx . -.Pp -.Fn x509_verify_ctx_chain -extracts the validated chain with the given -.Fa index -from -.Fa ctx -after a previous call to -.Fn x509_verify . -The -.Fa index -starts at 0, and it is an error to pass a number -greater than or equal to the return value of -.Fn x509_verify . -The returned chain is neither copied, -nor is its reference count increased. -.Sh RETURN VALUES -.Fn x509_verify -returns the number of chains successfully built and validated -or 0 on failure. -.Pp -.Fn x509_verify_ctx_new -returns a newly allocated context or -.Dv NULL -on failure. -.Pp -.Fn x509_verify_ctx_set_max_depth , -.Fn x509_verify_ctx_set_max_signatures , -.Fn x509_verify_ctx_set_max_chains , -.Fn x509_verify_ctx_set_purpose , -and -.Fn x509_verify_ctx_set_intermediates -return 1 on success or 0 on failure. -.Pp -.Fn x509_verify_ctx_error_string -returns a pointer to a human readable error string. -If no error occurred, -.Qq ok -is returned. -.Pp -.Fn x509_verify_ctx_chain -returns an internal pointer to a validated chain or -.Dv NULL -if -.Fa index -is greater than or equal to the number of chains -that were successfully built and validated. -The returned pointer becomes invalid when -.Fa ctx -is destroyed. -.Sh SEE ALSO -.Xr X509_verify_cert 3 -.Sh HISTORY -These functions first appeared in -.Ox 6.8 . -.Sh AUTHORS -.An Bob Beck Aq Mt beck@openbsd.org diff --git a/src/lib/libcrypto/man/x509v3.cnf.5 b/src/lib/libcrypto/man/x509v3.cnf.5 deleted file mode 100644 index 392c44d456..0000000000 --- a/src/lib/libcrypto/man/x509v3.cnf.5 +++ /dev/null @@ -1,738 +0,0 @@ -.\" $OpenBSD: x509v3.cnf.5,v 1.7 2020/06/11 18:03:19 jmc Exp $ -.\" full merge up to: -.\" OpenSSL man5/x509v3_config a41815f0 Mar 17 18:43:53 2017 -0700 -.\" selective merge up to: OpenSSL 36cf10cf Oct 4 02:11:08 2017 -0400 -.\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2004, 2006, 2013, 2014, 2015, 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: June 11 2020 $ -.Dt X509V3.CNF 5 -.Os -.Sh NAME -.Nm x509v3.cnf -.Nd X.509 V3 certificate extension configuration format -.Sh DESCRIPTION -Several of the OpenSSL utilities can add extensions to a certificate or -certificate request based on the contents of a configuration file. -The file format is based on the -.Xr openssl.cnf 5 -format. -.Pp -Typically the application will contain an option to point to an -extension section. -Each line of the extension section takes the form: -.Pp -.D1 Ar extension_name Ns = Ns Oo Cm critical , Oc Ar extension_options -.Pp -If -.Cm critical -is present, then the extension will be critical. -.Pp -The format of -.Ar extension_options -depends on the value of -.Ar extension_name . -.Pp -There are four main types of extension: string extensions, multi-valued -extensions, raw extensions, and arbitrary extensions. -.Pp -String extensions simply have a string which contains either the value -itself or how it is obtained. -For example: -.Pp -.Dl nsComment="This is a Comment" -.Pp -Multi-valued extensions have a short form and a long form. -The short form is a list of names and values: -.Pp -.Dl basicConstraints=critical,CA:true,pathlen:1 -.Pp -The long form allows the values to be placed in a separate section: -.Bd -literal -offset indent -basicConstraints=critical,@bs_section - -[bs_section] -CA=true -pathlen=1 -.Ed -.Pp -Both forms are equivalent. -.Pp -The syntax of raw extensions is governed by the extension code: -it can for example contain data in multiple sections. -The correct syntax to use is defined by the extension code itself: -check out the certificate policies extension for an example. -.Pp -If an extension type is unsupported, then the arbitrary extension -syntax must be used; see the -.Sx ARBITRARY EXTENSIONS -section for more details. -.Sh STANDARD EXTENSIONS -The following sections describe each supported extension in detail. -.Ss Basic constraints -This is a multi-valued extension which indicates whether a certificate -is a CA certificate. -The first (mandatory) name is -.Ic CA -followed by -.Cm TRUE -or -.Cm FALSE . -If -.Ic CA -is -.Cm TRUE , -then an optional -.Ic pathlen -name followed by a non-negative value can be included. -For example: -.Bd -literal -offset indent -basicConstraints=CA:TRUE -basicConstraints=CA:FALSE -basicConstraints=critical,CA:TRUE, pathlen:0 -.Ed -.Pp -A CA certificate must include the -.Ic basicConstraints -value with the -.Ic CA -field set to -.Cm TRUE . -An end user certificate must either set -.Ic CA -to -.Cm FALSE -or exclude the extension entirely. -Some software may require the inclusion of -.Ic basicConstraints -with -.Ic CA -set to -.Cm FALSE -for end entity certificates. -.Pp -The -.Ic pathlen -parameter indicates the maximum number of CAs that can appear below -this one in a chain. -So if you have a CA with a -.Ic pathlen -of zero it can only be used to sign end user certificates and not -further CAs. -.Ss Key usage -Key usage is a multi-valued extension consisting of a list of names of -the permitted key usages. -.Pp -The supported names are: -.Ic digitalSignature , -.Ic nonRepudiation , -.Ic keyEncipherment , -.Ic dataEncipherment , -.Ic keyAgreement , -.Ic keyCertSign , -.Ic cRLSign , -.Ic encipherOnly , -and -.Ic decipherOnly . -Examples: -.Bd -literal -offset indent -keyUsage=digitalSignature, nonRepudiation -keyUsage=critical, keyCertSign -.Ed -.Ss Extended key usage -This extension consists of a list of purposes for -which the certificate public key can be used. -.Pp -These can either be object short names or the dotted numerical form of OIDs. -While any OID can be used, only certain values make sense. -In particular the following PKIX, NS and MS values are meaningful: -.Bl -column emailProtection -.It Em value Ta Em meaning -.It Ic serverAuth Ta TLS server authentication -.It Ic clientAuth Ta TLS client authentication -.It Ic codeSigning Ta code signing -.It Ic emailProtection Ta E-mail protection (S/MIME) -.It Ic timeStamping Ta trusted timestamping -.It Ic OCSPSigning Ta OCSP signing -.It Ic ipsecIKE Ta IPsec internet key exchange -.It Ic msCodeInd Ta Microsoft individual code signing (authenticode) -.It Ic msCodeCom Ta Microsoft commercial code signing (authenticode) -.It Ic msCTLSign Ta Microsoft trust list signing -.It Ic msEFS Ta Microsoft encrypted file system -.El -.Pp -Examples: -.Bd -literal -offset indent -extendedKeyUsage=critical,codeSigning,1.2.3.4 -extendedKeyUsage=serverAuth,clientAuth -.Ed -.Ss Subject key identifier -This is really a string extension and can take two possible values. -Either the word -.Cm hash -which will automatically follow the guidelines in RFC 3280 -or a hex string giving the extension value to include. -The use of the hex string is strongly discouraged. -Example: -.Pp -.Dl subjectKeyIdentifier=hash -.Ss Authority key identifier -The authority key identifier extension permits two options, -.Cm keyid -and -.Cm issuer : -both can take the optional value -.Cm always . -.Pp -If the -.Cm keyid -option is present, an attempt is made to copy the subject -key identifier from the parent certificate. -If the value -.Cm always -is present, then an error is returned if the option fails. -.Pp -The -.Cm issuer -option copies the issuer and serial number from the issuer certificate. -This will only be done if the -.Cm keyid -option fails or is not included unless the -.Cm always -flag will always include the value. -Example: -.Pp -.Dl authorityKeyIdentifier=keyid,issuer -.Ss Subject alternative name -The subject alternative name extension allows various literal values to -be included in the configuration file. -These include -.Ic email -(an email address), -.Ic URI -(a uniform resource indicator), -.Ic DNS -(a DNS domain name), -.Ic RID -(a registered ID: OBJECT IDENTIFIER), -.Ic IP -(an IP address), -.Ic dirName -(a distinguished name), and -.Ic otherName . -.Pp -The -.Ic email -option can include a special -.Cm copy -value. -This will automatically include any email addresses contained in the -certificate subject name in the extension. -.Pp -The IP address used in the -.Ic IP -options can be in either IPv4 or IPv6 format. -.Pp -The value of -.Ic dirName -should point to a section containing the distinguished name to use as a -set of name value pairs. -Multi values AVAs can be formed by prefacing the name with a -.Ql + -character. -.Pp -.Ic otherName -can include arbitrary data associated with an OID: the value should -be the OID followed by a semicolon and the content in standard -.Xr ASN1_generate_nconf 3 -format. -Examples: -.Bd -literal -offset 2n -subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ -subjectAltName=IP:192.168.7.1 -subjectAltName=IP:13::17 -subjectAltName=email:my@other.address,RID:1.2.3.4 -subjectAltName=otherName:1.2.3.4;UTF8:some other identifier - -subjectAltName=dirName:dir_sect - -[dir_sect] -C=UK -O=My Organization -OU=My Unit -CN=My Name -.Ed -.Ss Issuer alternative name -The issuer alternative name option supports all the literal options of -subject alternative name. -It does not support the -.Ic email : Ns Cm copy -option because that would not make sense. -It does support an additional -.Ic issuer : Ns Cm copy -option that will copy all the subject alternative name values from -the issuer certificate (if possible). -Example: -.Pp -.Dl issuerAltName = issuer:copy -.Ss Authority info access -The authority information access extension gives details about how to -access certain information relating to the CA. -Its syntax is -.Ar accessOID ; location -where -.Ar location -has the same syntax as subject alternative name (except that -.Ic email : Ns Cm copy -is not supported). -.Ar accessOID -can be any valid OID but only certain values are meaningful, -for example -.Cm OCSP -and -.Cm caIssuers . -Example: -.Bd -literal -offset indent -authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ -authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html -.Ed -.Ss CRL distribution points -This is a multi-valued extension whose options can be either in -.Ar name : Ns Ar value -pair form using the same form as subject alternative name or a -single value representing a section name containing all the -distribution point fields. -.Pp -For a -.Ar name : Ns Ar value -pair a new DistributionPoint with the fullName field set to the -given value, both the cRLissuer and reasons fields are omitted in -this case. -.Pp -In the single option case, the section indicated contains values -for each field. -In this section: -.Pp -If the name is -.Ic fullname , -the value field should contain the full name of the distribution -point in the same format as subject alternative name. -.Pp -If the name is -.Ic relativename , -then the value field should contain a section name whose contents -represent a DN fragment to be placed in this field. -.Pp -The name -.Ic CRLIssuer , -if present, should contain a value for this field in subject -alternative name format. -.Pp -If the name is -.Ic reasons , -the value field should consist of a comma separated field containing -the reasons. -Valid reasons are: -.Cm keyCompromise , -.Cm CACompromise , -.Cm affiliationChanged , -.Cm superseded , -.Cm cessationOfOperation , -.Cm certificateHold , -.Cm privilegeWithdrawn , -and -.Cm AACompromise . -.Pp -Simple examples: -.Bd -literal -offset indent -crlDistributionPoints=URI:http://myhost.com/myca.crl -crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl -.Ed -.Pp -Full distribution point example: -.Bd -literal -offset indent -crlDistributionPoints=crldp1_section - -[crldp1_section] -fullname=URI:http://myhost.com/myca.crl -CRLissuer=dirName:issuer_sect -reasons=keyCompromise, CACompromise - -[issuer_sect] -C=UK -O=Organisation -CN=Some Name -.Ed -.Ss Issuing distribution point -This extension should only appear in CRLs. -It is a multi-valued extension whose syntax is similar to the "section" -pointed to by the CRL distribution points extension with a few -differences. -.Pp -The names -.Ic reasons -and -.Ic CRLissuer -are not recognized. -.Pp -The name -.Ic onlysomereasons -is accepted, which sets this field. -The value is in the same format as the CRL distribution point -.Ic reasons -field. -.Pp -The names -.Ic onlyuser , -.Ic onlyCA , -.Ic onlyAA , -and -.Ic indirectCRL -are also accepted. -The values should be a boolean values -.Cm ( TRUE -or -.Cm FALSE ) -to indicate the value of the corresponding field. -Example: -.Bd -literal -offset indent -issuingDistributionPoint=critical, @idp_section - -[idp_section] -fullname=URI:http://myhost.com/myca.crl -indirectCRL=TRUE -onlysomereasons=keyCompromise, CACompromise - -[issuer_sect] -C=UK -O=Organisation -CN=Some Name -.Ed -.Ss Certificate policies -This is a raw extension. -All the fields of this extension can be set by using the appropriate -syntax. -.Pp -If you follow the PKIX recommendations and just use one OID, then you -just include the value of that OID. -Multiple OIDs can be set separated by commas, for example: -.Pp -.Dl certificatePolicies= 1.2.4.5, 1.1.3.4 -.Pp -If you wish to include qualifiers, then the policy OID and qualifiers -need to be specified in a separate section: this is done by using the -.Pf @ Ar section -syntax instead of a literal OID value. -.Pp -The section referred to must include the policy OID using the name -.Ic policyIdentifier . -.Ic CPSuri -qualifiers can be included using the syntax: -.Pp -.D1 Ic CPS . Ns Ar nnn Ns = Ns Ar value -.Pp -.Ic userNotice -qualifiers can be set using the syntax: -.Pp -.D1 Ic userNotice . Ns Ar nnn Ns =@ Ns Ar notice -.Pp -The value of the -.Ic userNotice -qualifier is specified in the relevant section. -This section can include -.Ic explicitText , -.Ic organization , -and -.Ic noticeNumbers -options. -.Ic explicitText -and -.Ic organization -are text strings, -and -.Ic noticeNumbers -is a comma separated list of numbers. -The -.Ic organization -and -.Ic noticeNumbers -options (if included) must -.Em both -be present. -If you use the -.Ic userNotice -option with IE5 then you need the -.Ic ia5org -option at the top level to modify the encoding: otherwise it will -not be interpreted properly. -Example: -.Bd -literal -offset indent -certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect - -[polsect] -policyIdentifier = 1.3.5.8 -CPS.1="http://my.host.name/" -CPS.2="http://my.your.name/" -userNotice.1=@notice - -[notice] -explicitText="Explicit Text Here" -organization="Organisation Name" -noticeNumbers=1,2,3,4 -.Ed -.Pp -The -.Ic ia5org -option changes the type of the -.Ic organization -field. -In RFC 2459, it can only be of type -.Vt DisplayText . -In RFC 3280, -.Vt IA5String -is also permissible. -Some software (for example some versions of MSIE) may require -.Ic ia5org . -.Ss Policy constraints -This is a multi-valued extension which consists of the names -.Ic requireExplicitPolicy -or -.Ic inhibitPolicyMapping -and a non-negative integer value. -At least one component must be present. -Example: -.Pp -.Dl policyConstraints = requireExplicitPolicy:3 -.Ss Inhibit any policy -This is a string extension whose value must be a non-negative integer. -Example: -.Pp -.Dl inhibitAnyPolicy = 2 -.Ss Name constraints -The name constraints extension is a multi-valued extension. -The name should begin with the word -.Cm permitted -or -.Cm excluded , -followed by a semicolon. -The rest of the name and the value follows the syntax of subjectAltName -except -.Ic email : Ns Cm copy -is not supported and the -.Ic IP -form should consist of an IP addresses and subnet mask separated -by a slash. -Examples: -.Bd -literal -offset indent -nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 -nameConstraints=permitted;email:.somedomain.com -nameConstraints=excluded;email:.com -.Ed -.Ss OCSP no check -The OCSP no check extension is a string extension, -but its value is ignored. -Example: -.Pp -.Dl noCheck = ignored -.Ss TLS Feature (aka must staple) -This is a multi-valued extension consisting of a list of TLS extension -identifiers. -Each identifier may be a number in the range from 0 to 65535 or a -supported name. -When a TLS client sends a listed extension, the TLS server is expected -to include that extension in its reply. -.Pp -The supported names are: -.Cm status_request -and -.Cm status_request_v2 . -Example: -.Pp -.Dl tlsfeature = status_request -.Sh DEPRECATED EXTENSIONS -The following extensions are non-standard, Netscape specific and largely -obsolete. -Their use in new applications is discouraged. -.Ss Netscape string extensions -Netscape comment -.Ic ( nsComment ) -is a string extension containing a comment which will be displayed when -the certificate is viewed in some browsers. -Example: -.Pp -.Dl nsComment = "Some Random Comment" -.Pp -Other supported extensions in this category are: -.Ic nsBaseUrl , -.Ic nsRevocationUrl , -.Ic nsCaRevocationUrl , -.Ic nsRenewalUrl , -.Ic nsCaPolicyUrl , -and -.Ic nsSslServerName . -.Ss Netscape certificate type -This is a multi-valued extensions which consists of a list of flags to -be included. -It was used to indicate the purposes for which a certificate could be -used. -The -.Ic basicConstraints , -.Ic keyUsage , -and extended key usage extensions are now used instead. -.Pp -Acceptable values for -.Ic nsCertType -are: -.Cm client , -.Cm server , -.Cm email , -.Cm objsign , -.Cm reserved , -.Cm sslCA , -.Cm emailCA , -.Cm objCA . -.Sh ARBITRARY EXTENSIONS -If an extension is not supported by the OpenSSL code, then it must -be encoded using the arbitrary extension format. -It is also possible to use the arbitrary format for supported -extensions. -Extreme care should be taken to ensure that the data is formatted -correctly for the given extension type. -.Pp -There are two ways to encode arbitrary extensions. -.Pp -The first way is to use the word -.Cm ASN1 -followed by the extension content using the same syntax as -.Xr ASN1_generate_nconf 3 . -For example: -.Bd -literal -offset indent -1.2.3.4=critical,ASN1:UTF8String:Some random data -1.2.3.4=ASN1:SEQUENCE:seq_sect - -[seq_sect] -field1 = UTF8:field1 -field2 = UTF8:field2 -.Ed -.Pp -It is also possible to use the word -.Cm DER -to include the raw encoded data in any extension. -.Bd -literal -offset indent -1.2.3.4=critical,DER:01:02:03:04 -1.2.3.4=DER:01020304 -.Ed -.Pp -The value following -.Cm DER -is a hex dump of the DER encoding of the extension. -Any extension can be placed in this form to override the default behaviour. -For example: -.Pp -.Dl basicConstraints=critical,DER:00:01:02:03 -.Sh FILES -.Bl -tag -width /etc/ssl/x509v3.cnf -compact -.It Pa /etc/ssl/x509v3.cnf -standard configuration file -.El -.Sh SEE ALSO -.Xr openssl 1 , -.Xr ASN1_generate_nconf 3 , -.Xr OPENSSL_config 3 , -.Xr openssl.cnf 5 -.Sh HISTORY -X509v3 extension code was first added to OpenSSL 0.9.2. -.Sh CAVEATS -There is no guarantee that a specific implementation will process a -given extension. -It may therefore sometimes be possible to use certificates for purposes -prohibited by their extensions because a specific application does not -recognize or honour the values of the relevant extensions. -.Pp -The -.Cm DER -and -.Cm ASN1 -options should be used with caution. -It is possible to create totally invalid extensions if they are not used -carefully. -.Pp -If an extension is multi-value and a field value must contain a comma, -the long form must be used. -Otherwise the comma would be misinterpreted as a field separator. -For example, -.Pp -.Dl subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar -.Pp -will produce an error, but the following form is valid: -.Bd -literal -offset indent -subjectAltName=@subject_alt_section - -[subject_alt_section] -subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar -.Ed -.Pp -Due to the behaviour of the OpenSSL CONF library, the same field -name can only occur once in a section. -That means that -.Bd -literal -offset indent -subjectAltName=@alt_section - -[alt_section] -email=steve@here -email=steve@there -.Ed -.Pp -will only use the last value. -This can be worked around by using the form: -.Bd -literal -offset indent -[alt_section] -email.1=steve@here -email.2=steve@there -.Ed -- cgit v1.2.3-55-g6feb